From 36dd92e07154ad89dcc355a5cc2b0b4582039f6a Mon Sep 17 00:00:00 2001
From: Radko Krkos <krkos@cesnet.cz>
Date: Wed, 11 May 2022 08:18:59 +0200
Subject: [PATCH] flowmon-ads: Rename Timestamp to 'Detection time'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* This is part of a backport from nsharp connector to unify the
  codebase.
* The actual code changes were done by Martin Černý <cernym@cesnet.cz>
  during the development of nsharp connector.
---
 flowmon-ads/warden3_flowmon_ads_filer.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/flowmon-ads/warden3_flowmon_ads_filer.py b/flowmon-ads/warden3_flowmon_ads_filer.py
index 7549454..c358547 100755
--- a/flowmon-ads/warden3_flowmon_ads_filer.py
+++ b/flowmon-ads/warden3_flowmon_ads_filer.py
@@ -108,7 +108,7 @@ def proto_list(pl):
 
 ads_fields = (
     ('ID', str),                # Unique id within ADS db
-    ('Timestamp', iso_time),    # Timestamp of event generation
+    ('Detection time', iso_time),   # Timestamp of event generation
     ('FirstFlow', iso_time),    # Timestamp of the first Flow on which was based the event detection
     ('Type', str),              # Type of event, in fact a reference to the detection method, which recognized the event
     ('TypeDesc', str),          # Event type description
@@ -266,8 +266,8 @@ def idea_ip_key(ip):
 
 def gen_idea_from_ads(new_id, ads, orig_data, anonymised_target, add_test):
 
-    lts = time.localtime()
-    ts = ads.get("Timestamp") or lts
+    lts = time.gmtime()
+    ts = ads.get("Detection time") or lts
     ets = ads.get("FirstFlow")
     if ets and ets > ts:    # ADS sometimes reports FirstFlow greater than DetectTime
         ts = ets
-- 
GitLab