Nagios Support Forum

So, I copied what was is the file 99-nagioslogserver.conf file and appended it to the rsyslog.conf file and then restarted rsyslog.

I am using the defauly logstash configs 000_inputs.conf, 500_filters.conf, and 999_outputs.conf. I have setenforce set to 0 and iptables off.

Is it possible the logs are showing up in the 'future' ?

On your dashboard, in the upper right can you change the 'A month ago to a few seconds ago' to some crazy time range in the future using the custom button? Sometimes there's some weirdness about timestamps.

Yeah, that worked! Sweet! How do we fix the issue with the timestamps?

Can I see a screenshot of one of the logs with any sensitive information obfuscated?

Unfortunately, I cannot. Is there anything in particular you are looking for?

I wanted to see what the timestamp differences look like. Specifically the message field, and any field with the word timestamp in it/any field that relates to time.

Here are some links for reference to what's going on: https://discuss.elastic.co/t/timestamp- ... ture/29421
https://support.nagios.com/forum/viewto ... 37&t=34084

Basically, the timestamp value on the left column is correct but when you expand the message, the timestamp value inside the message is about 7 hours off.

Please read through the following document to learn about how dates work with relation to Nagios Log Server: https://www.elastic.co/guide/en/logstas ... -date.html

I am betting that either:

1. Your system time is off

2. You have a syslog input or a date filter that is re-doing the time of your inbound logs.

In either case, reading the above article will be useful. Let me know if you have any questions about it!

Can you please close thread.