Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: Snort > mysql > acid - timestamp troubles

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Thu, 30 May 2002 11:00:05 +0200
Just a thought: Did you set the same timezone on all boxes? I ran into that
some time ago. With RedHat timeconfig should help.
 

HTH,

Sandro 

-----Ursprüngliche Nachricht-----
Von: Rose, Jerry L SAJ Contractor [mailto:Jerry.L.Rose () saj02 usace army mil]
Gesendet: Mittwoch, 29. Mai 2002 21:01
An: 'snort-users () lists sourceforge net'
Betreff: [Snort-users] Snort > mysql > acid - timestamp troubles



Here's the problem. I've got alerts being logged 
with timestamps later than the current time (approx. 
4 hours into the future). I'm running ntpd on all 
three servers. I've run the "date" command on all 
three servers to visually verify the proper date 
and time is set on all three servers. I've cranked 
up "#snort -v" then "ctrl-c" and the timestamps are 
correct on standard out. 

Here's some server specific info... 
+++++++++++++++++++++++++++++++++++++++++++++++ 
I'm running a..... 
LINUX RH 7.2 NIDS sensor running 
Snort Version 1.8.6 (Build 105) 

that is writing alerts to a..... 
LINUX RH 7.2 mysql server 
VERSION 3.23.49a 

that is serving data to a..... 
LINUX RH 7.2 apache server 
version 1.3.22 
PHP 4.2.0 
gd-1.8.4 
adodb Library for PHP4 
phplot-4.4.6 
+++++++++++++++++++++++++++++++++++++++++++++++ 

Here's a couple of query results to illustrate my problem. 
Notice the timestamps... 
====================================================== 
mysql> select * from event; 
<<<<< many cut lines >>>>> 
|   1 | 12263 |        11 | 2002-05-29 18:09:54 | 
|   1 | 12264 |        11 | 2002-05-29 18:09:54 | 
|   1 | 12265 |        11 | 2002-05-29 18:09:54 | 
|   1 | 12266 |        38 | 2002-05-29 18:10:10 | 
|   1 | 12267 |        11 | 2002-05-29 18:18:46 | 
|   1 | 12268 |        11 | 2002-05-29 18:18:46 | 
+-----+-------+-----------+---------------------+ 
11761 rows in set (0.05 sec) 

mysql> SELECT VERSION(); SELECT NOW(); 
+-----------+ 
| VERSION() | 
+-----------+ 
| 3.23.49a  | 
+-----------+ 
1 row in set (0.00 sec) 

+---------------------+ 
| NOW()               | 
+---------------------+ 
| 2002-05-29 14:27:30 | 
+---------------------+ 
1 row in set (0.00 sec) 

mysql> 
====================================================== 
The now time is "2002-05-29 14:27:30" but 
the last logged alert time is "2002-05-29 18:18:46". 

Any ideas would be greatly appreciated. 

Thanks, 
Jerry Rose
Previous By Date Next
Previous By Thread Next

Current thread: