AW: [Snort-users] Snort > mysql > acid - timestamp troubles

Poppi, Sandro Sandro.Poppi at ...3316...
Thu May 30 02:01:04 EDT 2002


Just a thought: Did you set the same timezone on all boxes? I ran into that
some time ago. With RedHat timeconfig should help.
 

HTH,

Sandro 

-----Ursprüngliche Nachricht-----
Von: Rose, Jerry L SAJ Contractor [mailto:Jerry.L.Rose at ...3923...]
Gesendet: Mittwoch, 29. Mai 2002 21:01
An: 'snort-users at lists.sourceforge.net'
Betreff: [Snort-users] Snort > mysql > acid - timestamp troubles



Here's the problem. I've got alerts being logged 
with timestamps later than the current time (approx. 
4 hours into the future). I'm running ntpd on all 
three servers. I've run the "date" command on all 
three servers to visually verify the proper date 
and time is set on all three servers. I've cranked 
up "#snort -v" then "ctrl-c" and the timestamps are 
correct on standard out. 

Here's some server specific info... 
+++++++++++++++++++++++++++++++++++++++++++++++ 
I'm running a..... 
LINUX RH 7.2 NIDS sensor running 
Snort Version 1.8.6 (Build 105) 

that is writing alerts to a..... 
LINUX RH 7.2 mysql server 
VERSION 3.23.49a 

that is serving data to a..... 
LINUX RH 7.2 apache server 
version 1.3.22 
PHP 4.2.0 
gd-1.8.4 
adodb Library for PHP4 
phplot-4.4.6 
+++++++++++++++++++++++++++++++++++++++++++++++ 

Here's a couple of query results to illustrate my problem. 
Notice the timestamps... 
====================================================== 
mysql> select * from event; 
<<<<< many cut lines >>>>> 
|   1 | 12263 |        11 | 2002-05-29 18:09:54 | 
|   1 | 12264 |        11 | 2002-05-29 18:09:54 | 
|   1 | 12265 |        11 | 2002-05-29 18:09:54 | 
|   1 | 12266 |        38 | 2002-05-29 18:10:10 | 
|   1 | 12267 |        11 | 2002-05-29 18:18:46 | 
|   1 | 12268 |        11 | 2002-05-29 18:18:46 | 
+-----+-------+-----------+---------------------+ 
11761 rows in set (0.05 sec) 

mysql> SELECT VERSION(); SELECT NOW(); 
+-----------+ 
| VERSION() | 
+-----------+ 
| 3.23.49a  | 
+-----------+ 
1 row in set (0.00 sec) 

+---------------------+ 
| NOW()               | 
+---------------------+ 
| 2002-05-29 14:27:30 | 
+---------------------+ 
1 row in set (0.00 sec) 

mysql> 
====================================================== 
The now time is "2002-05-29 14:27:30" but 
the last logged alert time is "2002-05-29 18:18:46". 

Any ideas would be greatly appreciated. 

Thanks, 
Jerry Rose 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020530/9370914c/attachment.html>


More information about the Snort-users mailing list