[Bro] Fwd: current_time() vs network_time()

Aashish Sharma asharma at lbl.gov
Wed Nov 18 11:13:26 PST 2015


So, I am trying to have bro send me report/alerts at specific time-slots.

Given current_time is the wall-clock time, I am relying on
current_time() function to get time and then, my code is : if
(hh:mm:ss == desired time), run a report.  I noticed inconsistencies
so here is more detailed debug log:

I notice, jumps in the current_time:

Report time is 1447869593.121702, report hour is 9:59:53
Report time is 1447869595.234395, report hour is 9:59:55
Report time is 1447869596.45385, report hour is 9:59:56
Report time is 1447869597.636261, report hour is 9:59:57
Report time is 1447869598.597632, report hour is 9:59:58
Report time is 1447869599.628088, report hour is 9:59:59
Report time is 1447869601.926001, report hour is 10:0:1  <----- no 10:0:0 ?
Report time is 1447869603.182218, report hour is 10:0:3  <--- jump
Report time is 1447869604.166191, report hour is 10:0:4
Report time is 1447869605.647308, report hour is 10:0:5
Report time is 1447869606.499426, report hour is 10:0:6
Report time is 1447869607.383869, report hour is 10:0:7
Report time is 1447869617.52706, report hour is 10:0:17  <----- big jump
Report time is 1447869618.188414, report hour is 10:0:18
Report time is 1447869619.04252, report hour is 10:0:19  <- stall ?
Report time is 1447869619.733979, report hour is 10:0:19 <--- stall ?
Report time is 1447869622.635545, report hour is 10:0:22
Report time is 1447869623.28335, report hour is 10:0:23


I believe network_time would be somewhat better probably and will try
to see how that fares for my use case.

Any idea why I see such jumps on the wall-clock times ? I'd think this
should be rather more reliable ?

Thanks,
Aashish


More information about the Bro mailing list