cancel
Showing results for 
Search instead for 
Did you mean: 

SNS ProTip for SIEM: Troubleshooting Future Events

To help you maximize your SIEM deployment, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links to in-depth KnowledgeBase resources.

Issue: In a SIEM Enterprise Security Manager (ESM) 9.x device, red or yellow flags on data source devices are accompanied with a log message stating: “Last time stamp more than 1 hour in the future.”

Cause: This error message appears if an event is received with an invalid time stamp, or if the time zone offset for a data source is incorrect which results in the incoming event having an incorrect time and date.

Resolution: One solution is to determine where the logs are coming from and what time zone they are using and ensure that the time stamp in the event matches the correct time zone. Instructions on how to do this can be found in KB82390 — Troubleshooting future events with SIEM.

While incorrectly configured time zones are the primary cause of future events, in some cases, the time zone is correct, but the time stamp is not. This can be caused by a bad clock or date on the data source. In this case, fixing the device should resolve the issue.

For more resources, visit the McAfee KnowledgeBase and search for SIEM-related KBs.

Version history
Revision #:
1 of 1
Last update:
‎08-21-2014 06:14 AM
Updated by:
 

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community