[Oisf-devel] ssh json
Brian Rectanus
brectanu at gmail.com
Tue Mar 4 17:15:36 UTC 2014
On Tue, Mar 4, 2014 at 8:28 AM, Victor Julien <victor at inliniac.net> wrote:
> On 03/04/2014 03:06 PM, Victor Julien wrote:
> > On 03/02/2014 12:12 AM, Brian Rectanus wrote:
> >> Use an iso timestamp. At least something sortable with yyyy-mm-dd.
> >>
> >> 2011-12-22T22:25:52.921841Z
> >
> > Any suggestions on how to generate this string? Was looking at strftime,
> > but since it uses "struct tm" it seems to use a max precision of a
> second.
> >
> > I can of course easily generate the above string myself, however the ISO
> > 8601 format seems take into account timezones and all, and I don't want
> > to implement all that logic manually.
>
> If I ignore that timezone stuff for now, this is an example of what it
> would look like:
>
> {"time":"2014-02-07T17:15:28.972757Z",...
>
> Code:
>
> static void CreateTimeStringISO(struct timeval *tv, char *buffer, size_t
> buflen)
> {
> char local_buf[64];
> time_t time = tv->tv_sec;
> struct tm local_tm;
> struct tm *t = (struct tm*)SCLocalTime(time, &local_tm);
>
> strftime(local_buf, sizeof(local_buf), "%FT%T", t);
> snprintf(buffer, buflen, "%s.%06uZ", local_buf, (uint32_t)tv->tv_usec);
> }
>
> Thoughts?
>
>
Yes, you could ignore timezone and use Z (UTC time, e.g., short for -0000)
if you use gm time vs local time.
-B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20140304/70653d66/attachment.html>
More information about the Oisf-devel
mailing list