1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
<!-- ##### SECTION Title ##### -->
idmef-time
<!-- ##### SECTION Short_Description ##### -->
Time representation in IDMEF message
<!-- ##### SECTION Long_Description ##### -->
<para>
The #idmef_time_t type is used in order to represent a time value in
an IDMEF message. This object contain information such as the number
of seconds since the Epoch, the local GMT offset, the number of micro second (if applicable).
</para>
<para>
When creating an IDMEF message, you need to insert a timestamp in it.
IDMEF provide differents time field to be used for this:
<itemizedlist>
<listitem>AnalyzerTime<para>The AnalyzerTime class is used to indicate the current date and time
on the analyzer. Its values should be filled in as late as possible in the message transmission
process, ideally immediately before placing the message "on the wire."</para></listitem>
<listitem>CreateTime<para>The CreateTime class is used to indicate the date and time the alert
or heartbeat was created by the analyzer.</para></listitem>
<listitem>DetectTime<para>The DetectTime class is used to indicate the date and time the
event(s) producing an alert was detected by the analyzer. In the case of more than one event,
the time the first event was detected. (This may or may not be the same time as CreateTime;
analyzers are not required to send alerts immediately upon detection).</para></listitem>
</itemizedlist>
You don't need to take care of the AnalyzerTime field, since in Prelude, once an events
is handed to the library, and if the sending of the message fail, there will be a fallback
to backuping the event for later retransmission.
Thus the library has to take care of setting the AnalyzerTime for you (since the message might
not be emited immediatly in this specific case.
</para>
<para>
Several helper are available in order to create #idmef_time_t object. Most probably, the function
that you will need are the one bellow:
<itemizedlist>
<listitem>idmef_time_new_from_gettimeofday() and idmef_time_set_from_gettimeofday()</listitem>
<listitem>idmef_time_new_from_timeval() and idmef_time_set_from_timeval()</listitem>
<listitem>idmef_time_new_from_time() and idmef_time_set_from_time()</listitem>
<listitem>idmef_time_new_from_string() and idmef_time_set_from_string()</listitem>
</itemizedlist>
</para>
<!-- ##### SECTION See_Also ##### -->
<para>
</para>
<!-- ##### SECTION Stability_Level ##### -->
<!-- ##### STRUCT idmef_time ##### -->
<para>
</para>
<!-- ##### TYPEDEF idmef_time_t ##### -->
<para>
</para>
<!-- ##### FUNCTION idmef_time_ref ##### -->
<para>
</para>
@time:
@Returns:
<!-- ##### FUNCTION idmef_time_new ##### -->
<para>
</para>
@time:
@Returns:
<!-- ##### FUNCTION idmef_time_new_from_time ##### -->
<para>
</para>
@time:
@t:
@Returns:
<!-- ##### FUNCTION idmef_time_new_from_gettimeofday ##### -->
<para>
</para>
@time:
@Returns:
<!-- ##### FUNCTION idmef_time_new_from_string ##### -->
<para>
</para>
@time:
@buf:
@Returns:
<!-- ##### FUNCTION idmef_time_new_from_ntpstamp ##### -->
<para>
</para>
@time:
@buf:
@Returns:
<!-- ##### FUNCTION idmef_time_new_from_timeval ##### -->
<para>
</para>
@time:
@tv:
@Returns:
<!-- ##### FUNCTION idmef_time_set_from_time ##### -->
<para>
</para>
@time:
@t:
<!-- ##### FUNCTION idmef_time_set_from_gettimeofday ##### -->
<para>
</para>
@time:
@Returns:
<!-- ##### FUNCTION idmef_time_set_from_string ##### -->
<para>
</para>
@time:
@buf:
@Returns:
<!-- ##### FUNCTION idmef_time_set_from_ntpstamp ##### -->
<para>
</para>
@time:
@buf:
@Returns:
<!-- ##### FUNCTION idmef_time_set_from_timeval ##### -->
<para>
</para>
@time:
@tv:
@Returns:
<!-- ##### FUNCTION idmef_time_destroy_internal ##### -->
<para>
</para>
@time:
<!-- ##### FUNCTION idmef_time_destroy ##### -->
<para>
</para>
@time:
<!-- ##### FUNCTION idmef_time_clone ##### -->
<para>
</para>
@src:
@dst:
@Returns:
<!-- ##### FUNCTION idmef_time_copy ##### -->
<para>
</para>
@src:
@dst:
@Returns:
<!-- ##### FUNCTION idmef_time_set_sec ##### -->
<para>
</para>
@time:
@sec:
<!-- ##### FUNCTION idmef_time_set_usec ##### -->
<para>
</para>
@time:
@usec:
<!-- ##### FUNCTION idmef_time_set_gmt_offset ##### -->
<para>
</para>
@time:
@gmtoff:
<!-- ##### FUNCTION idmef_time_get_sec ##### -->
<para>
</para>
@time:
@Returns:
<!-- ##### FUNCTION idmef_time_get_usec ##### -->
<para>
</para>
@time:
@Returns:
<!-- ##### FUNCTION idmef_time_get_gmt_offset ##### -->
<para>
</para>
@time:
@Returns:
<!-- ##### FUNCTION idmef_time_to_string ##### -->
<para>
</para>
@time:
@out:
@Returns:
<!-- ##### FUNCTION idmef_time_to_ntpstamp ##### -->
<para>
</para>
@time:
@out:
@Returns:
|
