Hi Ken,
Since ossec runs in a chroot "jail", it needs to have its own localtime file. I saw some other reports of incorrectly time stamps, so copying /etc/localtime to /var/ossec should fix it. Thanks for letting us know about it. -- Daniel B. Cid dcid ( at ) ossec.net On 3/20/07, Ken A <[EMAIL PROTECTED]> wrote:
Had a weird issue after modifying timezone data for new DST rules here and tracked it down to /var/ossec/etc/localtime, which is installed on both server and agents by InstallServer.sh and InstallAgent.sh scripts. This was of course a copy of the 'old' /etc/localtime, so ossec was 1 hr in the past since DST came early this year. I don't think it caused any real problems, but just to be sure, I cleared active response firewall and hosts.deny entries. :-) Ken A. Pacific.Net
