Patrick.Mullen at ...24...
Mon Jul 24 15:09:38 EDT 2000
> Following patch to spp_portscan.c will fix the incorrect time
> problem in portscan alerts:
> > timestamp - the portscan pre-processor is logging the correct time.
Anyway, for whatever reason SPP works, probably due to
line 1188 (in CVS) where I force logging to local time.
This will be configurable as soon as I deliver on the
mods I've been talking about. If anyone wants to log
in GMT before I finish config file support, run the
sed s/"timeFormat = tLOCAL"/"timeFormat = tGMT"/ < spp_portscan.c \
> spp_portscan.c.tmp; mv spp_portscan.c.tmp spp_portscan.c
and recompile. If you do the above successfully (meaning
neither you nor I made a typo and I didn't screw up the
syntax) let me know and I'll send you your prize. If you
do this on a Windows machine, I'll be even more impressed. ;)
I have always used syslogd for alerts. How are timestamps
handled when alerting elsewhere? Is the current system
time used (as I expect), or is a packet pointer required.
My thought was a packet pointer was only needed if the
contents were to be logged somewhere, but is that incorrect?
More information about the Snort-users