Hi Ken,

Since ossec runs in a chroot "jail", it needs to have its own localtime file.
I saw some other reports of incorrectly time stamps, so copying /etc/localtime
to /var/ossec should fix it.

Thanks for letting us know about it.


--
Daniel B. Cid
dcid ( at ) ossec.net

On 3/20/07, Ken A <[EMAIL PROTECTED]> wrote:

Had a weird issue after modifying timezone data for new DST rules here
and tracked it down to /var/ossec/etc/localtime, which is installed on
both server and agents by InstallServer.sh and InstallAgent.sh scripts.

This was of course a copy of the 'old' /etc/localtime, so ossec was 1 hr
in the past since DST came early this year. I don't think it caused any
real problems, but just to be sure, I cleared active response firewall
and hosts.deny entries. :-)

Ken A.
Pacific.Net

Reply via email to