Skip to content

in_winevtlog: Plug glitches of time offset for DST/STD switches [Backport to 4.1] #11299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cosmo0920 merged 2 commits into from
Dec 18, 2025
+56 −21
Merged

in_winevtlog: Plug glitches of time offset for DST/STD switches [Backport to 4.1] #11299

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0139d56
in_winevtlog: Plug glitches of time offset for DST/STD switches
cosmo0920 Dec 15, 2025
7be1625
in_winevtlog: Remove needless locale related lines
cosmo0920 Dec 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 56 additions & 21 deletions plugins/in_winevtlog/pack.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
#include <fluent-bit/flb_utils.h>
#include <fluent-bit/flb_pack.h>
#include <fluent-bit/flb_input_plugin.h>
#include <stdlib.h>
#include <msgpack.h>
#include <sddl.h>
#include <locale.h>
Expand Down Expand Up @@ -265,39 +266,73 @@ static int pack_systemtime(struct winevtlog_config *ctx, SYSTEMTIME *st)

static int pack_filetime(struct winevtlog_config *ctx, ULONGLONG filetime)
{
LARGE_INTEGER timestamp;
FILETIME ft;
SYSTEMTIME st_utc;
SYSTEMTIME st_local;
DYNAMIC_TIME_ZONE_INFORMATION dtzi;
CHAR buf[64];
size_t len = 0;
FILETIME ft, ft_local;
SYSTEMTIME st;
_locale_t locale;
size_t len;
LONG bias_minutes;
int offset_hours;
int offset_minutes;
char offset_sign;
DWORD tz_id;

_tzset();

locale = _get_current_locale();
if (locale == NULL) {
ft.dwHighDateTime = (DWORD)(filetime >> 32);
ft.dwLowDateTime = (DWORD)(filetime & 0xFFFFFFFF);

if (!FileTimeToSystemTime(&ft, &st_utc)) {
return -1;
}
timestamp.QuadPart = filetime;
ft.dwHighDateTime = timestamp.HighPart;
ft.dwLowDateTime = timestamp.LowPart;
FileTimeToLocalFileTime(&ft, &ft_local);
if (FileTimeToSystemTime(&ft_local, &st)) {
struct tm tm = {st.wSecond, st.wMinute, st.wHour, st.wDay, st.wMonth-1, st.wYear-1900, st.wDayOfWeek, 0, -1};
len = _strftime_l(buf, 64, FORMAT_ISO8601, &tm, locale);
if (len == 0) {
flb_errno();
_free_locale(locale);
return -1;
}
_free_locale(locale);

flb_log_event_encoder_append_body_string(ctx->log_encoder, buf, len);
tz_id = GetDynamicTimeZoneInformation(&dtzi);

if (!SystemTimeToTzSpecificLocalTimeEx(&dtzi, &st_utc, &st_local)) {
return -1;
}

/* Determine bias (minutes) */
bias_minutes = dtzi.Bias;

if (tz_id == TIME_ZONE_ID_DAYLIGHT) {
bias_minutes += dtzi.DaylightBias;
}
else if (tz_id == TIME_ZONE_ID_STANDARD) {
bias_minutes += dtzi.StandardBias;
}

/* Windows bias: minutes to add to local to get UTC
ISO8601 offset: inverse sign */
if (bias_minutes > 0) {
offset_sign = '-';
}
else {
offset_sign = '+';
bias_minutes = -bias_minutes;
}

offset_hours = bias_minutes / 60;
offset_minutes = bias_minutes % 60;

len = _snprintf_s(buf, sizeof(buf), _TRUNCATE,
"%04d-%02d-%02d %02d:%02d:%02d %c%02d%02d",
st_local.wYear,
st_local.wMonth,
st_local.wDay,
st_local.wHour,
st_local.wMinute,
st_local.wSecond,
offset_sign,
offset_hours,
offset_minutes);

if (len <= 0) {
return -1;
}

flb_log_event_encoder_append_body_string(ctx->log_encoder, buf, len);
return 0;
}

Expand Down