Re: [ossec-list] UTC time
258 views
Skip to first unread message
dan (ddp)
Feb 1, 2013, 10:42:15 AM2/1/13
to ossec...@googlegroups.com
On Fri, Feb 1, 2013 at 10:25 AM, jrm <merri...@gmail.com> wrote:
> How can I change OSSEC emails to show time other than UTC. I have my system
> using the correct Eastern time Zone?
>
> Thanks
>
> --
Is the timezone file in /var/ossec/etc the correct one? Make sure it's
for your timezone and not UTC.
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
> How can I change OSSEC emails to show time other than UTC. I have my system
> using the correct Eastern time Zone?
>
> Thanks
>
> --
Is the timezone file in /var/ossec/etc the correct one? Make sure it's
for your timezone and not UTC.
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
dan (ddp)
Feb 12, 2013, 11:53:17 AM2/12/13
to ossec...@googlegroups.com
On Tue, Feb 12, 2013 at 11:49 AM, jrm <merri...@gmail.com> wrote:
> Could it be because I am running this in the Security Onion release?
>
Possibly, if the /var/ossec/etc/localtime file is for UTC.
>
> On Friday, February 1, 2013 10:25:25 AM UTC-5, jrm wrote:
>>
>> How can I change OSSEC emails to show time other than UTC. I have my
>> system using the correct Eastern time Zone?
>>
>> Thanks
>
> --
>
> Could it be because I am running this in the Security Onion release?
>
Possibly, if the /var/ossec/etc/localtime file is for UTC.
>
> On Friday, February 1, 2013 10:25:25 AM UTC-5, jrm wrote:
>>
>> How can I change OSSEC emails to show time other than UTC. I have my
>> system using the correct Eastern time Zone?
>>
>> Thanks
>
> --
>
Castle, Shane
Feb 12, 2013, 12:17:44 PM2/12/13
to ossec...@googlegroups.com
You betcha. UTC is the TZ for SO.
That said, when you invoke certain things, you can set the TZ environment variable to an appropriate value when you invoke certain commands so that it uses local time. But the recommended way is just to know what time it is ;).
For instance, here in Colorado at this time of year we are 7 hours ahead of UTC, so 1700 MST is 0000 UTC the next day, and 1900 UTC is 1200 MST. One thing I do fairly often when looking through Bro logs is something like this:
$ cd /nsm/bro/logs
$ ls -1 2013-02-08/http_eth1.*gz | while read fn;do (export TZ=MST7MDT;zcat $fn | bro-cut -d ts id.orig_h id.resp_h method host uri status_code status_msg);done | fgrep 65.125.242. | less
--
Shane Castle
Data Security Mgr, Boulder County IT
-----Original Message-----
From: ossec...@googlegroups.com [mailto:ossec...@googlegroups.com] On Behalf Of jrm
Sent: Tuesday, February 12, 2013 09:49
To: ossec...@googlegroups.com
Subject: [ossec-list] Re: UTC time
Could it be because I am running this in the Security Onion release?
That said, when you invoke certain things, you can set the TZ environment variable to an appropriate value when you invoke certain commands so that it uses local time. But the recommended way is just to know what time it is ;).
For instance, here in Colorado at this time of year we are 7 hours ahead of UTC, so 1700 MST is 0000 UTC the next day, and 1900 UTC is 1200 MST. One thing I do fairly often when looking through Bro logs is something like this:
$ cd /nsm/bro/logs
$ ls -1 2013-02-08/http_eth1.*gz | while read fn;do (export TZ=MST7MDT;zcat $fn | bro-cut -d ts id.orig_h id.resp_h method host uri status_code status_msg);done | fgrep 65.125.242. | less
--
Shane Castle
Data Security Mgr, Boulder County IT
-----Original Message-----
From: ossec...@googlegroups.com [mailto:ossec...@googlegroups.com] On Behalf Of jrm
Sent: Tuesday, February 12, 2013 09:49
To: ossec...@googlegroups.com
Subject: [ossec-list] Re: UTC time
Could it be because I am running this in the Security Onion release?
Reply all
Reply to author
Forward
0 new messages