[Snort-users] Event second in unified2

beenph beenph at ...11827...
Sun Jun 9 23:26:59 EDT 2013


On Sun, Jun 9, 2013 at 9:13 PM, waldo kitty <wkitty42 at ...14940...> wrote:
> On 6/9/2013 20:22, SnortFan wrote:
>> Hi everyone,
>> How do you convert the event second in the U2SpewFoo output to a real date and
>> time? I'm having an issue with a sensor that appears to be reporting info into
>> base as one month prior to when its happening. The sensors servers date and time
>> are correct, so I'm trying to see if its snort or barnyard that is miss
>> configured. Has anyone had this issue before and if so what was the cause for you?
>
> please post a valid entry from your output that is not being converted properly...
>

 perl -e 'use POSIX qw(strftime); my $ze_time = XXXXXXXXX ; my
$conv_time = strftime "%a %b %e %H:%M:%S %Y",localtime($ze_time) ;
print  "$conv_time\n";'

Replace XXXXXXXX by utc timestamp.

binf at ...16396...:~# perl -e 'use POSIX qw(strftime); my $ze_time =
1324954597 ; my $conv_time = strftime "%a %b %e %H:%M:%S
%Y",localtime($ze_time) ; print  "$conv_time\n";'
Mon Dec 26 21:56:37 2011
binf at ...16396...:~#

-elz




More information about the Snort-users mailing list