Timestamp on Log server
Timestamp on Log server
What controls the timestamp of the logs in the collected logs from various sources? We are seeing a mismatch between Nagios server log receipt and the actual source. Where to check any log timestamp settings?
Re: Timestamp on Log server
Hi @ashahikh,
It'd be useful to have more information - could you share a couple of log lines (both on your actual server and in the log server interface) as well as their timezone?
If you want to dig into this on your own, here's what you'll need to know:
1. Log timestamps are saved in Elasticsearch as UTC, after logstash attempts to parse the timestamp/timezone from the log line.
2. If you're not seeing the correct timestamp, you may want to see if timezone information is available in your logs.
3. If you aren't able to set up timezone information or if you don't have control over the format of your log messages, you can also change your logstash configuration. The syslog input has a timezone setting to allow you to assume a different default timezone.
I hope this helps - please let me know if you have any further questions or concerns.
It'd be useful to have more information - could you share a couple of log lines (both on your actual server and in the log server interface) as well as their timezone?
If you want to dig into this on your own, here's what you'll need to know:
1. Log timestamps are saved in Elasticsearch as UTC, after logstash attempts to parse the timestamp/timezone from the log line.
2. If you're not seeing the correct timestamp, you may want to see if timezone information is available in your logs.
3. If you aren't able to set up timezone information or if you don't have control over the format of your log messages, you can also change your logstash configuration. The syslog input has a timezone setting to allow you to assume a different default timezone.
I hope this helps - please let me know if you have any further questions or concerns.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy