Broken timestamps?

[Bob Rotsted <rrotsted () pdx edu>]

I recently configured my Snort box to use PF_RING and the ixgb TNAPI
driver, it appears to be working correctly but Snort is logging '0' for
the timestamp on all alerts.

Below is an example --

(Event)
    sensor id: 0    event id: 24    event second: 0    event microsecond: 0
    sig id: 2002027    gen id: 1    revision: 15     classification: 29
    priority: 3    ip source: x.x.x.x    ip destination: x.x.x.x
    src port: 6667    dest port: 58737    protocol: 6    impact_flag:
0    blocked: 0

Packet
    sensor id: 0    event id: 24    event second: 0
    packet second: 0    packet microsecond: 0
    linktype: 1    packet_length: 101


I'm using a version of PF_RING checked out from the svn repo last Thursday, Snort 2.9.2.2 and
daq 0.6.2. Has anyone else on list had this issue? 

Any guidance that you can provide will be greatly appreciated.

Best,

Bob

-- 
Bob Rotsted

Network Security Analyst
Portland State University
Desk: 503-725-6215
Cell: 503-208-6575
314B D581 A8CD E28A A690 7E9D 5B43 4B28 0EB6 A21A


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!