[Bro-Dev] current_time() vs network_time()

Aashish Sharma asharma at lbl.gov
Wed Nov 18 10:58:54 PST 2015

So, I am trying to have bro send me report/alerts at specific timeslots. 

Given current_time is the wall-clock time, I am relying on current_time() function to get time and then, my code is : if (hh:mm:ss == desired time), run a report.  I noticed inconsistencies so here is more detailed debug log: 

I notice, jumps in the current_time:

Report time is 1447869593.121702, report hour is 9:59:53
Report time is 1447869595.234395, report hour is 9:59:55
Report time is 1447869596.45385, report hour is 9:59:56
Report time is 1447869597.636261, report hour is 9:59:57
Report time is 1447869598.597632, report hour is 9:59:58
Report time is 1447869599.628088, report hour is 9:59:59
Report time is 1447869601.926001, report hour is 10:0:1  <----- no 10:0:0 ? 
Report time is 1447869603.182218, report hour is 10:0:3  <--- jump 
Report time is 1447869604.166191, report hour is 10:0:4
Report time is 1447869605.647308, report hour is 10:0:5
Report time is 1447869606.499426, report hour is 10:0:6
Report time is 1447869607.383869, report hour is 10:0:7
Report time is 1447869617.52706, report hour is 10:0:17  <----- big jump 
Report time is 1447869618.188414, report hour is 10:0:18
Report time is 1447869619.04252, report hour is 10:0:19  <- stall ? 
Report time is 1447869619.733979, report hour is 10:0:19 <--- stall ? 
Report time is 1447869622.635545, report hour is 10:0:22
Report time is 1447869623.28335, report hour is 10:0:23

I believe network_time would be somewhat better probably and will try to see how that fares for my usecase. Any idea why I see such jumps on the wall-clock times ? I'd think this should be rather more reliable ?


More information about the bro-dev mailing list