RE: You caught them, what next?

["L. Christopher Luther" <CLuther () Xybernaut com>]

The issue, for me at least, it not *which* TZ Snort or my web server log
their data but whether the logs show the TZ information.  I've not looked at
Snort's '-U' parameter, but unless the output includes 'TZ=xxx' information
it's a moot point.  



-----Original Message-----
From: Jason Haar [mailto:Jason.Haar () trimble co nz]
Sent: Wednesday, April 02, 2003 8:58 PM
To: Snort-Users (E-mail)
Subject: Re: [Snort-users] You caught them, what next?


On Wed, Apr 02, 2003 at 05:41:42PM -0500, Brei, Matt wrote:
> How do you set Snort to GMT?

Have you looked at the output of "snort -h"?

        -U         Use UTC for timestamps


Ta Da!


...unless your question is "how do I set syslog to GMT?". In which case
either run syslog-ng (my choice) as it allows you to format the hell out of
your syslog records, or just set your IDS clock to UTC and make sure it's
got NTP running.

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users