Re: [Snort-users] Configuring Barnyard with Bleeding threat rules

From: Paul Melson <pmelson(at)gmail.com>
Date: Wed Jul 25 2007 - 09:31:55 EDT

> Thank you for your help, I am now getting the correct alert information
via the BASE console. However,
> now I am having an issue with an incorrect time stamp for the alerts being
generated with Barnyard. The
> time stamp is off by about four hours. I have verified the time on my
Snort box with the date command
> and everything is correct. Also, I ran Snort without Barnyard to see if
the alerts would have the
> correct time stamp and they did. So it seems as if Barnyard is providing
me with an incorrect time
> stamp. Did you guys ever come across an issue like this?

I ran into this problem when using Snort with the -t switch (chroot to directory) which was preventing it from getting correct time zone data. Adding:

export TZ="America/Detroit"

to my startup script fixed the problem. (Obviously, use your local time zone, not mine.)

PaulM

---

This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Wed Jul 25 09:31:12 2007