RSA Admin

Symantec CSP logs 7 hours in the future

Discussion created by RSA Admin Employee on May 8, 2012
Latest reply on May 9, 2012 by RSA Admin

Our network uses Symantec CSP Ver. for intrusion protection. It was put into enforce mode a month ago. I didn't pay much attention to it when it was in audit mode.


Well, log event timestamps are 7 hours in the future. Meaning, if a message was collected at 12 noon, the log shows the event time as 7PM. Logs are compiled on a SQL server, not the Symantec server, and are collected by ODBC.


The ODBC query gets this timestamp from the EVENT_DT column in that database. 



If anyone else has experienced this, suggestions are greatly appreciated. --== John