[Snort-users] Snort alert timestamp

Sean C Doherty seand at ...232...
Tue Aug 29 00:21:33 EDT 2000


Mike,

>
> I changed my gettimeofday() function to see if it fixes your time problem.
> URL: www.datanerds.net/~mike/dev/snort.exe
>
> Try this executable and let me know if it works or not.

I downloaded the new binary and tested:

Sorry, time not fixed yet (but almost).  Following is an alert I generated:

[**] IDS127 - TELNET - Login Incorrect [**]
08/28-20:07:31.215874 x.x.x.x:23 -> x.x.x.x:1277
TCP TTL:113 TOS:0x0 ID:43416  DF
*****PA* Seq: 0x2A48EC1E   Ack: 0x28EFB4   Win: 0x2228

Write time on the file in Explorer is 8/29/2000 12:06AM

8/29/2000 12:06AM is my current EST time.  The alert time is now only 2
hours behind my PC time (not 4 hours behind as before you did this fix)

Sean D


> -----Original Message-----
> From: Michael Davis [mailto:mike at ...92...]
> Sent: Monday, August 28, 2000 11:22 PM
> To: Sean C Doherty
> Subject: Re: session:printable works well
>
>
> Hey,
>
> I changed my gettimeofday() function to see if it fixes your time problem.
> URL: www.datanerds.net/~mike/dev/snort.exe
>
> Try this executable and let me know if it works or not.
>
> Thanks,
>
> > Mike,
> >
> > I am in EST. I checked my PC settings and I have correct time zone set,
> and
> > as an another check, all my email programs seem to be using the correct
> > time, and I know most of them use the time zone to fill the SMTP headers
> > correctly.
> >
> > Sean D
> >
> > > -----Original Message-----
> > > From: Michael Davis [mailto:mike at ...92...]
> > > Sent: Thursday, August 24, 2000 10:53 PM
> > > To: Sean C Doherty
> > > Subject: Re: session:printable works well
> > >
> > >
> > > Hey,
> > >
> > > > The timestamp on the alerts in alert.ids is 4 hours behind the
> > > time on my
> > > > PC.  Is there an environmental variable I need to set to
> > > indicate my time
> > > > zone or offset?  Not a big deal, but I am not sure what
> time zone is 4
> > > hours
> > > > behind EST, so can't describe it as GMT etc.  Any suggestions?
> > >
> > > What time zone are you in?  I am in central and it works
> perfectly fine.
> > >
> > > Let me know. Other have had this problem as well.
> > >
> > > Michael Davis
> > > Chief Technical Officer
> > > Data Nerds, LLC.
> > > http://www.datanerds.net
> > > > Sean D
> > > >
> > > >
> > > >
> > > >
> >
> >




More information about the Snort-users mailing list