Logs are coming late

[Monica7]

Hi,

I am having two servers named Server1 and Server2. Nagios log server is installed in Server1 . I want to track one of the log file which is available in Server2 from Server1 Nagios log server web interface.

I have done configuration in Server2 by following the below steps.

Nagios log Server web interface -> +Log Source -> Linux Source - > ran those steps in Server2

Nagios log server web interface -> +Log Source -> Linux files -> ran the steps (which is given) in Server2.

after configuring I am getting logs in Server1 Nagios log server web interface. But issue is I am getting logs late.

For example, If time is 05:15 in Server, I am getting 4:00 logs in Nagios log server dashboard.

So I have to wait for one hour to see 05:15 logs. Why it is taking this time.

whether I have to done time interval anywhere to track the logs instantly?

Question2:

we are having file input configuration in logstash . it is applicable for tracking the files which is available only inside the Server1? or we can track remote Server(Server2) files also in this file config. please confirm this as well
file{
path => file path to track
}

[hsmith]

Are the two servers in different time zones? Is it possible the time is wrong on one of them? The logs are likely there, you'd just need to expand your search to include logs in the future.

[Monica7]

Time stamp column which is given in dashboard is my system time .you have to look at the time in the message column and the time which is in given in Linux server.

How to expand the search to get future data

[hsmith]

On a dashboard, in the upper right corner click where it says "A day ago to a few second ago"(or whatever you have it set to). Click custom, and remove where it says "Right now". You can put a future date there instead.