[Oisf-users] Log entry timestamp question
Steve Castellarin
steve.castellarin at gmail.com
Fri Dec 29 14:24:03 UTC 2017
Hey Mike,
Thanks for the link. I've had the Napatech configuration now for a couple
years, plus. I did double check my NTSERVICE.ini file and do see the
TimeSyncReferencePriority
setting to "OSTime" as noted on the page. I did open a ticket with
Napatech about the millisecond question, and they believed it was a
Suricata issue and possibly upgrading to 4.x (I was previously running
3.1.1) would resolve the issue. So far no luck.
On Fri, Dec 29, 2017 at 9:15 AM, Michael Stone <mstone at mathom.us> wrote:
> On Thu, Dec 28, 2017 at 03:59:55PM -0700, James Moe wrote:
>
>> No. There is a feature request
>> <https://redmine.openinfosecfoundation.org/issues/1469> that addresses
>> this issue.
>>
>
> That's something different. I think the timestamp weirdness (bogus
> milliseconds) is an artifact of the napatech cards. (Ironically, because
> they support high precision timestamping.) Steve, did you follow the
> instructions at http://suricata.readthedocs.io
> /en/latest/capture-hardware/napatech.html
> (specifically, the part about TimeSyncReferencePriority)?
>
> Mike Stone
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171229/2353d827/attachment-0002.html>
More information about the Oisf-users
mailing list