I had a security-onion box running and it defaults to UTC/GMT time.  This was fine for me as I could do the subtraction of time in my head, but for some in management they were questioning my findings due to the time being off.  So, to make my life easier, I decided to change the timezone.

The timezone under Linux is set by a symbolic link from /etc/localtime to a file in the /usr/share/zoneinfo directory that corresponds with what timezone you are in. For example, since I’m in Chicago, /etc/localtime is a symlink to /usr/share/zoneinfo/America/Chicago. To set this link, type:

ln -sf /usr/share/zoneinfo/your/zone /etc/localtime