On Thursday, August 18, 2016 at 11:06:13 AM UTC-7, Jorg B wrote: > > I'm using Graylog 2.03 and I'm having some issues with the one hour time > difference introduced by daylight saving time. > We have 1000's of devices syslog'ing to our Graylog server. Even though > these devices have the correct timezone configured (PST), they don't > auto-adjust for daylight saving time... which means that the time stamp for > each message on the Graylog server is off (behind) by one hour. I could > manually adjust the time zone to a zone that is one hour ahead, but given > the number of devices we have, this is not feasible (and plain dumb). >
I have never been able to make Graylog's timezone mechanisms work right. I just run everything in GMT including the syslog-ng (load balancer), Graylog and Elasticsearch servers and live with it. GMT of course has no daylight saving time. graylog-web will then adjust the times to local time when I view the logs via the Graylog UI. You *may* be able to rewrite the time if you put syslog-ng in front of your Graylog. syslog-ng has some pretty nifty syslog rewriting capabilities. Reading the docs, it *should* be possible, just create a substitution pattern that substitutes current time for the time in the timestamp when you forward the syslog message to graylog. But I've never tried it myself, YMMV etc. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/fbb281e7-4545-48d0-b6cb-8e45cbc8d8d3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
