Snort mailing list archives
Re: snort-acid timestamp problem...anyone ever fix this?
From: "Brian J. Smith-Sweeney" <bsweeney () physics ucsb edu>
Date: 14 Jan 2003 08:30:42 -0800
Wow, imagine that; the program's not broken, it's doing *EXACTLY* what I told it to do. I downloaded a startup script from somewhere, and didn't realize it passed the -U switch to snort. However, I'm now thinking I may leave that in there, since there will most likely be situations where I'm sending these logs overseas to other sys admins and it will probably be easier to have us all translating from UTC than PST. Thanks for the help. -Brian On Tue, 2003-01-14 at 00:06, Jens Krabbenhoeft wrote:
Brian,system clock is correct, but the timestamps are consistently off by 8 hours. Even on the ACID main page, the "queried on" time shows upAs your mailer gives -0800 in your Date-Header I guess the times you see are in UTC. There is a commandline option in snort "-U Use UTC for timestamps", which can cause this. Which command line options do you use? Do you use barnyard, as there is an option "config localtime", which may cause timezone-"problems" too. Generally it is not a bad idea to use UTC-times in timerelated applications because you don't have any timewarps (daylight-saving). Hope that helps, Jens ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- ======================================== Brian Smith-Sweeey Senior Systems Administrator University of California, Santa Barbara Physics Department bsweeney () physics ucsb edu (805)-893-8366 ======================================== ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-acid timestamp problem...anyone ever fix this? Brian J. Smith-Sweeney (Jan 13)
- <Possible follow-ups>
- snort-acid timestamp problem...anyone ever fix this? Brian J. Smith-Sweeney (Jan 13)
- Re: snort-acid timestamp problem...anyone ever fix this? Jens Krabbenhoeft (Jan 14)
- Re: snort-acid timestamp problem...anyone ever fix this? Brian J. Smith-Sweeney (Jan 14)
- Re: snort-acid timestamp problem...anyone ever fix this? Jens Krabbenhoeft (Jan 14)