[Snort-users] Configuring Barnyard with Bleeding threat rules

Paul Melson pmelson at ...11827...
Wed Jul 25 09:31:55 EDT 2007


> Thank you for your help, I am now getting the correct alert information
via the BASE console. However, 
> now I am having an issue with an incorrect time stamp for the alerts being
generated with Barnyard. The 
> time stamp is off by about four hours. I have verified the time on my
Snort box with the date command 
> and everything is correct. Also, I ran Snort without Barnyard to see if
the alerts would have the 
> correct time stamp and they did. So it seems as if Barnyard is providing
me with an incorrect time 
> stamp. Did you guys ever come across an issue like this?

I ran into this problem when using Snort with the -t switch (chroot to
directory) which was preventing it from getting correct time zone data.
Adding:

export TZ="America/Detroit"

to my startup script fixed the problem.  (Obviously, use your local time
zone, not mine.)

PaulM





More information about the Snort-users mailing list