[Zeek] Time value errors

Justin Azoff justin at corelight.com
Wed Dec 18 15:49:59 PST 2019


If you run that without the -d option,  what does the line containing
negative times look like?

There should be 4 times at the end of each record: ref_time
org_time           rec_time           xmt_time, knowing which one(s) have
the out of range value would help.  Something like

cat ntp.log |zeek-cut uid ref_time org_time rec_time xmt_time | fgrep --  -

may help see them better.

On Wed, Dec 18, 2019 at 6:08 PM Scot Harris <SHARRIS at hollywoodfl.org> wrote:
>
> Noted what appear to be errors in the ntp.log file.
>
>
>
> Using following command:
>
>
>
> cat ntp.log | zeek-cut –d | less
>
>
>
>
>
>
>
> af_packet::eno1 2019-12-18T17:44:39-0500        C7MULpTngYof10ymf
10.1.45.35      123     10.1.5.60       123     2       3       4
64.000000       0.000004        0.070786        0.113083        10.1.5.60
    2019-12-18T17:43:35-0500        2019-12-18T17:43:35-0500
 2019-12-18T17:43:35-0500        2019-12-18T17:44:39-0500        0
>
> af_packet::eno1 2019-12-18T17:44:39-0500        C7MULpTngYof10ymf
10.1.45.35      123     10.1.5.60       123     3       4       3
64.000000       0.015625        0.069839        0.077545
 23.239.26.89    2019-:zeek-cut: time value out-of-range: -586465861.545972
>
> zeek-cut: time value out-of-range: -586465861.545972
>
> 12-18T17:42:18-0500        2019-12-18T17:44:39-0500
 2019-12-18T17:44:39-0500        2019-12-18T17:44:39-0500        0
>
> af_packet::eno1 2019-12-18T17:44:39-0500        C5GF2T1ozzCZptCbjf
 10.1.204.212    123     10.1.5.180      123     3       3       15
 64.000000       0.007812        0.000000        2.009995        0.0.0.0
1969-12-31T19:00:00-0500        1969-12-31T19:00:00-0500
 1969-12-31T19:00:00-0500        2019-12-18T17:44:46-0500        0
>
> af_packet::eno1 2019-12-18T17:44:40-0500        CxaJ6KeJfxVcN8Fw2
10.1.201.150    123     10.1.5.180      123     3       3       15
 64.000000       0.007812        0.000000        2.009995        0.0.0.0
1969-12-31T19:00:00-0500        1969-12-31T19:00:00-0500
 1969-12-31T19:00:00-0500        2019-12-18T17:44:48-0500        0
>
> af_packet::eno1 2019-12-18T17:44:40-0500        C8dZCI37SuYRZB9L7g
 10.1.13.61      123     10.1.5.60       123     3       3       4
64.000000       0.007812        0.069839        0.402298        60.5.1.10
    2019-12-18T17:43:37-0500        2019-12-18T17:43:36-0500
 2019-12-18T17:43:37-0500        2019-12-18T17:44:41-0500        0
>
> af_packet::eno1 2019-12-18T17:44:41-0500        CBz4Ww4jjCjKgHYfwc
 10.1.221.30     123     10.1.5.180      123     3       3       15
 64.000000       0.007812        0.000000        2.009995        0.0.0.0
1969-12-31T19:zeek-cut: time value out-of-range: -1114760693.379112
>
> zeek-cut: time value out-of-range: -1114760693.379112
>
> zeek-cut: time value out-of-range: -1115340513.842638
>
> :00:00-0500        1969-12-31T19:00:00-0500
 1969-12-31T19:00:00-0500        2019-12-18T17:44:44-0500        0
>
> af_packet::eno1 2019-12-18T17:44:40-0500        C4akh61szBCsYCPJn6
 10.1.223.28     123     10.1.5.180      123     3       3       15
 64.000000       0.007812        0.000000        2.009995        0.0.0.0
1969-12-31T19:
>
>
>
> Have not noticed these errors previously.
>
>
>
>
>
>
>
> ____________________________________________________
> Scot Harris
> Network Engineer | IT | City of Hollywood
>
> (P) 954-921-3304 | sharris at hollywoodfl.org
>
>
>
>
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek



--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191218/2ecf6b58/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1475 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191218/2ecf6b58/attachment.bin 


More information about the Zeek mailing list