Hello,

        I'm using Snort 1.8, got from the CVS on June 13th,
under FreeBSD 4.3, and ACID 9.6b10.

        There is a problem with the timestamp. It is a common practice to keep the
system clock with the UTC time, having the system configured for the timezone
where you live. In my case, I am in CET, which is UTC+1; with the summer
time, it is CEST, UTC+2.

        WHen I generate an alert, it is correctly timestamped in the "alert" file,
but in the Acid logs it has an incorrect time, which, curiously, is 2 plus
the correct time.

        An example:

(from the alert log)

06/19-12:32:37.558494 X.Y.Z.T:1674 -> A.B.C.D:111
06/19-12:32:39.393530 X.Y.Z.T:1678 -> A.B.C.D:111

(The same pasted from Acid)

#0-(1-3310) [arachNIDS] RPC portmap request rstatd 2001-06-19 14:32:39+02

X.Y.Z.T:1678
A.B.C.D:111

UDP

#1-(1-3309)

[arachNIDS] RPC portmap request rstatd 2001-06-19 14:32:37+02
X.Y.Z.T:1674
A.B.C.D:111

UDP

        Any ideas?

        Best regards,

        Borja.

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]