[Oisf-users] Log entry timestamp question
Steve Castellarin
steve.castellarin at gmail.com
Tue Mar 13 12:23:32 UTC 2018
Hi Peter, no the timestamps are still not showing the microseconds - no
matter what I change in the Napatech configuration.
Steve
On Tue, Mar 13, 2018, 3:25 AM Peter Manev <petermanev at gmail.com> wrote:
> On Fri, Dec 29, 2017 at 3:24 PM, Steve Castellarin
> <steve.castellarin at gmail.com> wrote:
> > Hey Mike,
> >
> > Thanks for the link. I've had the Napatech configuration now for a
> couple
> > years, plus. I did double check my NTSERVICE.ini file and do see the
> > TimeSyncReferencePriority setting to "OSTime" as noted on the page. I
> did
> > open a ticket with Napatech about the millisecond question, and they
> > believed it was a Suricata issue and possibly upgrading to 4.x (I was
> > previously running 3.1.1) would resolve the issue. So far no luck.
> >
>
> Did you mange to get it working as expected?
>
>
> > On Fri, Dec 29, 2017 at 9:15 AM, Michael Stone <mstone at mathom.us> wrote:
> >>
> >> On Thu, Dec 28, 2017 at 03:59:55PM -0700, James Moe wrote:
> >>>
> >>> No. There is a feature request
> >>> <https://redmine.openinfosecfoundation.org/issues/1469> that addresses
> >>> this issue.
> >>
> >>
> >> That's something different. I think the timestamp weirdness (bogus
> >> milliseconds) is an artifact of the napatech cards. (Ironically, because
> >> they support high precision timestamping.) Steve, did you follow the
> >> instructions at
> >> http://suricata.readthedocs.io/en/latest/capture-hardware/napatech.html
> >> (specifically, the part about TimeSyncReferencePriority)?
> >>
> >> Mike Stone
> >
> >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> > Conference: https://suricon.net
> > Trainings: https://suricata-ids.org/training/
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180313/e8555b06/attachment-0002.html>
More information about the Oisf-users
mailing list