diff --git a/flowmon-ads/warden3_flowmon_ads_filer.py b/flowmon-ads/warden3_flowmon_ads_filer.py index 754945431b7f2a4581ca3c5b4a430a5b14896923..c358547f7a889fd9d9234d947501d07debf09e45 100755 --- a/flowmon-ads/warden3_flowmon_ads_filer.py +++ b/flowmon-ads/warden3_flowmon_ads_filer.py @@ -108,7 +108,7 @@ def proto_list(pl): ads_fields = ( ('ID', str), # Unique id within ADS db - ('Timestamp', iso_time), # Timestamp of event generation + ('Detection time', iso_time), # Timestamp of event generation ('FirstFlow', iso_time), # Timestamp of the first Flow on which was based the event detection ('Type', str), # Type of event, in fact a reference to the detection method, which recognized the event ('TypeDesc', str), # Event type description @@ -266,8 +266,8 @@ def idea_ip_key(ip): def gen_idea_from_ads(new_id, ads, orig_data, anonymised_target, add_test): - lts = time.localtime() - ts = ads.get("Timestamp") or lts + lts = time.gmtime() + ts = ads.get("Detection time") or lts ets = ads.get("FirstFlow") if ets and ets > ts: # ADS sometimes reports FirstFlow greater than DetectTime ts = ets