On Wed, Jan 8, 2014 at 4:51 PM, Carl Hilinski <[email protected]> wrote: > The times are the same in /var/ossec/logs/alerts/alert.log for each line. > For example: > ** Alert 1389217620.124036: - pam,syslog,authentication_success, > 2014 Jan 08 16:47:00 SRV-LOG-03->/var/log/secure > Rule: 5501 (level 3) -> 'Login session opened.' > Jan 8 16:46:59 SRV-LOG-03 sshd[11292]: pam_unix(sshd:session): session > opened for user ttttt by (uid=0) > > This shows up in the webui as 2014 Jan 8 21:47 > > The last line of the timezone file is EST5EDT,M3.2.0,M11.1.0 and I'm U.S. > Eastern time. >
Is /etc/localtime correct? It seems like your system is set to UTC (5 hours ahead). > On Monday, January 6, 2014 1:28:26 PM UTC-5, Carl Hilinski wrote: >> >> When I look in the web ui (beta .8) for Ossec, I see two issues. One is >> that the time is wrong: >> 3 - SSHD authentication success. 2014 Jan 06 18:16:00 >> Rule Id: >> 5715 >> Location: >> plato.hes.hmc.psu.edu->/var/log/messages >> Src IP: >> x.x.x.x >> Jan 6 13:17:32 plato.hes.hmc.psu.edu sshd[22493]: [ID 800047 auth.info] >> Accepted keyboard-interactive for oracle from x.x.x.x port 62671 ssh2 >> >> >> It's off by seven hours. The line that read 2014 Jan 06 18:16:00 should be >> 2014 Jan 06 01:16:00. Note that the time is correct in the actual log. All >> of the system/clock settings are correct on this redhat 6.4 machine. It >> appears to be a timezone issue...is that set somewhere special? >> >> Second, not all of the agents are listed in the area of the webui window >> that lists the connected machines. While a couple are not listed there, they >> will have activity listed in the Latest Events window. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
