[Snort-users] snort-acid timestamp problem...anyone ever fix this?

Jens Krabbenhoeft tschenz-snort-users at ...7018...
Tue Jan 14 00:07:01 EST 2003


> system clock is correct, but the timestamps are consistently off by 8
> hours.  Even on the ACID main page, the "queried on" time shows up

As your mailer gives -0800 in your Date-Header I guess the times you
see are in UTC. There is a commandline option in snort "-U Use UTC for
timestamps", which can cause this. 

Which command line options do you use? Do you use barnyard, as there is
an option "config localtime", which may cause timezone-"problems" too.

Generally it is not a bad idea to use UTC-times in timerelated
applications because you don't have any timewarps (daylight-saving).

Hope that helps,

More information about the Snort-users mailing list