How to keep sensors in sync using NTP?

From: Bruno Sicchieri (bsicchieri@hotmail.com)
Date: 10/15/02

Previous message: Raistlin: "Re: IDS Report"
Next in thread: Skip Carter: "Re: How to keep sensors in sync using NTP?"
Reply: Skip Carter: "Re: How to keep sensors in sync using NTP?"
Reply: spy guy: "Re: How to keep sensors in sync using NTP?"
Reply: Alex Arndt: "RE: How to keep sensors in sync using NTP?"
Reply: Thomas Phelan: "Re: How to keep sensors in sync using NTP?"
Reply: roy lo: "Re: How to keep sensors in sync using NTP?"
Reply: BearingPoint: "RE: How to keep sensors in sync using NTP?"
Reply: Jérôme Tytgat: "Re: How to keep sensors in sync using NTP?"
Reply: Jérôme Tytgat: "Re: How to keep sensors in sync using NTP?"
Reply: Duffner, Rainer (BearingPoint): "RE: How to keep sensors in sync using NTP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 15 Oct 2002 12:56:31 -0000
From: Bruno Sicchieri <bsicchieri@hotmail.com>
To: focus-ids@securityfocus.com

('binary' encoding is not supported, stored as-is)

Hi all,

I´ve just installed Snort, MySQL and ACID on Redhat7.3 following the Snort
Installation Manual, by Steven J. Scott
(http://home.earthlink.net/~sjscott007/)

In one of the sections (Network Time Protocol - NTP) he explain how to
keep accurate time on the sensors (Snort) without having to manually set
the clocks, using NTP:

1) Editing the /etc/ntp.conf file and changing the server entry to reflect
my timeserver and comment out the entry starting with "fudge"
------ntp.conf------
server mytimeserver.com
#fudge 127.127.1.0 stratum 10
--------------------

2) # /etc/rc.d/init.d/ntpd start
3) # chkconfig ntpd on

I´m using "ntp-4.1.1" and writing
from "/usr/share/zoneinfo/America/Sao_Paulo" with "UTC=true"
in /etc/sysconfig/clock file.

Everything looks OK but the sensors stay 2 hours in advance. I already
read the NTP manual but I still can´t figure out what is happen.

Anyone could help please?

Thanks, Bruno.

Previous message: Raistlin: "Re: IDS Report"
Next in thread: Skip Carter: "Re: How to keep sensors in sync using NTP?"
Reply: Skip Carter: "Re: How to keep sensors in sync using NTP?"
Reply: spy guy: "Re: How to keep sensors in sync using NTP?"
Reply: Alex Arndt: "RE: How to keep sensors in sync using NTP?"
Reply: Thomas Phelan: "Re: How to keep sensors in sync using NTP?"
Reply: roy lo: "Re: How to keep sensors in sync using NTP?"
Reply: BearingPoint: "RE: How to keep sensors in sync using NTP?"
Reply: Jérôme Tytgat: "Re: How to keep sensors in sync using NTP?"
Reply: Jérôme Tytgat: "Re: How to keep sensors in sync using NTP?"
Reply: Duffner, Rainer (BearingPoint): "RE: How to keep sensors in sync using NTP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: How to keep sensors in sync using NTP?
... It's snort -U not snort -O sorry. ... How to keep sensors in sync using NTP? ... > I´ve just installed Snort, MySQL and ACID on Redhat7.3 following the Snort ...
(Focus-IDS)
Re: How to keep sensors in sync using NTP?
... the ntp did the time adjustment for you) ... >I?e just installed Snort, MySQL and ACID on Redhat7.3 following the Snort ... Sun Certified Network Administrator ...
(Focus-IDS)
Re: Default Snort configuration on Win32 .. Not detecting SubSeven and other stuff?
... It's be a while since I have installed Snort on Win2k, ... There are a few rule sets that are probably commented ... > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
(Security-Basics)
Re: Shorewall + SNORT
... I looking for something to find attackers ip and block it in firewall. ... I use shorewall, and I just installed snort, but I can not find anything ...
(comp.security.firewalls)
Re: How to keep sensors in sync using NTP?
... Are you using snort with the option: ... How to keep sensors in sync using NTP? ... > 1) Editing the /etc/ntp.conf file and changing the server entry to reflect ...
(Focus-IDS)