UTC and chroot

["Paul Melson" <psmelson () comcast net>]

I have recently upgraded a Snort sensor from 2.1.2 on RedHat 7.3 to 2.3.2 on
RHEL4.  Snort is logging to a MySQL database.  I would like to run Snort
chroot-ed, and was doing this before on the old sensor.  On the new sensor,
however, if I run Snort chroot-ed to its $HOME, it runs, but begins logging
to MySQL in UTC instead of local time.

If I start Snort with:

snort -c /opt/snort/etc/snort.conf -D -o -i eth1 -u snort -g snort -t
/opt/snort -N -l /opt/snort/var/log/snort

Then logging (it doesn't actually matter if it's syslog or MySQL, I just
happen to be using MySQL) is in UTC, which is in the future, causing all
kinds of problems when it comes time to do analysis.  The snort user's home
directory is /opt/snort and that uid has at least read permissions to every
find and directory in that path.  If I start Snort with:

snort -c /opt/snort/etc/snort.conf -D -o -i eth1 -u snort -g snort -N -l
/opt/snort/var/log/snort

Then logging is done in local time.  I'm stumped.  I would be grateful for
any ideas or suggestions.

Thanks,
PaulM





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users