Hi Tom, do the syslog messages from SUSE Linux on "Input 2" contain any timezone information? If not, Graylog automatically assumes UTC.
See https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md#syslog-ng for configuration hints. Cheers, Jochen On Monday, 30 January 2017 21:30:12 UTC+1, Tom Powers wrote: > > Ok...and interesting issue here. > > We have 3 Inputs running into Graylog 2.12 > > Input 1 : Gelf-UDP Port 12202 - For Windows machines (sending with nxlog) > > Input 2 : Syslog UDP 514 - Novell Suse Linux sending via Syslog-ng > > Input 3 : Syslog UDP 15514 - ASA firewall sending via Cisco IOS syslogging > > > My issue is with time stamps of the syslog messages coming in. All of our > devices have the same local timezones and are all set to NTP so that their > times are correct across the board. We are in central time, so UTC is 6 > hours ahead (future devices will be in other time zones) > > Graylog is set to UTC....and Windows Events and ASA events are coming in > just fine and are showing up in real time, so if it's noon here...the UTC > time stamp for Input 1 and 3 devices says 1800....which is good. Input 2 > is coming in as Central Time Zone...so the Novell Suse syslog timestamps > are showing up as 1200 in the Graylog system, even though they are coming > at the right time and in line with inputs 1 and 3. The net result is that > Graylog is showing the Novell Events happening 6 hours earlier than they > actually did > > We cannot mess with the time zones of the Novell systems because of what > they all integrate to. > > So...how can one alter the timestamps either through Novell Suse Linux > syslog, or by some sort of conversion inside of Graylog so that all times > are reflected in UTC? > > All insight is appreciated > > Thanks > > TP > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b1071d9b-cba5-4cb4-8ae1-002965b474d5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
