Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

syslog entries 12 hours behind

https://support.nagios.com/forum/viewtopic.php?t=32352

Page 1 of 1

syslog entries 12 hours behind

Posted: Mon Apr 13, 2015 7:22 pm
by Fred Kroeger
I'm sending the syslog, apache & mysql logs from a NagioXI server to the latest version NLS (Standard VM from Nagios).
The rsyslog on the NagiosXI server was setup using the NLS scripts.
I'm receiving them OK, however all the syslog entries are exactly 12 hours behind. The apache & mysql logs are always current time. So given that they are all coming from the same server, I'm not sure what would be causing this delay?
NLS.PNG
From the screenshot, localtimestamp is 07:58:51 14/04/2015 - message time is 19:58:51 13/04/15
Looking at the messages file on the server, the entry corresponds with a message also at 19:58:51
Below is a message from the apache log on the same server - the timestamp corrsponds with the message time
NLS2.PNG

Re: syslog entries 12 hours behind

Posted: Mon Apr 13, 2015 8:36 pm
by Box293
Run this command:

Code: Select all

ls -al /etc/localtime
Which will output something like:

lrwxrwxrwx 1 root root 39 Jun 26 2014 /etc/localtime -> /usr/share/zoneinfo/Australia/Melbourne

Make sure this is your correct timezone.

Run these two commands

Code: Select all

date

hwclock
Make sure they have the same date/time.

Run this command:

Code: Select all

cat /etc/php.ini | grep date.time
Make sure it has the correct timezone, in my example above it should be:

date.timezone = Australia/Melbourne

If you do change it restart the httpd service

Code: Select all

service httpd restart
Run this command:

Code: Select all

cat /etc/sysconfig/clock
Make sure it has the correct timezone, in my example it should be

ZONE="Australia/Melbourne"

If you change it, restart logstash

Code: Select all

service logstash restart

Re: syslog entries 12 hours behind

Posted: Tue Apr 14, 2015 7:03 pm
by Fred Kroeger
Good work Troy!
All the time settings were correct - except for the last one - /etc/sysconfig/clock.
Changed that to Australia/Perth and the syslogs from the Nagios server are now up-to-date.

What I still don't understand is why it only was the syslog from the Linux server that was affected?
The apache & mysql logs from that same server were always current as were the logs from the Network devices.

NagiosLS Team - you need to document these time settings as they are critical - especially for those of us that download your images which default to the US/Eastern timezone.

Thanks again Troy
Regards... Fred

Re: syslog entries 12 hours behind

Posted: Tue Apr 14, 2015 7:29 pm
by Box293
Excellent, glad we've got that sorted out ... it took me a while to get to the root of it when I last came across it.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited