Timestamps

Because timestamps are a key element in network security analysis, it is important to clarify the location, source, and context of the timestamps.

All timestamps are stored as Coordinated Universal Time (UTC) times.

The ArcSight Console presents timestamps in the local time zone of the host computer using the Java Locale facility.

Log timestamps are produced by the local JVM for that component and are written using the Java Locale facility.

Timestamps are kept in epoch time, an integer value representing the number of seconds since January 1,1970, at 00:00:01 (UTC). Timestamps cannot be earlier than that date/time. The largest integer (number of seconds) that can be stored for this value limits the timestamp range to January 19, 2038 at 03:14:07 (UTC). No timestamps can be after that date/time.

See also Timestamp Variables.