[Snort-users] Broken timestamps?
rrotsted at ...15627...
Tue May 8 12:32:12 EDT 2012
I recently configured my Snort box to use PF_RING and the ixgb TNAPI
driver, it appears to be working correctly but Snort is logging '0' for
the timestamp on all alerts.
Below is an example --
sensor id: 0 event id: 24 event second: 0 event microsecond: 0
sig id: 2002027 gen id: 1 revision: 15 classification: 29
priority: 3 ip source: x.x.x.x ip destination: x.x.x.x
src port: 6667 dest port: 58737 protocol: 6 impact_flag:
0 blocked: 0
sensor id: 0 event id: 24 event second: 0
packet second: 0 packet microsecond: 0
linktype: 1 packet_length: 101
I'm using a version of PF_RING checked out from the svn repo last Thursday, Snort 184.108.40.206 and
daq 0.6.2. Has anyone else on list had this issue?
Any guidance that you can provide will be greatly appreciated.
Network Security Analyst
Portland State University
314B D581 A8CD E28A A690 7E9D 5B43 4B28 0EB6 A21A
More information about the Snort-users