[Oisf-users] Suricata time&zone settings
jt
jtfas90 at gmail.com
Thu Mar 28 13:32:33 UTC 2019
Just to make sure I am understanding properly,
10:27:08.325470 is the system time of the virtualbox virtual machine
when the alert occurred?
It is interesting that alert timestamp and system timestamp is exactly
4 hours off.
I am not too familiar with how timezone/time is configured in ubuntu.
Can you share your timezone settings?
How long do you keep the virtual machine running at a time?
JT
On Thu, 2019-03-28 at 10:34 +0000, João Pedro wrote:
> I am testing Suricata IDS in a VirtualBox machine with Lubuntu
> installed.
>
> For example, Suricata is returning the alert:
>
> 03/28/2019-06:27:08.325470 [**] [1:2100368:7] GPL ICMP_INFO PING
> BSDtype [**] [Classification: Misc activity] [Priority: 3] {ICMP}
> 192.168.1.3:8 -> 192.168.1.2:0
>
> However the timestamp is wrong. The correct timestamp is 03/28/2019-
> 10:27:08.325470. I'm expecting the alert time to match the system
> time of the server
>
> Às 01:24 de 28/03/19, Jason Taylor escreveu:
> > Can you give us some examples of alert output and then what you
> > expect the time to be?
> >
> > Are you expecting the alert time to match the system time of the
> > server running suricata?
> >
> > What type/manufacturer is the network card suricata is using? Is
> > the network card using hardware or software time-stamping?
> >
> > JT
> >
> > On Wed, Mar 27, 2019, 18:25 João Pedro <oladj at live.com.pt> wrote:
> > > Hello.
> > >
> > > I'm struggling to adjust time in Suricata IDS. The suricata
> > > alerts are
> > > including a wrong timestamp.
> > >
> > > How can configure the time zone in Suricata?
> > >
> > > Thanks in advance.
> > >
> > > _______________________________________________
> > > Suricata IDS Users mailing list:
> > > oisf-users at openinfosecfoundation.org
> > > Site: http://suricata-ids.org | Support:
> > > http://suricata-ids.org/support/
> > > List:
> > > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >
> > > Conference: https://suricon.net
> > > Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list