[Snort-users] You caught them, what next?

bmcdowell at ...7861... bmcdowell at ...7861...
Thu Apr 3 11:12:40 EST 2003


But I think the point being made was, that's not what they wanted to
hear.  Whether UTC or Central time, once you know what time zone the
logs are in, you can adjust accordingly.  I believe he said they wanted
that information in the logs themselves.  Presumably, so the
investigator could look only at the logs and determine what time these
things happened.  Telling them the time zone used requires a separate
piece of communication.

Mostly, some people are just jerks and won't even look at an issue until
you've re-invented the wheel to their satisfaction...

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Erek Adams
Sent: Thursday, April 03, 2003 11:35 AM
To: L. Christopher Luther
Cc: Snort-Users (E-mail)
Subject: RE: [Snort-users] You caught them, what next?


On Thu, 3 Apr 2003, L. Christopher Luther wrote:

> The issue, for me at least, it not *which* TZ Snort or my web server
log
> their data but whether the logs show the TZ information.  I've not
looked at
> Snort's '-U' parameter, but unless the output includes 'TZ=xxx'
information
> it's a moot point.

Actually, Jason is right on the money with this.  UTC is UTC.  It's not
hard to say "Well, it happened at 12:00 UTC.  So since I'm in EST that
means that it's UTC - 0500 = 7:00 EST."  Now if the abuse people there
can't understand that, then you should call their manager and ask for
their job since they are incompetent.

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list