#43: Time problem in Walleye
----------------------+-----------------------------------------------------
Reporter: bjou | Owner: r...@honeynet.org
Type: defect | Status: new
Priority: minor | Milestone: roo-1.4
Component: Walleye | Version: 1.4b3
Resolution: | Keywords: time walleye timezone
----------------------+-----------------------------------------------------
Comment (by breusshe):
Replying to [ticket:43 bjou]:
Ok, I figured out the time thing completely. All time references in my
Honeywall and Walleye are now accurate. Here is what I did:
First off, you'll be editing the following files:
{{{
/var/www/html/walleye:
walleye.pl
sum_graph.pl
/usr/lib/per5/site_perl/5.8.8/Walleye:
Admin.pm
Aggregate_flow.pm
Connection_table.pm
Host.pm
Process.pm
Process_tree.pm
}}}
To do the edit, you need to run a series of '''vi''' commands:
1.) '''cd''' to the '''/var/www/html/walleye''' directory.[[BR]]
2.) Type the following command:
{{{
vi +%s/gmtime/localtime/g +%s/timegm/timelocal/g walleye.pl
}}}
***NOTE: This will start '''vi''' and run the two search and replace
items (the text after each of the plus ('+') signs) as '''walleye.pl'''
loads. You must wait for two messages to appear. Each message relates to
the two search and replaces being done. The first message will have in
it:
{{{
Pattern not found:
}}}
The other will have:
{{{
x substitutions on y lines
}}}
where 'x' and 'y' are numbers. You might see only one of these
messages twice, or each of these messages once. It depends on whether or
not the string being replaced exists in the file.
3.) Once the search and replace is completed, you'll see:
{{{
Press ENTER or type command to continue
}}}
Just press '''Enter''' and '''vi''' will finish opening the file.
***NOTE: Ignore any messages about changing a read-only file. The
next step tells you how to save a read-only file in '''vi'''.
4.) Type:
{{{
:wq!
}}}
***NOTE: This will save and exit '''vi'''
5.) Repeat Step 2 replacing '''walleye.pl''' with '''sum_graph.pl'''.
6.) '''cd''' to '''/usr/lib/per5/site_perl/5.8.8/Walleye''' and repeat
Steps 2 - 5 using the filenames for this folder listed at the start of
this post.
7.) Refresh or startup Walleye in your browser. You'll notice that all
the times now use the timezone configured for your server.
***NOTE: If the time is still wrong, check the time in Walleye (found
in the upper-right corner, in the header, once you log in). Make sure the
timezone listed there is correct. If not, you need to adjust your
timezone per the link in kwortman's earlier post (found in Clock.txt).
That should straighten ya'll out. Just keep in mind one thing: I think
the developers intended this behavior. I think the reason the code is set
to GMT like this is so that organizations using multiple Honeypots in
different geographical areas would have statistics that matched up to each
other. So, if you have a site in London and another in Bangkok, you might
not want to make these changes since it might make it harder to determine
when troublesome network traffic was bothering the two separate sites (due
to the different timezones).
Perhaps a developer could weigh in on this to confirm or deny my
suspicions????
--
Ticket URL: <https://projects.honeynet.org/honeywall/ticket/43#comment:4>
Honeywall <https://projects.honeynet.org/honeywall>
Honeywall Public Project Site_______________________________________________
Honeywall mailing list
Honeywall@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/honeywall
