Hi Jim software timestamping was disabled for performance reason, I patched the code (both ZC library and daq-zc) in svn now, please update and let us know.
Alfredo > On 06 Mar 2015, at 17:40, Jim Hranicky <[email protected]> wrote: > > So I'm testing the snort zc daq, and it seems to be working. > Unfortunately, it seems snort is writing out events with a > null timestamp: > > (Event) > sensor id: 0 event id: 1 event second: 0 event microsecond: 0 > sig id: 2008583 gen id: 1 revision: 4 classification: 33 > priority: 1 ip source: XX.XX.XX.XX ip destination: 41.58.217.229 > src port: 38752 dest port: 6882 protocol: 17 impact_flag: 0 > blocked: 0 > > Going back to pfring_daq I get timestamps again: > > (Event) > sensor id: 0 event id: 1 event second: 1425659634 event > microsecond: 670130 > sig id: 2008581 gen id: 1 revision: 3 classification: 33 > priority: 1 ip source: XX.XX.XX.XX ip destination: 5.141.224.27 > src port: 45704 dest port: 48566 protocol: 17 impact_flag: 0 > blocked: 0 > > Any ideas? > > -- > Jim Hranicky > Data Security Specialist > UF Information Technology > 105 NW 16TH ST Room #104 GAINESVILLE FL 32603-1826 > 352-273-1341 > Information Security Office > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
