[Bro-Dev] current_time() vs network_time()
So, I am trying to have bro send me report/alerts at specific timeslots. Given current_time is the wall-clock time, I am relying on current_time() function to get time and then, my code is : if (hh:mm:ss == desired time), run a report. I noticed inconsistencies so here is more detailed debug log: I notice, jumps in the current_time: Report time is 1447869593.121702, report hour is 9:59:53 Report time is 1447869595.234395, report hour is 9:59:55 Report time is 1447869596.45385, report hour is 9:59:56 Report time is 1447869597.636261, report hour is 9:59:57 Report time is 1447869598.597632, report hour is 9:59:58 Report time is 1447869599.628088, report hour is 9:59:59 Report time is 1447869601.926001, report hour is 10:0:1 <- no 10:0:0 ? Report time is 1447869603.182218, report hour is 10:0:3 <--- jump Report time is 1447869604.166191, report hour is 10:0:4 Report time is 1447869605.647308, report hour is 10:0:5 Report time is 1447869606.499426, report hour is 10:0:6 Report time is 1447869607.383869, report hour is 10:0:7 Report time is 1447869617.52706, report hour is 10:0:17 <- big jump Report time is 1447869618.188414, report hour is 10:0:18 Report time is 1447869619.04252, report hour is 10:0:19 <- stall ? Report time is 1447869619.733979, report hour is 10:0:19 <--- stall ? Report time is 1447869622.635545, report hour is 10:0:22 Report time is 1447869623.28335, report hour is 10:0:23 I believe network_time would be somewhat better probably and will try to see how that fares for my usecase. Any idea why I see such jumps on the wall-clock times ? I'd think this should be rather more reliable ? Thanks, Aashish ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] current_time() vs network_time()
> My recommendation for how to implement this would be to calculate a unix > timestamp (seconds since 1970) that corresponds to the next time you > want send a report and then poll for when time() is >= this value. After > sending the report, calculate the next timestamp. ah! Much better way! Thanks Craig! Aashish On Wed, Nov 18, 2015 at 11:34:39AM -0800, Craig Leres wrote: > On 11/18/2015 10:58 AM, Aashish Sharma wrote: > > So, I am trying to have bro send me report/alerts at specific timeslots. > > > > Given current_time is the wall-clock time, I am relying on current_time() > > function to get time and then, my code is : if (hh:mm:ss == desired time), > > run a report. > > My recommendation for how to implement this would be to calculate a unix > timestamp (seconds since 1970) that corresponds to the next time you > want send a report and then poll for when time() is >= this value. After > sending the report, calculate the next timestamp. > > I'm not sure what you have available but to generate the unix timestamp > I would use localtime() or gmtime() (using gmtime() avoids daylight > saving time issues) to break out the fields, set the H, M and S to the > desired values and then use mktime() (or timegm()) to convert back to a > unix timestamp. > > Craig ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] current_time() vs network_time()
On 11/18/2015 10:58 AM, Aashish Sharma wrote: > So, I am trying to have bro send me report/alerts at specific timeslots. > > Given current_time is the wall-clock time, I am relying on current_time() > function to get time and then, my code is : if (hh:mm:ss == desired time), > run a report. My recommendation for how to implement this would be to calculate a unix timestamp (seconds since 1970) that corresponds to the next time you want send a report and then poll for when time() is >= this value. After sending the report, calculate the next timestamp. I'm not sure what you have available but to generate the unix timestamp I would use localtime() or gmtime() (using gmtime() avoids daylight saving time issues) to break out the fields, set the H, M and S to the desired values and then use mktime() (or timegm()) to convert back to a unix timestamp. Craig ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [Auto] Merge Status
Open Merge Requests === IDComponentReporter Assignee Updated For Version PrioritySummary --- - -- - -- - BIT-1489 [1] BroControl Daniel Thayer Justin Azoff 2015-10-07 2.5 Normal topic/dnthayer/ticket1396 [2] Open GitHub Pull Requests = IssueComponentUser Updated Title --- --- -- #46 [3] bro albertzaharovits [4] 2015-11-03 HTTP Content-Disposition header updates filename field in HTTP::Info [5] #1 [6] broctl J-Gras [7]2015-10-24 Added support for Pcap options [8] #2 [9] btestfabaff [10] 2015-11-15 Update to match PEP3110 [11] [1] BIT-1489 https://bro-tracker.atlassian.net/browse/BIT-1489 [2] ticket1396 https://github.com/bro/brocontrol/tree/topic/dnthayer/ticket1396 [3] Pull Request #46 https://github.com/bro/bro/pull/46 [4] albertzaharovits https://github.com/albertzaharovits [5] Merge Pull Request #46 with git pull --no-ff --no-commit https://github.com/albertzaharovits/bro.git master [6] Pull Request #1 https://github.com/bro/broctl/pull/1 [7] J-Gras https://github.com/J-Gras [8] Merge Pull Request #1 with git pull --no-ff --no-commit https://github.com/J-Gras/broctl.git topic/jgras/pcap-config [9] Pull Request #2 https://github.com/bro/btest/pull/2 [10] fabaff https://github.com/fabaff [11] Merge Pull Request #2 with git pull --no-ff --no-commit https://github.com/fabaff/btest.git master ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
