Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Anyone else seen this?

From: Kevin Brown <Kevin.M.Brown () asu edu>
Date: Mon, 18 Jun 2001 13:38:51 -0700
I guess from the lack of response that I'm the only one who is having this
problem with snort, or does snort log based on the time the packet has
stored in it and from that I'm getting the weird data (like Alerts from the
year 2041).

-----Original Message-----
From: Kevin Brown [mailto:Kevin.M.Brown () asu edu]
Sent: Thursday, June 14, 2001 15:43
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Anyone else seen this?


I currently have just one sensor on the network (that I control) logging to
a Postgresql (7.1) database.  I have been noticing that the dates being put
in the database do not always correspond with the actual time and was
wondering if anyone else is having this problem.

Running:
-*> Snort! <*-
Version 1.8-beta5 (Build 24)
on Solaris 8 (Netra T1 AC200, 500MHz Sparc)

Remote Database, Postgresql 7.1 running on RH6.2 kernel 2.2.16
Schema 102
Acid .9.6b10

Attached is a sampling of the output from the following SQL queries

snort=# select sid,cid,timestamp from event ORDER BY timestamp DESC;
snort=# select sid,cid,timestamp from event ORDER BY cid DESC;

Any help would be much appreciated.

Begin Geek Code;
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c
^=(
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%
16
-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$
h
=5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: