<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I am testing Suricata IDS in a VirtualBox machine with Lubuntu installed.<br>
<br>
For example, Suricata is returning the alert:<br>
<br>
03/28/2019-<b>06</b>:27:08.325470 [**] [1:2100368:7] GPL ICMP_INFO PING BSDtype [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.1.3:8 -> 192.168.1.2:0<br>
<br>
However the timestamp is wrong. The correct timestamp is 03/28/2019-<b>10</b>:27:08.325470. I'm expecting the alert time to match the system time of the server</p>
<p><br>
</p>
<div class="moz-cite-prefix">Às 01:24 de 28/03/19, Jason Taylor escreveu:<br>
</div>
<blockquote type="cite" cite="mid:CAD1=aSHm3FENdawW_17m8qwxocufNsHeN0fetODxJ-Gf6RUX6g@mail.gmail.com">
<div dir="auto">
<div dir="auto">Can you give us some examples of alert output and then what you expect the time to be?</div>
<div dir="auto"><br>
</div>
<div dir="auto">Are you expecting the alert time to match the system time of the server running suricata?</div>
<div dir="auto"><br>
</div>
<div dir="auto">What type/manufacturer is the network card suricata is using? Is the network card using hardware or software time-stamping?</div>
<div dir="auto"><br>
</div>
<div dir="auto">JT</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Mar 27, 2019, 18:25 João Pedro <<a href="mailto:oladj@live.com.pt" moz-do-not-send="true">oladj@live.com.pt</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello.<br>
<br>
I'm struggling to adjust time in Suricata IDS. The suricata alerts are <br>
including a wrong timestamp.<br>
<br>
How can configure the time zone in Suricata?<br>
<br>
Thanks in advance.<br>
<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank" rel="noreferrer" moz-do-not-send="true">
oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer
noreferrer" target="_blank" moz-do-not-send="true">
http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer noreferrer" target="_blank" moz-do-not-send="true">
http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer noreferrer" target="_blank" moz-do-not-send="true">
https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
Conference: <a href="https://suricon.net" rel="noreferrer
noreferrer" target="_blank" moz-do-not-send="true">
https://suricon.net</a><br>
Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer noreferrer" target="_blank" moz-do-not-send="true">
https://suricata-ids.org/training/</a></blockquote>
</div>
</blockquote>
</body>
</html>