Hi Trevor,
This is an issue related to Solaris not supporting the %z (timezone
offset) in the strftime function. That's
why it always comes as -0000. We will have to look in a way to fix
that (patches welcome)...
>From our maild sendmail.c code:
/* Solaris doesn't have the "%z", so we set the timezone to 0. */
#ifdef SOLARIS
strftime(snd_msg, 127, "Date: %a, %d %b %Y %T -0000\r\n",p);
#else
strftime(snd_msg, 127, "Date: %a, %d %b %Y %T %z\r\n",p);
#endif
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On Wed, Mar 11, 2009 at 7:37 PM, Trevor McLeod <[email protected]> wrote:
>
> Hello,
>
> I looked at the same email in Outlook. The date information in the
> Received part of the header is as shown below. However, the date shown
> in the Date part of the header has an offset of -0000.
>
> So in Outlook, when the email is in the Inbox, the time is correct:
> 3:00 PM because Outlook displays the both the date and time using the
> Received part of the header. However, when you open the email, the time
> is displayed as 8:00 AM because it is using the Date part of the
> header. I guess in Thunderbird, the Date part of the header is used in
> both places.
>
> So, why is OSSEC sending the Date part of the header with an offset of
> -0000?
>
> Thanks,
> Trevor McLeod
>
> Trevor McLeod wrote:
>> Hello,
>>
>> Here's a sample of the date stamp on an email alert I received from OSSEC:
>>
>> Wed, 11 Mar 2009 15:00:31 -0700
>>
>> My mail client (Thunderbird) displayed the received time as 8:00 AM when
>> it should have been 3:00 PM (15:00).
>>
>> The /var/ossec/TIMEZONE file looks like this:
>>
>> TZ=Canada/Pacific
>> CMASK=022
>> LC_COLLATE=en_CA.ISO8859-1
>> LC_CTYPE=en_CA.ISO8859-1
>> LC_MESSAGES=C
>> LC_MONETARY=en_CA.ISO8859-1
>> LC_NUMERIC=en_CA.ISO8859-1
>> LC_TIME=en_CA.ISO8859-1
>>
>> Any ideas as to what is going on?
>>
>> Thanks,
>> Trevor McLeod
>>
>>
>>
>
>
