[Snort-users] Capturing packets with daemonlogger using GMT as a timestamp

Richard Bejtlich taosecurity at ...11827...
Fri Nov 4 21:41:09 EDT 2011


Hello,

Do you recognize that timestamps in Libpcap traces are stored in Unix
epoch time?  So, whatever you're using to read the trace is rendering
the time as localtime.

Sincerely,

Richard

On Wed, Nov 2, 2011 at 1:21 PM, carlopmart <carlopmart at ...11827...> wrote:
> Hi all,
>
>  Due to recently problems with sguil frontend related to daemonlogger,
> I need to capture packets using GMT as timestamp. I have tried to
> include this variable in the script who launches daemonlogger:
>
> TZ=GMT
> export TZ
>
>  ... but daemonlogger continues using localtime as a timestamp. How can
> I do to use GMT as a timestamp for daemonlogger??
>
> Thanks.
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
> ------------------------------------------------------------------------------
> RSA® Conference 2012
> Save $700 by Nov 18
> Register now!
> http://p.sf.net/sfu/rsa-sfdev2dev1
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>




More information about the Snort-users mailing list