Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Events output timestamps mismatch?

From: Y M <snort () outlook com>
Date: Mon, 13 Oct 2014 15:58:02 +0000
We have a Snort instance that is configured to output both, syslog and unified2. For one particular event, Snort's 
unified2 record was timestamped a day (and couple hours) earlier than the timestamp of the same event output in syslog. 
For example,

Syslog output timestamp is    2014-10-13 04:37 PM
Unified2 output timestamp is  2014-10-12 10:45 AM

The box is reporting the correct date/time. We have a reason to believe that the event actually occurred as reported by 
syslog and not the day earlier, as reported by unified2. All of the events in the unified2 file prior to and after this 
particular event are timestamped properly with 2014-10-13 <time>.  

Did anybody come across something similar? I am going through every possible scenario that could have caused this but 
no luck.

Thanks.
                                          
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://p.sf.net/sfu/Zoho
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: