Our network uses Symantec CSP Ver. 184.108.40.206 for intrusion protection. It was put into enforce mode a month ago. I didn't pay much attention to it when it was in audit mode.
Well, log event timestamps are 7 hours in the future. Meaning, if a message was collected at 12 noon, the log shows the event time as 7PM. Logs are compiled on a SQL server, not the Symantec server, and are collected by ODBC.
The ODBC query gets this timestamp from the EVENT_DT column in that database.
If anyone else has experienced this, suggestions are greatly appreciated. --== John