Home page logo
/

snort logo Snort mailing list archives

Re: Explain unified2 Output
From: Peter Bates <peter.bates () ucl ac uk>
Date: Fri, 31 May 2013 09:07:44 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 31/05/2013 05:26, sumitkamboj88 () gmail com wrote:
Below is output of snort log using unified2.

(IPv6 Event)
    sensor id: 0    event id: 7    event second: 1369738500    event

I do not have any clue about event second and event microsecond. Can any
one explain what these two representing. Is it combination of year, month,
day, hour,second or anything else. Please help to understand both.

It's in Unix epoch time - the event second above is - 11:55:00-2013/05/28

The following ropy Perl will decode it:

#!/usr/bin/perl
$time = @ARGV[0];
die "Usage: $0 <time>\n" unless @ARGV==1;

($seconds, $minutes, $hours, $day_of_month, $month, $year,
    $wday, $yday, $isdst) = localtime($time);
printf("Dateline: %02d:%02d:%02d-%04d/%02d/%02d\n",
    $hours, $minutes, $seconds, $year+1900, $month+1,
    $day_of_month);

Although whatever you read the u2 logs into will interpret the value for you.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division         Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRqFpQAAoJELhVoVpEMS6RqT4H/ij40L1cGNNmHg7oBN7FTwhI
4OCAYiGopF6jwHVNBEgRXHyUUPVxLoNru/aOn3laEl5g9y1veEqIYzg/6ZamROL+
Y+pPfU88Xr1I1eoM1hODfOSAJ0uke2FyIFL3JU1fTbCwIuGDKZfhKSxVszYZXSkc
YW9bhLXDe4/v4BrTZqO4NNg/pUNcg0bC2C1CjZYBqCUC5DmQDOeXb9uX5u3BWlsq
OsHQQiLdRyarpENwz2ScB9KCl7VI7ZiXKjpIuJE27nO6TBWVv7mdS2PvhXPxTmb/
9tsDIDN7s39cEE49/BF6qvQKw/A02+yQnTMXcRHUNwTPkf/4WOcy+DpLFAZrp2E=
=LJUH
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]