You should see this in your barnyard.conf:
# use localtime instead of UTC (*not* recommended because of timewarps)
#config localtime
As the comment says, it's not recommended. Assuming you are living in
a TZ that uses daylight savings, at least once a year you could have
'issues' as you bounce back an hour.
Bammkkkk
On 8/10/05, Steve Sullam <steve@xxxxxxxxxxxxxxx> wrote:
> I am having a problem with the time stamp after installing barnyard. It
> now lists the time in UTC. When I was having snort handle the Output
> into mysql it was putting the correct local time.
> I'm using snort 2.3.2 and barnyard 0.2.0
> I have configured snort to log to snort.alert in /var/log/snort/
> I am starting barnyard using the following command.
>
> barnyard -c /etc/snort/barnyard.conf
> -d /var/log/snort -g /etc/snort/gen-msg.map
> -s /etc/snort/sid-msg.map -p classification.config -f snort.alert
>
>
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Barnyard-users mailing list
> Barnyard-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/barnyard-users
>
--
sguil - The Analyst Console for NSM
http://sguil.sf.net
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
|
