[Snort-users] alerts with date of 1969

Nick White spacemky at ...11827...
Tue Oct 19 14:15:07 EDT 2004


On Tue, 19 Oct 2004 15:49:08 -0400, Matt Kettler <mkettler at ...4108...> wrote:
> At 01:19 PM 10/19/2004, Nick White wrote:
> >I'm running snort 2.2.0 on FreeBSD 5.2.1-RELEASE on sparc64 hardware.
> >Every time an alert gets logged, the date is from 1969. I've checked
> >the date from the server, and everything seems ok: # date
> >Tue Oct 19 10:16:09 PDT 2004
> 
> What kind of alert logging are you using? sql? syslog? fast? full? unified?
> unix socket?
> 
> The time output for each of these is implemented a bit differently.
> 
> fast and full both seem to use ts_print() from util.c.
> 
> Database outputs seem to use GetTimestamp() from plugbase.c
> 
> Unified seems to dump it in raw binary.
> 
> Syslog seems to not bother, relying on syslogd to add it.
> 
> 

I'm using:
output database: alert, mysql, log_null, user=snort dbname=snort host=localhost

So what are my options in getting the 1969 thing fixed? I've seen a
lot of theory and this and that, but no specific things I could try.

Thanks,
nw




More information about the Snort-users mailing list