[Oisf-users] Log entry timestamp question
Steve Castellarin
steve.castellarin at gmail.com
Thu Mar 15 13:10:24 UTC 2018
Hey Peter,
Sorry - yes the timestamps are still showing the pattern of
2018-03-15T06:45:27.000001-0400, etc.
Steve
On Thu, Mar 15, 2018 at 9:06 AM, Peter Manev <petermanev at gmail.com> wrote:
> On Tue, Mar 13, 2018 at 1:23 PM, Steve Castellarin
> <steve.castellarin at gmail.com> wrote:
> > Hi Peter, no the timestamps are still not showing the microseconds - no
> > matter what I change in the Napatech configuration.
> >
>
> Not showing microseconds or still showing only the pattern (if i
> understood correctly what you mentioned earlier ) -
> yyyy-mm-ddThh:mm:ss.000001-0500
> ?
>
> As they do show up as expected at least in the test set ups (this one
> below is with an Intel NIC) -
> "timestamp":"2018-03-15T11:22:43.869423+0100"
> "timestamp":"2018-03-15T11:22:43.923182+0100"
> "timestamp":"2018-03-15T11:22:46.677016+0100"
> "timestamp":"2018-03-15T11:23:02.030184+0100"
> "timestamp":"2018-03-15T11:23:09.378716+0100"
>
>
> > Steve
> >
> > On Tue, Mar 13, 2018, 3:25 AM Peter Manev <petermanev at gmail.com> wrote:
> >>
> >> On Fri, Dec 29, 2017 at 3:24 PM, Steve Castellarin
> >> <steve.castellarin at gmail.com> wrote:
> >> > Hey Mike,
> >> >
> >> > Thanks for the link. I've had the Napatech configuration now for a
> >> > couple
> >> > years, plus. I did double check my NTSERVICE.ini file and do see the
> >> > TimeSyncReferencePriority setting to "OSTime" as noted on the page. I
> >> > did
> >> > open a ticket with Napatech about the millisecond question, and they
> >> > believed it was a Suricata issue and possibly upgrading to 4.x (I was
> >> > previously running 3.1.1) would resolve the issue. So far no luck.
> >> >
> >>
> >> Did you mange to get it working as expected?
> >>
> >>
> >> > On Fri, Dec 29, 2017 at 9:15 AM, Michael Stone <mstone at mathom.us>
> wrote:
> >> >>
> >> >> On Thu, Dec 28, 2017 at 03:59:55PM -0700, James Moe wrote:
> >> >>>
> >> >>> No. There is a feature request
> >> >>> <https://redmine.openinfosecfoundation.org/issues/1469> that
> addresses
> >> >>> this issue.
> >> >>
> >> >>
> >> >> That's something different. I think the timestamp weirdness (bogus
> >> >> milliseconds) is an artifact of the napatech cards. (Ironically,
> >> >> because
> >> >> they support high precision timestamping.) Steve, did you follow the
> >> >> instructions at
> >> >> http://suricata.readthedocs.io/en/latest/capture-hardware/
> napatech.html
> >> >> (specifically, the part about TimeSyncReferencePriority)?
> >> >>
> >> >> Mike Stone
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> >> > Site: http://suricata-ids.org | Support:
> >> > http://suricata-ids.org/support/
> >> > List:
> >> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >> >
> >> > Conference: https://suricon.net
> >> > Trainings: https://suricata-ids.org/training/
> >>
> >>
> >>
> >> --
> >> Regards,
> >> Peter Manev
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180315/886f21e8/attachment-0002.html>
More information about the Oisf-users
mailing list