So I'm testing the snort zc daq, and it seems to be working.
Unfortunately, it seems snort is writing out events with a
null timestamp:
(Event)
sensor id: 0 event id: 1 event second: 0 event microsecond: 0
sig id: 2008583 gen id: 1 revision: 4 classification: 33
priority: 1 ip source: XX.XX.XX.XX ip destination: 41.58.217.229
src port: 38752 dest port: 6882 protocol: 17 impact_flag: 0
blocked: 0
Going back to pfring_daq I get timestamps again:
(Event)
sensor id: 0 event id: 1 event second: 1425659634 event
microsecond: 670130
sig id: 2008581 gen id: 1 revision: 3 classification: 33
priority: 1 ip source: XX.XX.XX.XX ip destination: 5.141.224.27
src port: 45704 dest port: 48566 protocol: 17 impact_flag: 0
blocked: 0
Any ideas?
--
Jim Hranicky
Data Security Specialist
UF Information Technology
105 NW 16TH ST Room #104 GAINESVILLE FL 32603-1826
352-273-1341
Information Security Office
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
