Snort mailing list archives
RE: You caught them, what next?
From: <bmcdowell () coxhealthplans com>
Date: Thu, 3 Apr 2003 13:02:15 -0600
But I think the point being made was, that's not what they wanted to hear. Whether UTC or Central time, once you know what time zone the logs are in, you can adjust accordingly. I believe he said they wanted that information in the logs themselves. Presumably, so the investigator could look only at the logs and determine what time these things happened. Telling them the time zone used requires a separate piece of communication. Mostly, some people are just jerks and won't even look at an issue until you've re-invented the wheel to their satisfaction... -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Erek Adams Sent: Thursday, April 03, 2003 11:35 AM To: L. Christopher Luther Cc: Snort-Users (E-mail) Subject: RE: [Snort-users] You caught them, what next? On Thu, 3 Apr 2003, L. Christopher Luther wrote:
The issue, for me at least, it not *which* TZ Snort or my web server
log
their data but whether the logs show the TZ information. I've not
looked at
Snort's '-U' parameter, but unless the output includes 'TZ=xxx'
information
it's a moot point.
Actually, Jason is right on the money with this. UTC is UTC. It's not hard to say "Well, it happened at 12:00 UTC. So since I'm in EST that means that it's UTC - 0500 = 7:00 EST." Now if the abuse people there can't understand that, then you should call their manager and ask for their job since they are incompetent. ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: You caught them, what next?, (continued)
- Re: You caught them, what next? Michael Boman (Apr 04)
- RE: You caught them, what next? Drew Stockman (Apr 02)
- RE: You caught them, what next? L. Christopher Luther (Apr 02)
- RE: You caught them, what next? Brei, Matt (Apr 02)
- RE: You caught them, what next? L. Christopher Luther (Apr 02)
- RE: You caught them, what next? FWAdmin (Apr 02)
- RE: You caught them, what next? Brei, Matt (Apr 02)
- Re: You caught them, what next? Jason Haar (Apr 02)
- RE: You caught them, what next? L. Christopher Luther (Apr 03)
- RE: You caught them, what next? Erek Adams (Apr 03)
- RE: You caught them, what next? bmcdowell (Apr 03)
- Re: You caught them, what next? Jason Haar (Apr 03)