[Sguil-devel] Timestamps of Sguil alerts
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
[Sguil-devel] Timestamps of Sguil alerts
|
From: Callan T. <cal...@se...> - 2005-05-10 05:01:27
|
Hi list,
I'm a little confused over the timestamps generated for the alerts.
Looking at the snippet below:
Sensor Data Rcvd: BYEventRcvd sock3 0 1 458 test-sensor 477 477
{1974-05-14 21:21:28} 1 483 0 {ICMP PING CyberKit 2.2 Windows}
{2005-05-10 04:39:09}
The second timestamp is correct, and is the one that gets inserted into
the DB, but what of the first? Any clues and pointers is greatly
appreciated.
Cheers,
Callan
|