Snort mailing list archives

Previous By Date Next
Previous By Thread Next

No timestamp

From: Liviu Costea <liviu.costea () gmail com>
Date: Thu, 5 May 2016 22:45:47 +0300
Hello,
I'm running 2 VMs in a testing configuration . I've installed snort 2.9.8.2/daq 2.0.6-2 on one VM so the traffic is forwarded to the secondary VM(web/mail server) and analyzed by Snort. I also have barnyard2/base installed to check the snort logs. Everything works fine , with one exception: No timestamp for the packages in snort log: 

[root@snort snort]# u2spewfoo snort_alerts.log.1462475823

(Event)
    sensor id: 0    event id: 1 *event second: 0    event microsecond: 0*
    sig id: 2016415    gen id: 1    revision: 1     classification: 3
    priority: 2    ip source: 145.24.33.5    ip destination: 10.1.0.1
src port: 65406 dest port: 80 protocol: 6 impact_flag: 32 blocked: 1 

Packet
    sensor id: 0    event id: 1    event second: 0
    packet second: 0    packet microsecond: 0
    linktype: 228    packet_length: 145
[    0] 45 00 00 91 43 74 40 00 34 06 7F DC 77 09 02 0C E...Ct@.4...w...
[   16] 0A 01 00 01 FF 7E 00 50 3B A0 7E 94 EB 69 67 F1 .....~.P;.~..ig.
 ...
In barnyard database all events are added with '1970-01-01 02:00:00' timestamp.
The problem persists on other output modules(alert_unified2/log_unified2/log_tcpdump/alert_fast). 

Any idea why I don't get a valid timestamp?

Thanks.







------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: