[prev in list] [next in list] [prev in thread] [next in thread]
List: dragonidsuser
Subject: [Dragonidsuser] Re: sensors logging events with null/zero timestamp
From: Hank Leininger <hlein () progressive-comp ! com>
Date: 2006-06-02 5:58:52
Message-ID: 010606020008180.4079 () timmy ! spinoli ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 23 May 2006, Hank Leininger wrote:
> A couple of times now, I've had a sensor (v7.2 on Linux) start logging
> all events with a null timestamp. This gets dutifully decoded as a UNIX
> time-since-the- epoch and recorded in dragon.db and dragon.log files as
> 1969-12-31 or 1970-01-01 or whatever, depending on timestamps.
OK, since then, that sensor has been updated to v7.2.1. It's no longer
issuing events with a null timestamp. Instead, each event it generates
has the time that the sensor process started as its time. This sensor
is lightly loaded--only about 1500 packets/sec. It's no different from
~30 siblings in any way I can determine. It has no other odd
symptoms/behavior that I can find. If I restart dragon (or reboot the
sensor) the only change is that the timestamp-stuck-on-all-events gets
updated to the restart time for the dragon sensor process.
Has anybody seen behavior like this before?
Thanks,
Hank
-----BEGIN PGP SIGNATURE-----
iD8DBQFEf9OcIvjvEYYapvERArGoAJ9/fD2kt4AuB5gJYdnVx34KurIyvgCeIQcW
dq3ryAvn73pnWjlE4bv/NBg=
=Wp/P
-----END PGP SIGNATURE-----
_______________________________________________
Dragonidsuser mailing list
For help please follow the below instructions.
You can make subsciption adjustments via email by sending a message to:
Dragonidsuser-request@enterasys.com
with the word `help' in the subject or body (don't include the quotes), and you will \
get back a message with instructions.
You must know your password to change your options (including changing the password, \
itself) or to unsubscribe. If you forget your password, don't worry, you will \
receive a monthly reminder telling you what all your enterasys.com mailing list \
passwords are, and how to unsubscribe or change your options.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic