[Dshield] Time stamp accuracy
afrayer at frayernet.com
Thu Oct 7 17:18:28 GMT 2004
On Thu, 2004-10-07 at 12:00, Jon R. Kibler wrote:
> Two thoughts on this issue:
> 1) Does your router support SNTP? I had some 800 series Cisco boxes that I was swearing at because they did not support NTP, but found that they support SNTP -- a protocol with which I was not familiar with prior to that issue. (Basically, SNTP relies on a single NTP server on a local network to provide accurate time feeds.)
Not that I could find in documentation.
> 2) Can your router log to syslog? If it can, set up a *nix box with an accurate clock, log to syslog, and your time stamps should be accurate +/- a second or so. Yes, you will have to reformat your logs for DShield, but at least that is a one-time problem.
Now that's a possibility I'll check on. I've got the routers reporting
to Kiwi, and the PC Kiwi runs on can run an NTP client, I'm sure. I'll
see if the routers are using their own time stamp or Kiwi's in the log
Alan Frayer, CNE, CNI, CIW CI, MCP, Net+ - afrayer at frayernet.com
Member: Independent Consultants Association (ICA)
Consultants - FREE Directory Listing - http://www.ica-assn.org
More information about the list