[Snort-users] You caught them, what next?

L. Christopher Luther CLuther at ...6333...
Thu Apr 3 08:58:41 EST 2003

The issue, for me at least, it not *which* TZ Snort or my web server log
their data but whether the logs show the TZ information.  I've not looked at
Snort's '-U' parameter, but unless the output includes 'TZ=xxx' information
it's a moot point.  

-----Original Message-----
From: Jason Haar [mailto:Jason.Haar at ...294...]
Sent: Wednesday, April 02, 2003 8:58 PM
To: Snort-Users (E-mail)
Subject: Re: [Snort-users] You caught them, what next?

On Wed, Apr 02, 2003 at 05:41:42PM -0500, Brei, Matt wrote:
> How do you set Snort to GMT?

Have you looked at the output of "snort -h"?

        -U         Use UTC for timestamps

Ta Da!

...unless your question is "how do I set syslog to GMT?". In which case
either run syslog-ng (my choice) as it allows you to format the hell out of
your syslog records, or just set your IDS clock to UTC and make sure it's
got NTP running.


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030403/08fc1e89/attachment.html>

More information about the Snort-users mailing list