Re: TimeStamp and Conf File Fine Tunning Help

[Erek Adams <erek () snort org>]

On Mon, 17 Feb 2003, mike Hughes wrote:

> I got snort working finally...on the linux machine i re-installed everything
> and used the TAR package of snort. Im using WEBMIN and ACID to veiw the
> alerts and change settings from my windows machine from my LAN. I have 2
> questions maybe someone can help me on. First the timestamp on my alerts is
> wrong, I just pinged my machine from another machine and it showed 2:39 but
> the time was 6:49. Soo i went to MYSQL and ran this:

[...snip of snort.conf...]

> Here is my startup script. Do i use $INTERFACE variable in the script above
> or do i use $eth0_address to define my Internet Interface. Hwne it ask like:
>
> var EXTERNAL_NET $INTERFACE or $eth0_address  here is the SNORTD startup
> script.

var HOME_NET $eth0_ADDRESS
var EXTERNAL_NET !$HOME_NET

[...snip...]

>         daemon /usr/local/bin/snort -U -d -D \
>                 -c /etc/snort/snort.conf

[...snip...]

> From the ultra secret, uber leet, 0-day man page:

       -U     Changes the timestamp in all logs to be in UTC
:)

Thanks for posting your .conf and startup scripts.  That makes it a lot
easier to debug.  One suggestion for the next time:

        grep -v '^#' /etc/snort.conf | grep -v '^$'

Cuts down on a lot of clutter.  :)

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users