Snort mailing list archives
Time used by snort
From: "Geoff Craig" <GCraig () quilogy com>
Date: Wed, 10 Mar 2004 08:38:40 -0600
Hello all, I am using what I feel is a pretty straightforward Snort install on Windows 2000. The command I use to start Snort is: C:\snort\bin\snort.exe -c "C:\Snort\etc\snort.conf" -l "c:\snort" -i 1 The only things that added to the snort.conf file are mySQL output plugin information, updated HOME_NET & RULE_PATH and enabled portscan using $HOME_NET with 4 ports and a timeout of 15 and specified a log file. Right now I have 5 Snort boxes running in a lab to test hardware and various configurations network wise. What I am seeing is that even though all 5 boxes are set to the same time zone when I view alerts using ACID the timestamps are totally different. One shows timestamps that are -3 hours off, one shows timestamps +1 hour. If I am not using the -U switch to log to UTC time. Does anyone have any insight as to what the time issue is? I forgot to mention that I am using different versions. Two are running 2.1.1 and three are running 1.9.1. Still all seem to be off of the local machine time by at least 15 minutes. Thanks, Geoff ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Time used by snort Geoff Craig (Mar 10)