[Zeek] Time value errors
Justin Azoff
justin at corelight.com
Wed Dec 18 15:49:59 PST 2019
If you run that without the -d option, what does the line containing
negative times look like?
There should be 4 times at the end of each record: ref_time
org_time rec_time xmt_time, knowing which one(s) have
the out of range value would help. Something like
cat ntp.log |zeek-cut uid ref_time org_time rec_time xmt_time | fgrep -- -
may help see them better.
On Wed, Dec 18, 2019 at 6:08 PM Scot Harris <SHARRIS at hollywoodfl.org> wrote:
>
> Noted what appear to be errors in the ntp.log file.
>
>
>
> Using following command:
>
>
>
> cat ntp.log | zeek-cut –d | less
>
>
>
>
>
>
>
> af_packet::eno1 2019-12-18T17:44:39-0500 C7MULpTngYof10ymf
10.1.45.35 123 10.1.5.60 123 2 3 4
64.000000 0.000004 0.070786 0.113083 10.1.5.60
2019-12-18T17:43:35-0500 2019-12-18T17:43:35-0500
2019-12-18T17:43:35-0500 2019-12-18T17:44:39-0500 0
>
> af_packet::eno1 2019-12-18T17:44:39-0500 C7MULpTngYof10ymf
10.1.45.35 123 10.1.5.60 123 3 4 3
64.000000 0.015625 0.069839 0.077545
23.239.26.89 2019-:zeek-cut: time value out-of-range: -586465861.545972
>
> zeek-cut: time value out-of-range: -586465861.545972
>
> 12-18T17:42:18-0500 2019-12-18T17:44:39-0500
2019-12-18T17:44:39-0500 2019-12-18T17:44:39-0500 0
>
> af_packet::eno1 2019-12-18T17:44:39-0500 C5GF2T1ozzCZptCbjf
10.1.204.212 123 10.1.5.180 123 3 3 15
64.000000 0.007812 0.000000 2.009995 0.0.0.0
1969-12-31T19:00:00-0500 1969-12-31T19:00:00-0500
1969-12-31T19:00:00-0500 2019-12-18T17:44:46-0500 0
>
> af_packet::eno1 2019-12-18T17:44:40-0500 CxaJ6KeJfxVcN8Fw2
10.1.201.150 123 10.1.5.180 123 3 3 15
64.000000 0.007812 0.000000 2.009995 0.0.0.0
1969-12-31T19:00:00-0500 1969-12-31T19:00:00-0500
1969-12-31T19:00:00-0500 2019-12-18T17:44:48-0500 0
>
> af_packet::eno1 2019-12-18T17:44:40-0500 C8dZCI37SuYRZB9L7g
10.1.13.61 123 10.1.5.60 123 3 3 4
64.000000 0.007812 0.069839 0.402298 60.5.1.10
2019-12-18T17:43:37-0500 2019-12-18T17:43:36-0500
2019-12-18T17:43:37-0500 2019-12-18T17:44:41-0500 0
>
> af_packet::eno1 2019-12-18T17:44:41-0500 CBz4Ww4jjCjKgHYfwc
10.1.221.30 123 10.1.5.180 123 3 3 15
64.000000 0.007812 0.000000 2.009995 0.0.0.0
1969-12-31T19:zeek-cut: time value out-of-range: -1114760693.379112
>
> zeek-cut: time value out-of-range: -1114760693.379112
>
> zeek-cut: time value out-of-range: -1115340513.842638
>
> :00:00-0500 1969-12-31T19:00:00-0500
1969-12-31T19:00:00-0500 2019-12-18T17:44:44-0500 0
>
> af_packet::eno1 2019-12-18T17:44:40-0500 C4akh61szBCsYCPJn6
10.1.223.28 123 10.1.5.180 123 3 3 15
64.000000 0.007812 0.000000 2.009995 0.0.0.0
1969-12-31T19:
>
>
>
> Have not noticed these errors previously.
>
>
>
>
>
>
>
> ____________________________________________________
> Scot Harris
> Network Engineer | IT | City of Hollywood
>
> (P) 954-921-3304 | sharris at hollywoodfl.org
>
>
>
>
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191218/2ecf6b58/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1475 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191218/2ecf6b58/attachment.bin
More information about the Zeek
mailing list