[Snort-users] Bug with timestamp. Snort 1.8 and FreeBSD and ACID

Borja Marcos borjam at ...778...
Tue Jun 19 06:48:15 EDT 2001


	Hello,

	I'm using Snort 1.8, got from the CVS on June 13th,
under FreeBSD 4.3, and ACID 9.6b10.

	There is a problem with the timestamp. It is a common practice to keep the 
system clock with the UTC time, having the system configured for the timezone 
where you live. In my case, I am in CET, which is UTC+1; with the summer 
time, it is CEST, UTC+2.

	WHen I generate an alert, it is correctly timestamped in the "alert" file, 
but in the Acid logs it has an incorrect time, which, curiously, is 2 plus 
the correct time.

	An example:

(from the alert log)

06/19-12:32:37.558494 X.Y.Z.T:1674 -> A.B.C.D:111
06/19-12:32:39.393530 X.Y.Z.T:1678 -> A.B.C.D:111

(The same pasted from Acid)

#0-(1-3310) [arachNIDS] RPC portmap request rstatd 2001-06-19 14:32:39+02 

X.Y.Z.T:1678 
A.B.C.D:111 

UDP

#1-(1-3309) 

[arachNIDS] RPC portmap request rstatd 2001-06-19 14:32:37+02 
X.Y.Z.T:1674 
A.B.C.D:111 

UDP


	Any ideas?



	Best regards,




	Borja.




More information about the Snort-users mailing list