Scott you were right, the timestamp was not computed as side effect of an optimization. Please update the daq-dna package, it contains a fix for forcing the timestamping.
Regards Alfredo On Sep 12, 2012, at 11:04 PM, Scott Finlon <[email protected]> wrote: > This appears to be an issue in the DNA DAQ itself. > I took the following out of my start up script and the time stamps came back > " --daq-dir=/usr/local/lib/daq --daq pfring_dna --daq-mode passive". > The only thing I left in there was to bind each snort instance to a cpu core. > > Scott Finlon > ----------------------------------- > Information Security Engineer > The University of Scranton > email : [email protected] > phone : 570-941-6168 > ----------------------------------- > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Scott Finlon > Sent: Wednesday, September 12, 2012 3:49 PM > To: [email protected] > Subject: Re: [Ntop-misc] PF_RING DNA timestamps > > Alfredo, > I'm using the DNA DAQ, not the PF_RING DAQ. > > Scott Finlon > ----------------------------------- > Information Security Engineer > The University of Scranton > email : [email protected] > phone : 570-941-6168 > ----------------------------------- > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Alfredo > Cardigliano > Sent: Wednesday, September 12, 2012 3:43 PM > To: [email protected] > Subject: Re: [Ntop-misc] PF_RING DNA timestamps > > Scott > I guess you are using the daq module inside the pfring package. > If this is the case, be aware that it does not fully support DNA (as you can > read in the README.1st). > Please have a look here: https://www.ntop.org/products/pf_ring/dna/ > > Regards > Alfredo > > On Sep 12, 2012, at 9:37 PM, Scott Finlon <[email protected]> wrote: > >> I just installed DNA and the DNA DAQ on RHEL and spun up 8 Snort instances. >> Right around that time, my Snort front end started showing all time stamps >> as 1970-01-01 00:00:00. >> I've double checked all of my conf files, and can't find anywhere that would >> be taking the time stamp off. >> >> I'm just grasping at straws because I've checked everything else, but is >> there something in DNA that requires an extra config to allow timestamps >> through? >> >> Scott Finlon >> ----------------------------------- >> Information Security Engineer >> The University of Scranton >> email : [email protected] >> phone : 570-941-6168 >> ----------------------------------- >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
