Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Bug with timestamp. Snort 1.8 and FreeBSD and ACID

From: Borja Marcos <borjam () sarenet es>
Date: Tue, 19 Jun 2001 12:48:15 +0200

        Hello,

        I'm using Snort 1.8, got from the CVS on June 13th,
under FreeBSD 4.3, and ACID 9.6b10.

        There is a problem with the timestamp. It is a common practice to keep the 
system clock with the UTC time, having the system configured for the timezone 
where you live. In my case, I am in CET, which is UTC+1; with the summer 
time, it is CEST, UTC+2.

        WHen I generate an alert, it is correctly timestamped in the "alert" file, 
but in the Acid logs it has an incorrect time, which, curiously, is 2 plus 
the correct time.

        An example:

(from the alert log)

06/19-12:32:37.558494 X.Y.Z.T:1674 -> A.B.C.D:111
06/19-12:32:39.393530 X.Y.Z.T:1678 -> A.B.C.D:111

(The same pasted from Acid)

#0-(1-3310) [arachNIDS] RPC portmap request rstatd 2001-06-19 14:32:39+02 

X.Y.Z.T:1678 
A.B.C.D:111 

UDP

#1-(1-3309) 

[arachNIDS] RPC portmap request rstatd 2001-06-19 14:32:37+02 
X.Y.Z.T:1674 
A.B.C.D:111 

UDP


        Any ideas?



        Best regards,




        Borja.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: