Snort mailing list archives
RE: Time off in MySql database
From: "Hutchinson, Andrew" <Andrew.Hutchinson () Vanderbilt edu>
Date: Thu, 29 Aug 2002 08:20:10 -0500
Not sure what OS you're running, but is it possible that the machines are configured for different timezones? I use redhat generally (please direct all flames to /dev/null...), and you can check the timezone configuration in /etc/sysconfig/clock. They have a little ncurses app called "timeconfig" that lets you change your config. I'd check that first. Just as a suggestion (again, see above for flame redirection instructions), I like to run all of my servers using UTC. Once you get used to the mental correction for local time, it makes things much easier. I don't ever have to adjust for Daylight Savings, and if I need to tell somebody when an event took place, it is very easy - it doesn't matter if they're in Abilene or Abu Dhabi, Zulu time is the same the whole world 'round. Andrew -----Original Message----- From: Chuck Curto [mailto:Chuck.Curto () tmcaz com] Sent: Wednesday, August 28, 2002 10:26 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Time off in MySql database I have many Snort sensors dumping their logs into one IDS manager. The Snort sensors are on RedHat Linux computers and the IDS Manager is also a RedHat Linux computer running Apache, MySql, and Acid. The time on all the sensors and the manager are the same (I'm using NTP), and when I bring up the main screen of Acid the "Queried on" date is correct. The problem I'm having is when I open up any alert detail. The date and time on the alerts are off and they're not all off the same amount. When I look at the "data" table in MySql, the dates and times are off in there. I know Acid is just showing what's in the MySql database but I can't figure out why the date and time is off. I can't figure out if it's the sensors or the IDS manager that's causing the problem but the data isn't as useful to me if the date and time isn't correct. Any suggestions? Chuck ------------------------------------------------------- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Time off in MySql database Chuck Curto (Aug 28)
- <Possible follow-ups>
- RE: Time off in MySql database Hutchinson, Andrew (Aug 29)