[Snort-users] snort-acid timestamp problem...anyone ever fix this?

Brian J. Smith-Sweeney bsweeney at ...7988...
Tue Jan 14 08:31:07 EST 2003

Wow, imagine that; the program's not broken, it's doing *EXACTLY* what I
told it to do.  I downloaded a startup script from somewhere, and didn't
realize it passed the -U switch to snort.  However, I'm now thinking I
may leave that in there, since there will most likely be situations
where I'm sending these logs overseas to other sys admins and it will
probably be easier to have us all translating from UTC than PST.  

Thanks for the help.

On Tue, 2003-01-14 at 00:06, Jens Krabbenhoeft wrote:
> Brian,
> > system clock is correct, but the timestamps are consistently off by 8
> > hours.  Even on the ACID main page, the "queried on" time shows up
> As your mailer gives -0800 in your Date-Header I guess the times you
> see are in UTC. There is a commandline option in snort "-U Use UTC for
> timestamps", which can cause this. 
> Which command line options do you use? Do you use barnyard, as there is
> an option "config localtime", which may cause timezone-"problems" too.
> Generally it is not a bad idea to use UTC-times in timerelated
> applications because you don't have any timewarps (daylight-saving).
> Hope that helps,
> 	Jens
> -------------------------------------------------------
> This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
> are you planning your Web Server Security? Click here to get a FREE
> Thawte SSL guide and find the answers to all your  SSL security issues.
> http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
Brian Smith-Sweeey
Senior Systems Administrator
University of California, Santa Barbara
Physics Department
bsweeney at ...7988...

More information about the Snort-users mailing list