Follow

(Late Reporting) Make sure logging is in UTC

It is usually best practice to have logs set in UTC. Currently ThreatSTOP will also delay parsing of logs until they hit the correct UTC time, so if your local time is in the future, you may have alerts and reporting delayed by several hours, UTC should be the default on any TSCM, but to do it on a Ubuntu based BIND server simply run the command: 

sudo timedatectl set-timezone UTC


The exception to this is logs from an AD server and DNS Defense Cloud devices.

This is important for all IP and DNS defense devices.

Was this article helpful?
0 out of 0 found this helpful

Comments