Re: Time incorrect in BASE display?

[Paul Schmehl <pauls () utdallas edu>]

--On April 13, 2006 2:33:02 PM -0700 Michael Steele <michaels () winsnort com> 
wrote:

> I've had several reports from users stating they are seeing a +4 hour
> difference in the alerts viewed in the BASE console. They also state their
> BIOS and System time are set correctly.
This has little or no meaning.  What does "...time are set correctly" mean? 
Is the system clock set to UTC?  Or local time?  Does it account for dst? 
What timezone are they in?  Are they running snort with the -U option?  Are 
they using unified and/or alert log output?  Feeding directly to a 
database?  Using barnyard?

> It's either Snort pushing the wrong time out or BASE displaying the wrong
> time. Has anyone seen this type of behavior? Is their an adjustment that
> needs to be set?
I run unified log output from snort to barnyard to base.  All my logs and 
alerts are in UTC, and the time is correct.  The server runs ntpd to keep 
the time synched with an atomic clock and I've not noticed any problems 
with timestamps.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/

Attachment: _bin
Description: