Snort mailing list archives
Re: Time incorrect in BASE display?
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 13 Apr 2006 20:00:40 -0500
--On April 13, 2006 2:33:02 PM -0700 Michael Steele <michaels () winsnort com> wrote:
This has little or no meaning. What does "...time are set correctly" mean? Is the system clock set to UTC? Or local time? Does it account for dst? What timezone are they in? Are they running snort with the -U option? Are they using unified and/or alert log output? Feeding directly to a database? Using barnyard?I've had several reports from users stating they are seeing a +4 hour difference in the alerts viewed in the BASE console. They also state their BIOS and System time are set correctly.
I run unified log output from snort to barnyard to base. All my logs and alerts are in UTC, and the time is correct. The server runs ntpd to keep the time synched with an atomic clock and I've not noticed any problems with timestamps.It's either Snort pushing the wrong time out or BASE displaying the wrong time. Has anyone seen this type of behavior? Is their an adjustment that needs to be set?
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/
Attachment:
_bin
Description:
Current thread:
- Time incorrect in BASE display? Michael Steele (Apr 13)
- Re: Time incorrect in BASE display? Paul Schmehl (Apr 13)
- Re: Time incorrect in BASE display? Kevin Johnson (Apr 13)
- <Possible follow-ups>
- RE: Time incorrect in BASE display? Briggs, Bruce (Apr 13)