[Snort-users] Bug with timestamp. Snort 1.8 and FreeBSD and ACID
borjam at ...778...
Tue Jun 19 06:48:15 EDT 2001
I'm using Snort 1.8, got from the CVS on June 13th,
under FreeBSD 4.3, and ACID 9.6b10.
There is a problem with the timestamp. It is a common practice to keep the
system clock with the UTC time, having the system configured for the timezone
where you live. In my case, I am in CET, which is UTC+1; with the summer
time, it is CEST, UTC+2.
WHen I generate an alert, it is correctly timestamped in the "alert" file,
but in the Acid logs it has an incorrect time, which, curiously, is 2 plus
the correct time.
(from the alert log)
06/19-12:32:37.558494 X.Y.Z.T:1674 -> A.B.C.D:111
06/19-12:32:39.393530 X.Y.Z.T:1678 -> A.B.C.D:111
(The same pasted from Acid)
#0-(1-3310) [arachNIDS] RPC portmap request rstatd 2001-06-19 14:32:39+02
[arachNIDS] RPC portmap request rstatd 2001-06-19 14:32:37+02
More information about the Snort-users