Snort mailing list archives
Question..
From: Chris Keladis <Chris.Keladis () cmc cwo net au>
Date: Sun, 16 Sep 2001 16:13:58 +1000
Hi folks, I'm running many Snort sensors (some 1.8, some 1.8.1) across boxes all over the world in many different timezones. I also use Demarc 1.05-RC1 and it works well, except for one small annoyance. The time of the alerts appears to be local, and i'm seeing alerts from all sorts of time-zones in Demarc (even negatives), which makes it troublesome to ascertain when an event occured. I was wondering if the appropriate pre-processor could have an option to output alerts in Epoch ticks, and i could have the Demarc station convert it to local time, so i could get meaningfull events? (When i need to perform forensics i can always convert the time into local (to the sensor) and match it up with machine(s) logs, if need be). It's not an option to (re)set the time-zone of the sensors, as the machines serve other purposes as well, and need their local time to function correctly. I've also skimmed the FAQ to see if this has come up before but came up with nothing.. Anyone have any ideas/advice/pros/cons? Regards, Chris. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question.. Chris Keladis (Sep 15)