
<html>


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


</head>


<body text="#000000" bgcolor="#FFFFFF">


<p>I am testing Suricata IDS in a VirtualBox machine with Lubuntu installed.<br>


<br>


For example, Suricata is returning the alert:<br>


<br>


03/28/2019-<b>06</b>:27:08.325470  [**] [1:2100368:7] GPL ICMP_INFO PING BSDtype [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.1.3:8 -> 192.168.1.2:0<br>


<br>


However the timestamp is wrong. The correct timestamp is 03/28/2019-<b>10</b>:27:08.325470. I'm expecting the alert time to match the system time of the server</p>


<p><br>


</p>


<div class="moz-cite-prefix">Às 01:24 de 28/03/19, Jason Taylor escreveu:<br>


</div>


<blockquote type="cite" cite="mid:CAD1=aSHm3FENdawW_17m8qwxocufNsHeN0fetODxJ-Gf6RUX6g@mail.gmail.com">


<div dir="auto">


<div dir="auto">Can you give us some examples of alert output and then what you expect the time to be?</div>


<div dir="auto"><br>


</div>


<div dir="auto">Are you expecting the alert time to match the system time of the server running suricata?</div>


<div dir="auto"><br>


</div>


<div dir="auto">What type/manufacturer is the network card suricata is using?  Is the network card using hardware or software time-stamping?</div>


<div dir="auto"><br>


</div>


<div dir="auto">JT</div>


</div>


<br>


<div class="gmail_quote">


<div dir="ltr" class="gmail_attr">On Wed, Mar 27, 2019, 18:25 João Pedro <<a href="mailto:oladj@live.com.pt" moz-do-not-send="true">oladj@live.com.pt</a>> wrote:<br>


</div>


<blockquote class="gmail_quote" style="margin:0 0 0


          .8ex;border-left:1px #ccc solid;padding-left:1ex">


Hello.<br>


<br>


I'm struggling to adjust time in Suricata IDS. The suricata alerts are <br>


including a wrong timestamp.<br>


<br>


How can configure the time zone in Suricata?<br>


<br>


Thanks in advance.<br>


<br>


_______________________________________________<br>


Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank" rel="noreferrer" moz-do-not-send="true">


oisf-users@openinfosecfoundation.org</a><br>


Site: <a href="http://suricata-ids.org" rel="noreferrer


            noreferrer" target="_blank" moz-do-not-send="true">


http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer noreferrer" target="_blank" moz-do-not-send="true">


http://suricata-ids.org/support/</a><br>


List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer noreferrer" target="_blank" moz-do-not-send="true">


https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>


<br>


Conference: <a href="https://suricon.net" rel="noreferrer


            noreferrer" target="_blank" moz-do-not-send="true">


https://suricon.net</a><br>


Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer noreferrer" target="_blank" moz-do-not-send="true">


https://suricata-ids.org/training/</a></blockquote>


</div>


</blockquote>


</body>


</html>