Hello, I wanted to ask my question again after seeing a reply to my suggestion in the feedback forum. Daniel Cid posted there that the manager does in fact timestamp the events, but I still can't figure out where this happens or how. Is what shows up in the database the timestamp generated by the manager? Is the timestamp in the database generated by MySQL, and the manager timestamp used for a different form of reporting? We need to know in order to correctly report on our timestamping capabilities, but I can't find this information anywhere...
Thanks! -Alisha On Nov 3, 10:30 am, Alisha Kloc <[email protected]> wrote: > Hello, > > We recently noticed that OSSEC doesn't appear to have the ability to > timestamp events in milliseconds. This led to an examination of how > OSSEC timestamps its events, but we couldn't figure that out either. > I've done some searching on this, but haven't had any luck. > > Does anyone know where the timestamps in an OSSEC MySQL database come > from? Are they inserted by MySQL's automatic now() function? Does > OSSEC have any control over the timestamps? Are the timestamps in any > way related to the time logged in the syslog from which OSSEC is > pulling the event, or are they assigned after the event is passed to > the manager? Is there a way to get OSSEC events stamped with a time > down to the millisecond, for detailed forensic reporting? > > Thanks in advance! > -Alisha
