Re: snort-acid timestamp problem...anyone ever fix this?

[Jens Krabbenhoeft <tschenz-snort-users () noris net>]

Brian,

> system clock is correct, but the timestamps are consistently off by 8
> hours.  Even on the ACID main page, the "queried on" time shows up

As your mailer gives -0800 in your Date-Header I guess the times you
see are in UTC. There is a commandline option in snort "-U Use UTC for
timestamps", which can cause this. 

Which command line options do you use? Do you use barnyard, as there is
an option "config localtime", which may cause timezone-"problems" too.

Generally it is not a bad idea to use UTC-times in timerelated
applications because you don't have any timewarps (daylight-saving).

Hope that helps,
        Jens


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users