This appears to be an issue in the DNA DAQ itself. I took the following out of my start up script and the time stamps came back " --daq-dir=/usr/local/lib/daq --daq pfring_dna --daq-mode passive". The only thing I left in there was to bind each snort instance to a cpu core.
Scott Finlon ----------------------------------- Information Security Engineer The University of Scranton email : [email protected] phone : 570-941-6168 ----------------------------------- -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Scott Finlon Sent: Wednesday, September 12, 2012 3:49 PM To: [email protected] Subject: Re: [Ntop-misc] PF_RING DNA timestamps Alfredo, I'm using the DNA DAQ, not the PF_RING DAQ. Scott Finlon ----------------------------------- Information Security Engineer The University of Scranton email : [email protected] phone : 570-941-6168 ----------------------------------- -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Alfredo Cardigliano Sent: Wednesday, September 12, 2012 3:43 PM To: [email protected] Subject: Re: [Ntop-misc] PF_RING DNA timestamps Scott I guess you are using the daq module inside the pfring package. If this is the case, be aware that it does not fully support DNA (as you can read in the README.1st). Please have a look here: https://www.ntop.org/products/pf_ring/dna/ Regards Alfredo On Sep 12, 2012, at 9:37 PM, Scott Finlon <[email protected]> wrote: > I just installed DNA and the DNA DAQ on RHEL and spun up 8 Snort instances. > Right around that time, my Snort front end started showing all time stamps as > 1970-01-01 00:00:00. > I've double checked all of my conf files, and can't find anywhere that would > be taking the time stamp off. > > I'm just grasping at straws because I've checked everything else, but is > there something in DNA that requires an extra config to allow timestamps > through? > > Scott Finlon > ----------------------------------- > Information Security Engineer > The University of Scranton > email : [email protected] > phone : 570-941-6168 > ----------------------------------- > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
