options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
ts_format (rfc3164);
recv_time_zone(+05:00);
};
template t_default { template("${DATE} ${YEAR} ${HOST} ${MSG}\n"); template_escape(no); };
source all_routers { udp(ip(0.0.0.0) port(514) time_zone(+05:00));
};
Even when I add the recv_time_zone and then time_zone options the log entries are still showing up in the file as UTC?
Here is an example of how they are being logged
Apr 27 20:46:59 2007 intsnort1 SFIMS: [119:17:1] Snort Alert [Classification: Unknown] [Priority: 3] {TCP}
Why will the date not change? This is how the date look when i sniff iton wireshark.. so i know that is how it is being sent(as UTC) please advise and thanks.