[Snort-users] snort-acid timestamp problem...anyone ever fix this?
tschenz-snort-users at ...7018...
Tue Jan 14 00:07:01 EST 2003
> system clock is correct, but the timestamps are consistently off by 8
> hours. Even on the ACID main page, the "queried on" time shows up
As your mailer gives -0800 in your Date-Header I guess the times you
see are in UTC. There is a commandline option in snort "-U Use UTC for
timestamps", which can cause this.
Which command line options do you use? Do you use barnyard, as there is
an option "config localtime", which may cause timezone-"problems" too.
Generally it is not a bad idea to use UTC-times in timerelated
applications because you don't have any timewarps (daylight-saving).
Hope that helps,
More information about the Snort-users