SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
The SiLK analysis suite has been recompiled to make use of the default UTC time rather than local time.
Please be aware of the following changes that will need to be made to any existing analytics or workflows if you would like to continue to make use of local time rather than UTC.
- Any analytic or workflow that makes use of a SiLK tool that outputs time (e.g., rwcut, rwcount, etc.) will need to be changed to use the
--timestamp-format=local switch in the SiLK command(s).
- Additionally, the TZ environment variable or system clock will need to be set to the local time zone that is desired.
- Any analytic or workflow that makes use of a SiLK tool that takes time as an input (e.g., rwfilter, rwcount, etc.) will need to be changed to convert local time to UTC.
On a *nix system, this can be done by making use of the date(1) program.
See the man page for complete documentation.
An example command that can be used to convert a local date time to UTC for use in the --start-date switch is:
date -ud <local date time> +%Y/%m/%dT%H