[Snort-users] New Conundrum

Kevin Brown Kevin.M.Brown at ...1022...
Wed May 9 19:03:21 EDT 2001

Got a new little thing I found.  I just finished putting that Netra T1 into
place to begin testing.  I have it logging to the same database as the PII
450 that was out there.  I went looking through the database to verify that
it is indeed logging and found that the timestamp for the events being
logged by the Sun box are 5 days behind today (5/4/2001).  I discovered this
by just doing a "select timestamp from event where cid = <count of rows>;".

The box has the following on it.
Solaris 8
psql 7.0.3 (for the shared libs to send data to a remote sql box)
snort 1.8b4 (build 14)

running date returns the following: Wed May  9 15:58:05 MST 2001
which is only off by a minute or less from current local time.

The linux box that had been there (PII 450) last logged a packet at 10:44AM,
Wed May 9 which is the time that I shut it down to put the Sun in its place.

getting the timestamp from the event table for the last logged alert gets
me: 2001-05-04 18:57:27-07

Anyone have any idea why the time is so far off from current?

Begin Geek Code;
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72, at z=(64,72,$a^=12*($_%
-2?0:$m&17)),$b^=$_%64?12:0, at z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$
=5;$_=unxb24,join"", at b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
(($h>>=8)+=$f+(~$g&$t))for at ...1981...[128..$#a]}print+x"C*", at a}';s/x/pack+/g;eval
