[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dragonidsuser
Subject:    [Dragonidsuser] Re: sensors logging events with null/zero timestamp
From:       Hank Leininger <hlein () progressive-comp ! com>
Date:       2006-06-02 5:58:52
Message-ID: 010606020008180.4079 () timmy ! spinoli ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 23 May 2006, Hank Leininger wrote:

> A couple of times now, I've had a sensor (v7.2 on Linux) start logging
> all events with a null timestamp.  This gets dutifully decoded as a UNIX
> time-since-the- epoch and recorded in dragon.db and dragon.log files as
> 1969-12-31 or 1970-01-01 or whatever, depending on timestamps.

OK, since then, that sensor has been updated to v7.2.1.  It's no longer
issuing events with a null timestamp.  Instead, each event it generates
has the time that the sensor process started as its time.  This sensor
is lightly loaded--only about 1500 packets/sec.  It's no different from
~30 siblings in any way I can determine.  It has no other odd
symptoms/behavior that I can find.  If I restart dragon (or reboot the
sensor) the only change is that the timestamp-stuck-on-all-events gets
updated to the restart time for the dragon sensor process.

Has anybody seen behavior like this before?

Thanks,

Hank
-----BEGIN PGP SIGNATURE-----

iD8DBQFEf9OcIvjvEYYapvERArGoAJ9/fD2kt4AuB5gJYdnVx34KurIyvgCeIQcW
dq3ryAvn73pnWjlE4bv/NBg=
=Wp/P
-----END PGP SIGNATURE-----
_______________________________________________
Dragonidsuser mailing list

For help please follow the below instructions.
You can make subsciption adjustments via email by sending a message to:

  Dragonidsuser-request@enterasys.com

with the word `help' in the subject or body (don't include the quotes), and you will \
get back a message with instructions.

You must know your password to change your options (including changing the password, \
itself) or to unsubscribe.   If you forget your password, don't worry, you will \
receive a monthly reminder telling you what all your enterasys.com mailing list \
passwords are, and how to unsubscribe or change your options.  


[prev in list] [next in list] [prev in thread] [next in thread]