New Conundrum

[Kevin Brown <Kevin.M.Brown () asu edu>]

Got a new little thing I found.  I just finished putting that Netra T1 into
place to begin testing.  I have it logging to the same database as the PII
450 that was out there.  I went looking through the database to verify that
it is indeed logging and found that the timestamp for the events being
logged by the Sun box are 5 days behind today (5/4/2001).  I discovered this
by just doing a "select timestamp from event where cid = <count of rows>;".

The box has the following on it.
Solaris 8
psql 7.0.3 (for the shared libs to send data to a remote sql box)
snort 1.8b4 (build 14)

running date returns the following: Wed May  9 15:58:05 MST 2001
which is only off by a minute or less from current local time.

The linux box that had been there (PII 450) last logged a packet at 10:44AM,
Wed May 9 which is the time that I shut it down to put the Sun in its place.

getting the timestamp from the event table for the last logged alert gets
me: 2001-05-04 18:57:27-07

Anyone have any idea why the time is so far off from current?

Begin Geek Code;
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c
^=(
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%
16
-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$
h
=5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval