[Snort-users] Broken timestamps?

Bob Rotsted rrotsted at ...15627...
Tue May 8 12:32:12 EDT 2012


I recently configured my Snort box to use PF_RING and the ixgb TNAPI
driver, it appears to be working correctly but Snort is logging '0' for
the timestamp on all alerts.

Below is an example --

(Event)
    sensor id: 0    event id: 24    event second: 0    event microsecond: 0
    sig id: 2002027    gen id: 1    revision: 15     classification: 29
    priority: 3    ip source: x.x.x.x    ip destination: x.x.x.x
    src port: 6667    dest port: 58737    protocol: 6    impact_flag:
0    blocked: 0

Packet
    sensor id: 0    event id: 24    event second: 0
    packet second: 0    packet microsecond: 0
    linktype: 1    packet_length: 101


I'm using a version of PF_RING checked out from the svn repo last Thursday, Snort 2.9.2.2 and
daq 0.6.2. Has anyone else on list had this issue? 

Any guidance that you can provide will be greatly appreciated.

Best,

Bob

-- 
Bob Rotsted

Network Security Analyst
Portland State University
Desk: 503-725-6215
Cell: 503-208-6575
314B D581 A8CD E28A A690 7E9D 5B43 4B28 0EB6 A21A





More information about the Snort-users mailing list