NIC DML (Device Markup Language)
RSA the Security Division of EMC
UDS UDS XML XML Fun Fun ct io ns The following XML functions were not included with the UDS Guide: EVNTIME CNVTIP DURSTR
EVNTTIME A facility to “normalize” the time coming from the payload of an event. Construct a time value that is acceptable to the database and assign it to a message variable.
Syntax: EVNTTIME(msgSegment, formatString, formatString, inputParm inputParm …)
Return Value: The local time value of all inputParm specified by formatString in suitable format for database insertion. If the function does not succeed, an empty string is returned.
Parameters: msgSegment
Defines where source inputParm variable resides.
$MSG – variables for date reside in message. $HDR – variables for date reside in header. formatString
Describes the format of the ASCII time contained within the inputParm. The formatString defines how the ASCII time is to be interpreted, so that a UTC timestamp can be generated. A formatString is composed of the following formatting codes: ASCII Date Component Full Month Name
Formatting Code %R
Abbreviated Month Name Numeric Month Numeric Month(*variable widt h field) Numeric Month Day Numeric Month Day (*variable width field) Hour (24 hour period) Hour (12 hour period) AM/PM (Needed by %I) A.M./P.M. (Needed with %I) Minutes Minutes (*variable width field) Seconds Year (this century)
%B %M %G
Example January, JANUARY Jan, JAN 01 – 12 01 – 12
%D %F
01 – 31 01 – 31
%H %I %P %Q %T %U %S %Y
00 – 23 00 – 12 AM or PM A.M. or P.M. 00 – 59 00 – 59 00 – 59 00 – 99
RSA enVision Universal Device Support Guide
1
NIC DML (Device Markup Language) ASCII Date Component Year Julian Day %%
RSA the Security Division of EMC Formatting Code %W %J ASCII Percent
Example 0000 – 9999 001 – 364
(*the format code determines the size of the field for variable width fields) inputParm …:
One or more variables that contain the ASCII time text.
Remarks: The formatString should always reflect the format of the date string in the log message (including spaces), if possible. If a log message has a varying amount of space in between the time stamp variables, the UTC command automatically makes adjustments for these variations. If a year value is available in the format string, this value will be used by the UTC command. If a year value is not available, as in this example, the year value associated with the receive time of the message is used.
Example: @ target:*EVNTTIME($MSG,'[%D/%B/%W:%N:%U:%O]',time) @ target:*EVNTTIME($HDR,'[%D/%B/%W:%N:%U:%O]', var1,var2,var3,var4)
CNVTIP Convert an INET_ADDR (unsigned long) format IP address to IPV4 dotted IP address format
Syntax: CNVTIP(inputParm)
Return Value: The IPV4 format (x.x.x.x) of inputParm. If the function does not succeed, an empty string is returned.
Parameters: inputParm
A variable containing an IP address in the INET_ADDR (unsigned long) format,
Example: @target:*CNVTIP(sourceAddr)
RSA enVision Universal Device Support Guide
2
NIC DML (Device Markup Language)
RSA the Security Division of EMC
DURSTR Construct a duration string value and assign it to a message variable. Duration is an interval of time in total seconds normalized to hh:mm:ss format.
Syntax: DUR(msgSegment, inputParm)
Return Value: The value of the total seconds in inputParm converted to a formatted string in hh:mm:ss format. If the function is not successful in the conversion, an empty string is returned, or the assignment is ignored.
Parameters: msgSegment
Defines where source inputParm variable resides. Choices are
$MSG – variables for seconds reside in message. $HDR – variables for seconds reside in header. inputParm …
Input variable containing a duration value in total seconds.
Examples: @target:*DURSTR($HDR,duration) @target:*DURSTR($HDR,duration)
RSA enVision Universal Device Support Guide
3
