[Snort-users] Time off in MySql database

Chuck Curto Chuck.Curto at ...3919...
Wed Aug 28 17:23:26 EDT 2002


I have many Snort sensors dumping their logs into one IDS manager. The Snort sensors are on RedHat Linux computers and the IDS Manager is also a RedHat Linux computer running Apache, MySql, and Acid. The time on all the sensors and the manager are the same (I'm using NTP), and when I bring up the main screen of Acid the "Queried on" date is correct.

The problem I'm having is when I open up any alert detail. The date and time on the alerts are off and they're not all off the same amount. When I look at the "data" table in MySql, the dates and times are off in there. I know Acid is just showing what's in the MySql database but I can't figure out why the date and time is off. I can't figure out if it's the sensors or the IDS manager that's causing the problem but the data isn't as useful to me if the date and time isn't correct.

Any suggestions?

Chuck




More information about the Snort-users mailing list