Ok...and interesting issue here. We have 3 Inputs running into Graylog 2.12
Input 1 : Gelf-UDP Port 12202 - For Windows machines (sending with nxlog) Input 2 : Syslog UDP 514 - Novell Suse Linux sending via Syslog-ng Input 3 : Syslog UDP 15514 - ASA firewall sending via Cisco IOS syslogging My issue is with time stamps of the syslog messages coming in. All of our devices have the same local timezones and are all set to NTP so that their times are correct across the board. We are in central time, so UTC is 6 hours ahead (future devices will be in other time zones) Graylog is set to UTC....and Windows Events and ASA events are coming in just fine and are showing up in real time, so if it's noon here...the UTC time stamp for Input 1 and 3 devices says 1800....which is good. Input 2 is coming in as Central Time Zone...so the Novell Suse syslog timestamps are showing up as 1200 in the Graylog system, even though they are coming at the right time and in line with inputs 1 and 3. The net result is that Graylog is showing the Novell Events happening 6 hours earlier than they actually did We cannot mess with the time zones of the Novell systems because of what they all integrate to. So...how can one alter the timestamps either through Novell Suse Linux syslog, or by some sort of conversion inside of Graylog so that all times are reflected in UTC? All insight is appreciated Thanks TP -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1076c61f-bd67-4d90-8030-a66be832000f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
