[Snort-devel] MySQL timestamp vs timezone

Ondrej Suchy ondrej.suchy at ...1190...
Thu Mar 14 14:30:05 EST 2002


there seems to be a little timezone related problem with MySQL output
plugin. Maybe it has been already addressed, the problem may be
elsewhere and I didn't investigate it much further so I may be
completely wrong - in that case please forgive me. But anyway..

I'm running a couple of snort sensors in different timezones. The
sensors are all logging to one MySQL database host.

Each event contains sensors local timestamp when sending alert to
database host. And this is the problem - when postprocessing the alerts
I have no direct way to know what timezone belongs to particular event
without storing additional information somewhere.

It may be considered to either:
- send timezone along with event (but changing database format really
  isn't good thing)
- leaving timestamp field null so MySQL will supply local one
  converting all events to database host local time automatically.

Other output plugins may have the same problem.

Just my two cents...

Best regards,
  Ondrej Suchy

Ondrej Suchy
e-mail: ondrej.suchy at ...1190...

More information about the Snort-devel mailing list