TIME statement

The TIME statement specifies how BMC AMI Defender is to format the time of day (date and time) and duration (elapsed time) fields including the universal field CURRENT_TIME; and optionally specifies the source of local time for BMC AMI Defender and CZASEND message timestamps and the optional RFC 3164 syslog message timestamp (that, if specified, is always local time in the format Mmm dd hh:mm:ss). See Time-settings for more information.

Note

You can modify the $$$SERVR member in the amihlq.CZAGENT.PARM file.

image2019-3-25_17-58-1.png

If you code more than one TIME statement, then a subsequent TIME statement replaces any TIME statement(s) that came before.

The TIME statement has no effect in CEF mode. See Common Event Format (CEF)  . See the description of OPTions SIEMtype for its effect on TIME.

Parameter

Description

TIME

Must be specified as shown.

UTC|ASIS|LOCal

Specifies the type of date and time formatting. Specify UTC for Coordinated Universal Time (similar to Greenwich Mean Time), ASIS for compatibility with BMC AMI Defender versions 5-1-0 and earlier, or LOCal for local time. For more information, see http://www.ipses.com/prod/timing/UTC-GPS.php?language=en.

If you omit TYPe, it defaults to UTC. The use of ASIS is not recommended with any of the _Z formats nor with the %z or %Z strftime format codes.

DURation

Specifies the formatting of any duration (elapsed time) fields in the SMF records. Specify ISO8601_T (ISO8601 with thousandths) to indicate a format of Phh:mm:ss.ttt, ISO8601 to indicate a format of Phh:mm:ss.ttt, HHMMSSHH to indicate a format of hh:mm:ss.hh, or an strftime format string using the characters documented in the table. The use of date format codes such as %a is not recommended with DURation. (ISO8601 refers to International Standard 8601, http://dotat.at/tmp/ISO_8601-2004_E.pdf.) For the named formats such as ISO8601_T that include a decimal point, the locale-appropriate decimal point is used. If you omit DURation, it defaults to ISO8601_T.

TIME

Specifies the formatting of any time (without a date) fields in the SMF records. Specify ISO8601_T (ISO8601 with thousandths) to indicate a format of hh:mm:ss.ttt, ISO8601 to indicate a format of hh:mm:ss, or HHMMSSHH to indicate a format of hh:mm:ss.hh, or an strftime format string using the characters documented in the table. For the named formats such as ISO8601_T that include a decimal point, the locale-appropriate decimal point is used. If you omit TIME, it defaults to ISO8601_T.

TIMEOFDay

Specifies the formatting of any time of day (date and time) fields in the SMF records. Specify ISO8601_T (ISO8601 with thousandths) to indicate a format of yyyy-mm-ddThh:mm:ss.ttt, ISO8601 to indicate a format of yyyy-mm-ddThh:mm:ss, ISO8601_TZ (ISO8601 with thousandths and zone indicator) to indicate a format of yyyy-mm-ddThh:mm:ss.ttt±oooo, ISO8601_Z (ISO8601 with zone indicator) to indicate a format of yyyy-mm-ddThh:mm:ss±oooo, JULian to indicate a so-called Julian date format of yyddd hh:mm:ss.hh, or an strftime format string using the characters documented in the table. For the named formats such as ISO8601_T that include a decimal point, the locale-appropriate decimal point is used. If you omit TIMEOFDay, it defaults to ISO8601_T. See the description of OPTions SIEMtype for its effect on TIMEOFDay.

ZONe

Specifies the time zone information needed by z/OS Language Environment. Specify _TZ to use the value of the _TZ environment variable, TZ to use the value of the TZ environment variable, or a literal time zone specifier in quotes. For an explanation of the _TZ and TZ environment variables, see the Using the TZ or _TZ environment variable to specify time zone in the IBM Manual z/OS XL C/C++ Programming Guide. The full format of time zone specifiers is complex, but the simplest form is ssso or sssoddd, where sss is a standard time zone abbreviation such as EST, o is the offset in hours from UTC such as 5 for Eastern Standard Time or -1 for Central European Time, and ddd is the daylight or summer time zone abbreviation such as EDT, enclosed in quotes. Omit ddd if your locale does not observe summer or daylight time. For instance, ZONE('EST5EDT').

Notes

  • The sign is somewhat counterintuitive: unsigned (positive) offsets are for time zones west of Greenwich such as in the Americas; minus or negative offsets are for time zones east of Greenwich such as in Europe, Africa, Asia and most of Oceania. See the reference IBM Manual for a fuller explanation of time zone specifiers. If you omit ZONe(), it defaults to the value of the TZ environment variable.
  • The zone must be the local time zone of the mainframe, not (necessarily) the time zone of the syslog server, or the office where the security analysts are located. If the zone specified or defaulted does not correspond to the time zone specified in z/OS, then certain SMF fields, that are recorded by IBM in mainframe local time, are interpreted incorrectly.

Examples of formatted times

The following table shows how 15:40:50.789 on September 26, 2012, Eastern Standard Time, and a duration of 3 minutes and 25.789 seconds, would be formatted under various options. The strftime format string examples are just two of a nearly unlimited number of possibilities. The ASIS format would be the same as either UTC or LOCAL depending on the particular field. (Durations are unaffected by time zones.)

Format

UTC

LOCal

ISO8601

2012-09-26T20:40:51
 P00:03:26

2012-09-26T15:40:50.789
 P00:03:26

ISO8601_T

2012-09-26T20:40:50.789
 P00:03:25.789

2012-09-26T15:40:50.789
 P00:03:25.789

ISO8601_TZ

2012-09-26T15:40:50.789+0000

2012-09-26T15:40:50.789-0500

ISO8601_Z

2012-09-26T15:40:51+0000

2012-09-26T15:40:51-0500

JULIAN

12269 20:40:50.79

12269 15:40:50.79

HHMMSSHH

00:03:25.79

00:03:25.79

‘%d%b%Y %r’

26Sep2012 08:40:51 pm

26Sep2012 03:40:51 pm

‘Dur=%T’

Dur=00:03:26

Dur=00:03:26

strftime format codes

The format codes consist of a % (percent sign) followed by one or two characters. The characters are case-sensitive: %a and %A have different meanings; %F is a valid code but %f is not. Characters not prefaced with a percent sign represent themselves: the string Month: %B might format as Month: September. A literal percent sign that is to appear in the output data is coded as %%. strftime refers to the standard C programming language library function strftime(). If you code an invalid format code, it is preserved literally in the time value: a format code of %f is formatted as the literal %f.

Format code

Value substituted 1

%a

Abbreviated weekday name of locale.

%A

Full weekday name of locale.

%b

Abbreviated month name of locale.

%B

Full month name of locale.

%c

Date and time of locale.

%C

Locale’s century number (year divided by 100 and truncated).

%d

Day of the month (01-31).

%D

Date in mm/dd/yy form, regardless of locale.

%e

Day of the month as a decimal number (01–31). Under CPOSIX only, it’s a 2-character, right-justified, blank-filled field.

%Ec

The locale’s alternative date and time representation.

If the alternative date/time format is not available, these codes are mapped to their unextended counterparts. Such as, %EC is mapped to %C.

%EC

The name of the base year (period) in the locale’s alternative representation.

%Ex

The locale’s alternative date representation.

%EX

The locale’s alternative time representation.

%Ey

The offset from %EC (year only) in the locale’s alternative representation.

%EY

The full alternative year representation.

%F

The ISO 8601:2000 standard date format, equivalent to %Y-%m-%d.

%g

The last two digits of the week-based year as a decimal number (00-99).

%G

The week-based year as a four digit decimal.

%h

Locale’s abbreviated month name. This is the same as %b.

%H

Hour (24-hour clock) as a decimal number (00-23).

%I

Hour (12-hour clock) as a decimal number (01-12).

%j

Day of the year (001-366).

%m

Month (01-12).

%M

Minute (00-59).

%Od

The day of month, using the locale’s alternative numeric symbols, filled as needed with leading zeros if there is any alternative symbol for zero, otherwise with leading spaces.

If the alternative date/time format is not available, the %O codes are mapped to their non-alternative counterparts. For example, %Od is mapped to %d.

%Oe

The day of the month, using the locale’s alternative symbols, filled as needed with leading spaces.

%OH

The hour (24-hour clock) using the locale’s alternative symbols.

%OI

The hour (12-hour clock) using the locale’s alternative symbols.

%Om

The month using the locale’s alternative numeric symbols.

%OM

The minutes using the locale’s alternative numeric symbols.

%OS

The seconds using the locale’s alternative numeric symbols.

%Ou

The weekday as a number in the locale’s alternative representation (Monday=1).

%OU

The week number of the year (Sunday as the first day of the week, rules corresponding to %U) using the locale’s alternative numeric symbols.

%OV

The week number of the year (Monday as the first day of the week, rules corresponding to %V) using the locale’s alternative numeric symbols.

%Ow

The weekday (Sunday=0) using the locale’s alternative numeric symbols.

%OW

The week number of the year (Monday as the first day of the week) using the locale’s alternative numeric symbols.

%Oy

The year (offset from %C) in the locale’s alternative representation and using the locale’s alternative numeric symbols.

%p

The locale’s equivalent of AM or PM.

%Qn

Fractional seconds formatted to n places; for instance, %Q3 to format as milliseconds. The %Qn format code can appear no more than once in the format specification.

%r

A string equivalent to %I:%M:%S %p; or use t_fmt_ampm from LC_TIME, if present.

%R

Time in 24 hour notation (%H:%M).

%S

Seconds as a decimal number (00-60).

%T

Equivalent to %H:%M:%S.

%u

The weekday as a decimal number (1 to 7), with 1 representing Monday.

%U

Week number of the year (00-53) where Sunday is the first day of the week. The first Sunday of January is the first day of week 1; days in the new year before this are in week 0.

%V

Week number of the year (01-53) where Monday is the first day of the week. If the week containing 1 January has four or more days in the new year, then it is considered week 1. Otherwise, it is the last week of the previous year, and the next week is week 1. Both January 4th and the first Thursday of January are always in week 1.

%w

Weekday (0-6) where Sunday is 0.

%W

Week number of the year (00-53) where Monday is the first day of the week.

%x

Date representation of locale.

%X

Time representation of locale.

%y

Year without the century (00-99).

%Y

Year with century.

%z

The offset from UTC in ISO8601:2000 standard format ( +hhmm or –hhmm ). For instance, -0430 means 4 hours 30 minutes behind UTC (west of Greenwich).

%Z

Name of time zone, or no characters if time zone is not available.

%%

%.

 1 Most of these descriptions are taken directly from z/OS XL C/C++ Run-Time Library Reference, © Copyright IBM Corporation 1996, 2011.

Related topic

Parameter-file-statements

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*