Re: [Bro-Dev] current_time() vs network_time()

> I'm not sure what you have available but to generate the unix timestamp > I would use localtime() or gmtime() (using gmtime() avoids daylight Here is the function I am now using (sharing - might be useful to improve upon) Index: ../../all-check.bro

Re: [Bro-Dev] current_time() vs network_time()

For the script you sent me, the 1-second skips aren't that surprising. Bro's "schedule" sets a minimum time in the future for when the event will occur. The actual time will be a tad later, depending on how long it takes the event engine to process the buffer of packets that leads to the clock

Re: [Bro-Dev] current_time() vs network_time()

> On Nov 19, 2015, at 6:12 PM, Vern Paxson wrote: > > In any case, I agree that Craig's proposed fix is a good way to deal > with this. In addtion, I think this points up the utility of Bro > providing cron-style event scheduling in addition to relative-time > scheduling. I

[Bro-Dev] current_time() vs network_time()

So, I am trying to have bro send me report/alerts at specific timeslots. Given current_time is the wall-clock time, I am relying on current_time() function to get time and then, my code is : if (hh:mm:ss == desired time), run a report. I noticed inconsistencies so here is more detailed debug

Re: [Bro-Dev] current_time() vs network_time()

> My recommendation for how to implement this would be to calculate a unix > timestamp (seconds since 1970) that corresponds to the next time you > want send a report and then poll for when time() is >= this value. After > sending the report, calculate the next timestamp. ah! Much better way!

Re: [Bro-Dev] current_time() vs network_time()

On 11/18/2015 10:58 AM, Aashish Sharma wrote: > So, I am trying to have bro send me report/alerts at specific timeslots. > > Given current_time is the wall-clock time, I am relying on current_time() > function to get time and then, my code is : if (hh:mm:ss == desired time), > run a report.