{"id":270,"date":"2015-02-20T19:13:24","date_gmt":"2015-02-20T19:13:24","guid":{"rendered":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=270"},"modified":"2015-07-13T09:13:28","modified_gmt":"2015-07-13T09:13:28","slug":"date-formats","status":"publish","type":"page","link":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=270","title":{"rendered":"Date formats"},"content":{"rendered":"<p>Date formats are a nightmare.\u00a0 Each event source may use a different convention, and some conventions are less than perfect.\u00a0 For example, the date format used by <a title=\"The syslog module\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=157\">syslog<\/a> does not include a year.<\/p>\n<p>Dates can also be entered in Orchids rules, by one of the following constructions:<\/p>\n<ul>\n<li><code>_CTIME(<\/code><em>string constant<\/em><code>)<\/code><\/li>\n<li><code>_TIMEVAL(<\/code><em>string constant<code>,<\/code> integer constant<code><\/code><code><\/code><\/em><code>)<\/code><\/li>\n<\/ul>\n<p>The string constant is in a human-readable date format, and is parsed by the <code>strptime()<\/code> API call.\u00a0 Unfortunately, the latter does not know how to parse a date without any further indication, and Orchids tries to parse it by using the following formats, one after the other.<\/p>\n<table style=\"border: solid 1px black;\">\n<tbody>\n<tr style=\"background-color: lightgrey;\">\n<td><code>\"%a %m\/%d\/%Y %T %Z\"<\/code><\/td>\n<td>US format<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>\"%a %d %m %Y %T %Z\"<\/code><\/td>\n<td>French format<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>\"%a %Y-%m-%d %T %Z\"<\/code><\/td>\n<td>European format<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>\"%a %m\/%d\/%Y %T\"<\/code><\/td>\n<td>US format<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>\"%a %d %m %Y %T\"<\/code><\/td>\n<td>French format<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>\"%a %Y-%m-%d %T\"<\/code><\/td>\n<td>European format<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>\"%a %m\/%d\/%Y\"<\/code><\/td>\n<td>US format<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>\"%a %d %m %Y\"<\/code><\/td>\n<td>French format<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>\"%a %Y-%m-%d\"<\/code><\/td>\n<td>European format<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>\"%Y-%m-%dT%H:%M:%S\"<\/code><\/td>\n<td>IDMEF format<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Date formats are a nightmare.\u00a0 Each event source may use a different convention, and some conventions are less than perfect.\u00a0 For example, the date format used by syslog does not include a year. Dates can also be entered in Orchids rules, by one of the following constructions: _CTIME(string constant) _TIMEVAL(string constant, integer constant) The string &hellip; <a href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=270\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Date formats<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-270","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages\/270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=270"}],"version-history":[{"count":5,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages\/270\/revisions"}],"predecessor-version":[{"id":413,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages\/270\/revisions\/413"}],"wp:attachment":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}