Time used by snort

["Geoff Craig" <GCraig () quilogy com>]

Hello all,

I am using what I feel is a pretty straightforward Snort install on
Windows 2000.  The command I use to start Snort is:

C:\snort\bin\snort.exe -c "C:\Snort\etc\snort.conf" -l "c:\snort" -i 1

The only things that added to the snort.conf file are mySQL output
plugin information, updated HOME_NET & RULE_PATH and enabled portscan
using $HOME_NET with 4 ports and a timeout of 15 and specified a log
file.

Right now I have 5 Snort boxes running in a lab to test hardware and
various configurations network wise.  What I am seeing is that even
though all 5 boxes are set to the same time zone when I view alerts
using ACID the timestamps are totally different.  One shows timestamps
that are -3 hours off, one shows timestamps +1 hour.  If I am not using
the -U switch to log to UTC time.  Does anyone have any insight as to
what the time issue is?  I forgot to mention that I am using different
versions.  Two are running 2.1.1 and three are running 1.9.1.  Still all
seem to be off of the local machine time by at least 15 minutes.

Thanks,

Geoff





-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users