Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Stuart Underhill (stuartunderhillhotmail.com)
Date: Thu Feb 07 2002 - 02:58:43 CST
I am currently configuring several Win2k Pro based Snort sensors for
placement a key locations in our network.
Having followed the instructions from Silicon Defense, for Win32 Snort 1.8.3
with MySQL/IIS/ACID, all appeared to be well and alerts are captured to the
However, when reviewing the alerts (via ACID or direct from the MySQL DB) I
notice that the datestamps do not reflect the time that the alert was
generated. It appears to increment the time stamp by some random amount. For
example, starting a run of approx 100 large ping attempts at a host - the
first alerts was logged at 14:00 5th Feb 2002, the last alert had a
timestamp of something like 06:00 6th Feb 2002 - all for an event which
lasted a couple of minutes.
I since left the scanner running overnight to be presented with the last
alert logged with a date in April 2002 !!
I tried adding a second hard disk to the machine and moving the MySQL DB and
Snort to the new drive away from W2k and the swapfile. But this has not
Has anybody experienced this behaviour before, or have any suggestion of how
to rectify this??
Thanks in advance
Join the world’s largest e-mail service with MSN Hotmail.
Snort-users mailing list
Go to this URL to change user options or unsubscribe:
Snort-users list archive: