[Snort-devel] MySQL timestamp vs timezone

Michael.Slifcak at ...1192... Michael.Slifcak at ...1192...
Thu Mar 14 15:26:03 EST 2002


It would be best for the sensor to issue UTC timestamp.

> -----Original Message-----
> From: Ondrej Suchy [mailto:ondrej.suchy at ...1190...]
> Sent: Thursday, March 14, 2002 5:29 PM
> To: snort-devel at lists.sourceforge.net
> Subject: [Snort-devel] MySQL timestamp vs timezone
> 
> 
> Hi,
> 
> there seems to be a little timezone related problem with MySQL output
> plugin. Maybe it has been already addressed, the problem may be
> elsewhere and I didn't investigate it much further so I may be
> completely wrong - in that case please forgive me. But anyway..
> 
> I'm running a couple of snort sensors in different timezones. The
> sensors are all logging to one MySQL database host.
> 
> Each event contains sensors local timestamp when sending alert to
> database host. And this is the problem - when postprocessing 
> the alerts
> I have no direct way to know what timezone belongs to particular event
> without storing additional information somewhere.
> 
> It may be considered to either:
> - send timezone along with event (but changing database format really
>   isn't good thing)
> - leaving timestamp field null so MySQL will supply local one
>   converting all events to database host local time automatically.
> 
> Other output plugins may have the same problem.
> 
> 
> Just my two cents...
> 
> Best regards,
>   Ondrej Suchy
> 
> --
> Ondrej Suchy
> e-mail: ondrej.suchy at ...1190...
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 




More information about the Snort-devel mailing list