I'm sending the syslog, apache & mysql logs from a NagioXI server to the latest version NLS (Standard VM from Nagios).
The rsyslog on the NagiosXI server was setup using the NLS scripts.
I'm receiving them OK, however all the syslog entries are exactly 12 hours behind. The apache & mysql logs are always current time. So given that they are all coming from the same server, I'm not sure what would be causing this delay?
From the screenshot, localtimestamp is 07:58:51 14/04/2015 - message time is 19:58:51 13/04/15
Looking at the messages file on the server, the entry corresponds with a message also at 19:58:51
Below is a message from the apache log on the same server - the timestamp corrsponds with the message time
syslog entries 12 hours behind
-
Fred Kroeger
- Posts: 588
- Joined: Wed Oct 19, 2011 11:36 pm
- Location: Perth, Western Australia
- Contact:
syslog entries 12 hours behind
You do not have the required permissions to view the files attached to this post.
-
Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: syslog entries 12 hours behind
Run this command:
Which will output something like:
lrwxrwxrwx 1 root root 39 Jun 26 2014 /etc/localtime -> /usr/share/zoneinfo/Australia/Melbourne
Make sure this is your correct timezone.
Run these two commands
Make sure they have the same date/time.
Run this command:
Make sure it has the correct timezone, in my example above it should be:
date.timezone = Australia/Melbourne
If you do change it restart the httpd service
Run this command:
Make sure it has the correct timezone, in my example it should be
ZONE="Australia/Melbourne"
If you change it, restart logstash
Code: Select all
ls -al /etc/localtimelrwxrwxrwx 1 root root 39 Jun 26 2014 /etc/localtime -> /usr/share/zoneinfo/Australia/Melbourne
Make sure this is your correct timezone.
Run these two commands
Code: Select all
date
hwclockRun this command:
Code: Select all
cat /etc/php.ini | grep date.timedate.timezone = Australia/Melbourne
If you do change it restart the httpd service
Code: Select all
service httpd restartCode: Select all
cat /etc/sysconfig/clockZONE="Australia/Melbourne"
If you change it, restart logstash
Code: Select all
service logstash restartAs of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
Fred Kroeger
- Posts: 588
- Joined: Wed Oct 19, 2011 11:36 pm
- Location: Perth, Western Australia
- Contact:
Re: syslog entries 12 hours behind
Good work Troy!
All the time settings were correct - except for the last one - /etc/sysconfig/clock.
Changed that to Australia/Perth and the syslogs from the Nagios server are now up-to-date.
What I still don't understand is why it only was the syslog from the Linux server that was affected?
The apache & mysql logs from that same server were always current as were the logs from the Network devices.
NagiosLS Team - you need to document these time settings as they are critical - especially for those of us that download your images which default to the US/Eastern timezone.
Thanks again Troy
Regards... Fred
All the time settings were correct - except for the last one - /etc/sysconfig/clock.
Changed that to Australia/Perth and the syslogs from the Nagios server are now up-to-date.
What I still don't understand is why it only was the syslog from the Linux server that was affected?
The apache & mysql logs from that same server were always current as were the logs from the Network devices.
NagiosLS Team - you need to document these time settings as they are critical - especially for those of us that download your images which default to the US/Eastern timezone.
Thanks again Troy
Regards... Fred
-
Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: syslog entries 12 hours behind
Excellent, glad we've got that sorted out ... it took me a while to get to the root of it when I last came across it.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.