[Snort-users] snort-acid timestamp problem...anyone ever fix this?

Brian J. Smith-Sweeney bsweeney at ...7988...
Mon Jan 13 16:59:05 EST 2003


Hello all,

I'm new to the list, and subscribed due to a problem I'm having with
timestamps using snort/acid.  I saw the post below in the archives from
November, but no one seemed to have an answer, so I'm re-asking:  does
anyone know why the timestamps ACID would be reporting are wrong?  The
system clock is correct, but the timestamps are consistently off by 8
hours.  Even on the ACID main page, the "queried on" time shows up
right:

	Queried on  : Mon January 13, 2003 15:53:03

but the "time window" is off:
	
	Time window: [2003-01-13 23:16:53] - [2003-01-13 23:52:49]

Any guesses?

-Brian

-- 
========================================
Brian Smith-Sweeey
Senior Systems Administrator
University of California, Santa Barbara
Physics Department
bsweeney at ...7988...
(805)-893-8366
========================================

----------OLD POSTING------------------------

Date: Tue, 19 Nov 2002 11:08:26 -0400
      * From: "Alfredo Pizarro" <alfredopizarro at ...7989...>
      * To: "Bob DeBolt" <bob.debolt at ...7990...>
      * Subject: Re: [Snort-users] Problemes with Acid Timestamp


________________________________________________________________________
It's the same amount of time. (3 hours).
Redhat is set with America/Santiago (Chile) Time Zone.
Regards,
Alfredo
----- Original Message -----
From: "Bob DeBolt" <bob.debolt at ...2281...>
To: "Alfredo Pizarro" <alfredopizarro at ...7528...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Tuesday, November 19, 2002 9:47 AM
Subject: Re: [Snort-users] Problemes with Acid Timestamp




> Hello, i installed snort on linux box. It's recording fine but the
> timestamp in Acid is wrong. The linux's clock is correct but the timestamp
> on each record logged is incorrect.

How many hours, days minutes or seconds is it out. Is it the same
amount of time or does it fluctuate between logs.

Bob D



-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list