[Snort-devel] MySQL timestamp vs timezone
ondrej.suchy at ...1190...
Thu Mar 14 14:30:05 EST 2002
there seems to be a little timezone related problem with MySQL output
plugin. Maybe it has been already addressed, the problem may be
elsewhere and I didn't investigate it much further so I may be
completely wrong - in that case please forgive me. But anyway..
I'm running a couple of snort sensors in different timezones. The
sensors are all logging to one MySQL database host.
Each event contains sensors local timestamp when sending alert to
database host. And this is the problem - when postprocessing the alerts
I have no direct way to know what timezone belongs to particular event
without storing additional information somewhere.
It may be considered to either:
- send timezone along with event (but changing database format really
isn't good thing)
- leaving timestamp field null so MySQL will supply local one
converting all events to database host local time automatically.
Other output plugins may have the same problem.
Just my two cents...
e-mail: ondrej.suchy at ...1190...
More information about the Snort-devel