Snort mailing list archives
UTC and chroot
From: "Paul Melson" <psmelson () comcast net>
Date: Mon, 28 Mar 2005 09:47:41 -0500
I have recently upgraded a Snort sensor from 2.1.2 on RedHat 7.3 to 2.3.2 on RHEL4. Snort is logging to a MySQL database. I would like to run Snort chroot-ed, and was doing this before on the old sensor. On the new sensor, however, if I run Snort chroot-ed to its $HOME, it runs, but begins logging to MySQL in UTC instead of local time. If I start Snort with: snort -c /opt/snort/etc/snort.conf -D -o -i eth1 -u snort -g snort -t /opt/snort -N -l /opt/snort/var/log/snort Then logging (it doesn't actually matter if it's syslog or MySQL, I just happen to be using MySQL) is in UTC, which is in the future, causing all kinds of problems when it comes time to do analysis. The snort user's home directory is /opt/snort and that uid has at least read permissions to every find and directory in that path. If I start Snort with: snort -c /opt/snort/etc/snort.conf -D -o -i eth1 -u snort -g snort -N -l /opt/snort/var/log/snort Then logging is done in local time. I'm stumped. I would be grateful for any ideas or suggestions. Thanks, PaulM ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- UTC and chroot Paul Melson (Mar 28)