Here are two views of the same sets of alerts:
# grep ":51:" /var/log/snort/alert 08/07-06:51:07.353985 64.52.50.201:1511 -> xx.xx.xx.xx:80 08/07-06:51:07.454513 64.52.50.201:1511 -> xx.xx.xx.xx:80 08/07-17:51:46.835660 204.60.156.2:3401 -> xx.xx.xx.xx:80 08/07-17:51:50.357658 204.60.156.2:3413 -> xx.xx.xx.xx:80 08/07-17:51:53.848363 204.60.156.2:3429 -> xx.xx.xx.xx:80 08/07-17:51:54.383995 204.60.156.2:3433 -> xx.xx.xx.xx:80 08/07-17:51:54.988612 204.60.156.2:3436 -> xx.xx.xx.xx:80 08/07-17:51:56.545477 204.60.156.2:3439 -> xx.xx.xx.xx:80 08/07-17:51:57.016801 204.60.156.2:3441 -> xx.xx.xx.xx:80 08/07-17:51:57.529523 204.60.156.2:3443 -> xx.xx.xx.xx:80
$ psql snortdb -c "select * from event;" | grep ":51:" 1 | 36 | 11 | 2003-08-06 23:51:07-07 1 | 37 | 5 | 2003-08-06 23:51:07-07 1 | 53 | 16 | 2003-08-07 10:51:46-07 1 | 54 | 16 | 2003-08-07 10:51:50-07 1 | 55 | 16 | 2003-08-07 10:51:53-07 1 | 56 | 16 | 2003-08-07 10:51:54-07 1 | 57 | 16 | 2003-08-07 10:51:54-07 1 | 58 | 16 | 2003-08-07 10:51:56-07 1 | 59 | 16 | 2003-08-07 10:51:57-07 1 | 60 | 16 | 2003-08-07 10:51:57-07
Interestingly, postgresql knows what the real system time is:
$ date && psql snortdb -c "select now();"
Thu Aug 7 22:57:41 PDT 2003
now -------------------------------
2003-08-07 22:57:41.457929-07
(1 row)The hardware clock is set to GMT and the OS is set to use the PST8PDT time zone. I'm using the snort-pgsql 2.0.0 and postgresql 7.3.2 packages currently in the "testing" branch. Anyone ever seen anything like this?
Thanks in advance,
Matthew
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
