Re: How to keep sensors in sync using NTP?

[Jérôme Tytgat <j.tytgat () energis fr>]

Are you using snort with the option : snort -O ?

snort -U stores local alert in UTC time, this may be the problem.


----- Original Message -----
From: "Bruno Sicchieri" <bsicchieri () hotmail com>
To: <focus-ids () securityfocus com>
Sent: Tuesday, October 15, 2002 2:56 PM
Subject: How to keep sensors in sync using NTP?


> Hi all,
>
> I´ve just installed Snort, MySQL and ACID on Redhat7.3 following the Snort
> Installation Manual, by Steven J. Scott
> (http://home.earthlink.net/~sjscott007/)
>
> In one of the sections (Network Time Protocol - NTP) he explain how to
> keep accurate time on the sensors (Snort) without having to manually set
> the clocks, using NTP:
>
> 1) Editing the /etc/ntp.conf file and changing the server entry to reflect
> my timeserver and comment out the entry starting with "fudge"
> ------ntp.conf------
> server mytimeserver.com
> #fudge 127.127.1.0 stratum 10
> --------------------
>
> 2) # /etc/rc.d/init.d/ntpd start
> 3) # chkconfig ntpd on
>
> I´m using "ntp-4.1.1" and writing
> from "/usr/share/zoneinfo/America/Sao_Paulo" with "UTC=true"
> in /etc/sysconfig/clock file.
>
> Everything looks OK but the sensors stay 2 hours in advance. I already
> read the NTP manual but I still can´t figure out what is happen.
>
> Anyone could help please?
>
> Thanks, Bruno.