[Bro-Dev] current_time() vs network_time()
Craig Leres
leres at ee.lbl.gov
Wed Nov 18 11:34:39 PST 2015
On 11/18/2015 10:58 AM, Aashish Sharma wrote:
> So, I am trying to have bro send me report/alerts at specific timeslots.
>
> Given current_time is the wall-clock time, I am relying on current_time() function to get time and then, my code is : if (hh:mm:ss == desired time), run a report.
My recommendation for how to implement this would be to calculate a unix
timestamp (seconds since 1970) that corresponds to the next time you
want send a report and then poll for when time() is >= this value. After
sending the report, calculate the next timestamp.
I'm not sure what you have available but to generate the unix timestamp
I would use localtime() or gmtime() (using gmtime() avoids daylight
saving time issues) to break out the fields, set the H, M and S to the
desired values and then use mktime() (or timegm()) to convert back to a
unix timestamp.
Craig
More information about the bro-dev
mailing list