
<div dir="auto">Hi Peter, no the timestamps are still not showing the microseconds - no matter what I change in the Napatech configuration.<div dir="auto"><br></div><div dir="auto">Steve</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Mar 13, 2018, 3:25 AM Peter Manev <<a href="mailto:petermanev@gmail.com">petermanev@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Fri, Dec 29, 2017 at 3:24 PM, Steve Castellarin<br>

<<a href="mailto:steve.castellarin@gmail.com" target="_blank" rel="noreferrer">steve.castellarin@gmail.com</a>> wrote:<br>

> Hey Mike,<br>

><br>

> Thanks for the link.  I've had the Napatech configuration now for a couple<br>

> years, plus.  I did double check my NTSERVICE.ini file and do see the<br>

> TimeSyncReferencePriority setting to "OSTime" as noted on the page.  I did<br>

> open a ticket with Napatech about the millisecond question, and they<br>

> believed it was a Suricata issue and possibly upgrading to 4.x (I was<br>

> previously running 3.1.1) would resolve the issue.  So far no luck.<br>

><br>

<br>

Did you mange to get it working as expected?<br>

<br>

<br>

> On Fri, Dec 29, 2017 at 9:15 AM, Michael Stone <<a href="mailto:mstone@mathom.us" target="_blank" rel="noreferrer">mstone@mathom.us</a>> wrote:<br>

>><br>

>> On Thu, Dec 28, 2017 at 03:59:55PM -0700, James Moe wrote:<br>

>>><br>

>>>  No. There is a feature request<br>

>>> <<a href="https://redmine.openinfosecfoundation.org/issues/1469" rel="noreferrer noreferrer" target="_blank">https://redmine.openinfosecfoundation.org/issues/1469</a>> that addresses<br>

>>> this issue.<br>

>><br>

>><br>

>> That's something different. I think the timestamp weirdness (bogus<br>

>> milliseconds) is an artifact of the napatech cards. (Ironically, because<br>

>> they support high precision timestamping.) Steve, did you follow the<br>

>> instructions at<br>

>> <a href="http://suricata.readthedocs.io/en/latest/capture-hardware/napatech.html" rel="noreferrer noreferrer" target="_blank">http://suricata.readthedocs.io/en/latest/capture-hardware/napatech.html</a><br>

>> (specifically, the part about TimeSyncReferencePriority)?<br>

>><br>

>> Mike Stone<br>

><br>

><br>

><br>

> _______________________________________________<br>

> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank" rel="noreferrer">oisf-users@openinfosecfoundation.org</a><br>

> Site: <a href="http://suricata-ids.org" rel="noreferrer noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>

> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

><br>

> Conference: <a href="https://suricon.net" rel="noreferrer noreferrer" target="_blank">https://suricon.net</a><br>

> Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer noreferrer" target="_blank">https://suricata-ids.org/training/</a><br>

<br>

<br>

<br>

--<br>

Regards,<br>

Peter Manev<br>

</blockquote></div>