[Snort-users] Snort > mysql > acid - timestamp troubles

Rose, Jerry L SAJ Contractor Jerry.L.Rose at ...3923...
Wed May 29 17:41:01 EDT 2002


Here's the problem. I've got alerts being logged 
with timestamps later than the current time (approx. 
4 hours into the future). I'm running ntpd on all 
three servers. I've run the "date" command on all 
three servers to visually verify the proper date 
and time is set on all three servers. I've cranked 
up "#snort -v" then "ctrl-c" and the timestamps are 
correct on standard out.

Here's some server specific info...
+++++++++++++++++++++++++++++++++++++++++++++++
I'm running a.....
LINUX RH 7.2 NIDS sensor running
Snort Version 1.8.6 (Build 105)

that is writing alerts to a.....
LINUX RH 7.2 mysql server
VERSION 3.23.49a

that is serving data to a.....
LINUX RH 7.2 apache server
version 1.3.22
PHP 4.2.0
gd-1.8.4
adodb Library for PHP4
phplot-4.4.6
+++++++++++++++++++++++++++++++++++++++++++++++

Here's a couple of query results to illustrate my problem.
Notice the timestamps...
======================================================
mysql> select * from event;
<<<<< many cut lines >>>>>
|   1 | 12263 |        11 | 2002-05-29 18:09:54 |
|   1 | 12264 |        11 | 2002-05-29 18:09:54 |
|   1 | 12265 |        11 | 2002-05-29 18:09:54 |
|   1 | 12266 |        38 | 2002-05-29 18:10:10 |
|   1 | 12267 |        11 | 2002-05-29 18:18:46 |
|   1 | 12268 |        11 | 2002-05-29 18:18:46 |
+-----+-------+-----------+---------------------+
11761 rows in set (0.05 sec)

mysql> SELECT VERSION(); SELECT NOW();
+-----------+
| VERSION() |
+-----------+
| 3.23.49a  |
+-----------+
1 row in set (0.00 sec)

+---------------------+
| NOW()               |
+---------------------+
| 2002-05-29 14:27:30 |
+---------------------+
1 row in set (0.00 sec)

mysql>
======================================================
The now time is "2002-05-29 14:27:30" but 
the last logged alert time is "2002-05-29 18:18:46". 

Any ideas would be greatly appreciated.

Thanks,
Jerry Rose
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020529/0427b378/attachment.html>


More information about the Snort-users mailing list