FString FDateTimeStructCustomization::ToDateTimeZoneString(const FDateTime& UTCDate)
{
const int32 DisplayTimezone = GetLocalTimezone();
const FDateTime LocalTime = ConvertTime(UTCDate, TIMEZONE_UTC, DisplayTimezone);
return FString::Printf(TEXT("%s %s%0.4d"), *LocalTime.ToString(), (DisplayTimezone >= 0 ? TEXT("+") : TEXT("")), DisplayTimezone);
}
bool FDateTimeStructCustomization::ParseDateTimeZone(const FString& DateTimeZoneString, FDateTime& OutDateTime)
{
static FString Delimiter = FString(TEXT(" "));
// Split our DatetimeZone string into a date and a timezone marker
FString DateString;
FString TimezoneString;
if (!DateTimeZoneString.Split(Delimiter, &DateString, &TimezoneString, ESearchCase::CaseSensitive, ESearchDir::FromEnd))
{
DateString = DateTimeZoneString;
}
// Trim surrounding whitespace
DateString = DateString.TrimTrailing().Trim();
TimezoneString = TimezoneString.TrimTrailing().Trim();
// Validate date
FDateTime LocalizedDate;
if (DateString.IsEmpty() || !FDateTime::Parse(DateString, LocalizedDate))
{
return false;
}
// Validate timezone marker
if (TimezoneString.IsEmpty())
{
// If no timezone is present, we assume the user's preferred timezone
OutDateTime = ConvertTime(LocalizedDate, GetLocalTimezone(), TIMEZONE_UTC);
return true;
}
// Fail if timezone string isn't numeric
if (!TimezoneString.IsNumeric())
{
return false;
}
// Convert timezone into int
int32 Timezone = FCString::Atoi(*TimezoneString);
Timezone = ConvertShortTimezone(Timezone);
// Check for timezones in the full-format HHMM, ex: -0500, +1345, etc
const int32 TimezoneHour = Timezone / 100;
const bool bHasValidMinuteOffset = ((FMath::Abs(Timezone) % 100) % 15 == 0);
const bool bIsTimezoneHourValid = (TimezoneHour >= -12 && TimezoneHour <= 14);
if (bHasValidMinuteOffset && bIsTimezoneHourValid)
{
OutDateTime = ConvertTime(LocalizedDate, Timezone, TIMEZONE_UTC);
return true;
}
// Not a valid time
return false;
}
/****************************************************************************
*
* Function: GetCurrentTimestamp()
*
* Purpose: Generate an ISO-8601 formatted timestamp for the current time.
*
* Arguments: none
*
* Returns: char * -- You must free this char * when you are done with it.
*
***************************************************************************/
char *GetCurrentTimestamp()
{
struct tm *lt;
struct timezone tz;
struct timeval tv;
struct timeval *tvp;
char * buf;
int tzone;
buf = (char *)malloc(SMALLBUFFER);
bzero((char *)&tz,sizeof(tz));
gettimeofday(&tv,&tz);
tvp = &tv;
if(pv.use_utc == 1)
{
lt = gmtime((time_t *)&tvp->tv_sec);
snprintf(buf, SMALLBUFFER, "%04i-%02i-%02i %02i:%02i:%02i",
1900 + lt->tm_year, lt->tm_mon + 1, lt->tm_mday,
lt->tm_hour, lt->tm_min, lt->tm_sec);
}
else
{
lt = localtime((time_t *)&tvp->tv_sec);
tzone = GetLocalTimezone();
if(tzone < 0)
snprintf(buf, SMALLBUFFER,
"%04i-%02i-%02i %02i:%02i:%02i%03i",
1900 + lt->tm_year, lt->tm_mon + 1, lt->tm_mday,
lt->tm_hour, lt->tm_min, lt->tm_sec, tzone);
else
snprintf(buf, SMALLBUFFER,
"%04i-%02i-%02i %02i:%02i:%02i+%02i",
1900 + lt->tm_year, lt->tm_mon + 1, lt->tm_mday,
lt->tm_hour, lt->tm_min, lt->tm_sec, tzone);
}
return buf;
}
static int Syslog_FormatTrigger(OpSyslog_Data *syslogData, Unified2EventCommon *pEvent,int opType)
{
char tSigBuf[256] = {0};
char *timestamp_string = NULL;
SigNode *sn = NULL;
ClassType *cn = NULL;
//ReferenceNode *rn = NULL;
if( (syslogData == NULL) ||
(pEvent == NULL))
{
/* XXX */
return 1;
}
switch(opType)
{
case 0:
/* Alert */
if( (syslogData->format_current_pos += snprintf(syslogData->formatBuffer,SYSLOG_MAX_QUERY_SIZE,"[SNORTIDS[ALERT]: [%s] }", syslogData->sensor_name)) >= SYSLOG_MAX_QUERY_SIZE)
{
/* XXX */
return 1;
}
break;
case 1:
/* Log */
if( (syslogData->format_current_pos += snprintf(syslogData->formatBuffer,SYSLOG_MAX_QUERY_SIZE,"[SNORTIDS[LOG]: [%s] ]", syslogData->sensor_name)) >= SYSLOG_MAX_QUERY_SIZE)
{
/* XXX */
return 1;
}
break;
default:
/* XXX */
LogMessage("Syslog_FormatTrigger(): Unknown [%d] operation mode \n",opType);
return 1;
break;
}
if( OpSyslog_Concat(syslogData))
{
/* XXX */
FatalError("OpSyslog_Concat(): Failed \n");
}
if( (timestamp_string = GetTimestampByComponent(
ntohl(pEvent->event_second),
ntohl(pEvent->event_microsecond),
GetLocalTimezone())) == NULL)
{
/* XXX */
/* Something went wrong ...we create a little string? */
if( (timestamp_string = malloc(256)) == NULL)
{
/* XXX */
return 1;
}
memset(timestamp_string,'\0',256);
snprintf(timestamp_string,256,"sec:[%u] msec:[%u] Second away from UTC:[%u] ",
ntohl(pEvent->event_second),
ntohl(pEvent->event_microsecond),
GetLocalTimezone());
}
snprintf(tSigBuf,256,"Snort Alert [%u:%u:%u]",
ntohl(pEvent->generator_id),
ntohl(pEvent->signature_id),
ntohl(pEvent->signature_revision));
sn = GetSigByGidSid(ntohl(pEvent->generator_id),
ntohl(pEvent->signature_id));
cn = ClassTypeLookupById(barnyard2_conf,
ntohl(pEvent->classification_id));
if( (syslogData->format_current_pos += snprintf(syslogData->formatBuffer,SYSLOG_MAX_QUERY_SIZE,"%s%c%u%c%s",
timestamp_string,syslogData->field_separators,
ntohl(pEvent->priority_id),syslogData->field_separators,
sn != NULL ? sn->msg : tSigBuf)) >= SYSLOG_MAX_QUERY_SIZE)
{
/* XXX */
free(timestamp_string);
return 1;
}
if( OpSyslog_Concat(syslogData))
{
/* XXX */
FatalError("OpSyslog_Concat(): Failed \n");
}
if(cn)
{
if( (syslogData->format_current_pos += snprintf(syslogData->formatBuffer,SYSLOG_MAX_QUERY_SIZE,"%s",
cn->type)) >= SYSLOG_MAX_QUERY_SIZE)
{
/* XXX */
free(timestamp_string);
return 1;
}
}
else
{
if( ( syslogData->format_current_pos += snprintf(syslogData->formatBuffer,SYSLOG_MAX_QUERY_SIZE,"%s",
"[Unknown Classification]") >= SYSLOG_MAX_QUERY_SIZE))
{
/* XXX */
free(timestamp_string);
return 1;
}
}
if( OpSyslog_Concat(syslogData))
{
/* XXX */
FatalError("OpSyslog_Concat(): Failed \n");
}
/*CHECKME: -elz Need to investigate */
//Syslog_FormatReference(syslogData, sn->refs);
free(timestamp_string);
return 0;
}
