[Oisf-users] Log entry timestamp question
Peter Manev
petermanev at gmail.com
Tue Mar 13 07:25:16 UTC 2018
On Fri, Dec 29, 2017 at 3:24 PM, Steve Castellarin
<steve.castellarin at gmail.com> wrote:
> Hey Mike,
>
> Thanks for the link. I've had the Napatech configuration now for a couple
> years, plus. I did double check my NTSERVICE.ini file and do see the
> TimeSyncReferencePriority setting to "OSTime" as noted on the page. I did
> open a ticket with Napatech about the millisecond question, and they
> believed it was a Suricata issue and possibly upgrading to 4.x (I was
> previously running 3.1.1) would resolve the issue. So far no luck.
>
Did you mange to get it working as expected?
> On Fri, Dec 29, 2017 at 9:15 AM, Michael Stone <mstone at mathom.us> wrote:
>>
>> On Thu, Dec 28, 2017 at 03:59:55PM -0700, James Moe wrote:
>>>
>>> No. There is a feature request
>>> <https://redmine.openinfosecfoundation.org/issues/1469> that addresses
>>> this issue.
>>
>>
>> That's something different. I think the timestamp weirdness (bogus
>> milliseconds) is an artifact of the napatech cards. (Ironically, because
>> they support high precision timestamping.) Steve, did you follow the
>> instructions at
>> http://suricata.readthedocs.io/en/latest/capture-hardware/napatech.html
>> (specifically, the part about TimeSyncReferencePriority)?
>>
>> Mike Stone
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list