[Oisf-users] FW: alert timestamp

박경호 pgh5247 at naver.com
Mon Jul 10 01:54:06 UTC 2017

Hello all,
please help me the following email. 
-----Original Message-----
From: "박경호"<pgh5247 at naver.com> 
To: <oisf-users at lists.openinfosecfoundation.org>; 
Sent: 2017-07-05 (수) 17:38:05
Subject: alert timestamp
Hello all,
Until now,
i know to the timestamp in alert log(fast.log or eve.json) is same to the packet timestamp.
But both timestamps are different.
To be precise, both timestamps are same in some alert message and are different in some alert message.
in my test, they were same in alert message "ET POLICY Dropbox Client Broadcasting..." 
                they were different in "ET POLICY PE EXE or DLL Windows file download HTTP..."
Doesn't it mean the timestamp in the packet for the timestamp in alert log file ?
If you want to pcap file to test, you can download the pcap file.(https://drive.google.com/open?id=0B4Mdb8bpuRlnU0pkZ002WWVFdFk​)
please explain to me..
thanks in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170710/79aca2f5/attachment-0002.html>

More information about the Oisf-users mailing list