[Bro] - time diff between bro logs and host clock
Seth Hall
seth at corelight.com
Thu Oct 18 09:38:16 PDT 2018
On 18 Oct 2018, at 5:36, william de ping wrote:
> Any idea why new bro logs epoch timestamp is about 1 hour earlier than
> the actual clock of the host ?
Is it possible that you are converting timestamps into something
readable on a system where the timezone is set differently than you
expect? One hour off seems suspicious to me as though it might be a
timezone issue (although the unix epoch timestamp doesn't have a
timezone built into it so the application of timezone only happens when
you do the conversion for viewing).
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro
mailing list