Nagios Support Forum

Posted: **Tue Jul 21, 2015 6:49 pm**

The timestamp displayed in the GUI is off by 3 hours. The host sending their syslog is a mac if that's important.

In the image, the timestamp at #1 is 3 hours behind the actual time in the timezone (PDT) and the UTC time at #2 is also behind by 3 hours. #3 is the correct time.

The syslog file at /var/log/system.log shows the correct time:

Code: Select all

Jul 21 16:27:19 closet-ae4 timestamp-test[5419]: Syslog timestamp test

I did a tcpdump to make sure that it was sending the correct timestamp to the NLS and it is:

Code: Select all

16:27:19.660155 IP 172.31.235.109.59785 > 10.15.248.9.5544: UDP, length 75
	0x0000:  4500 0067 bb61 0000 4011 0000 ac1f eb6d  [email protected]
	0x0010:  0a0f f809 e989 15a8 0053 9a0a 3c31 333e  .........S..<13>
	0x0020:  4a75 6c20 3231 2031 363a 3233 3a34 3920  [b]Jul.21.16:27:19[/b].
	0x0030:  636c 6f73 6574 2d61 6534 2074 696d 6573  closet-ae4.times
	0x0040:  7461 6d70 2d74 6573 745b 3533 3536 5d3a  tamp-test[5419]:
	0x0050:  2053 7973 6c6f 6720 7469 6d65 7374 616d  .Syslog.timestam
	0x0060:  7020 7465 7374 0a                        p.test.

Similar issue: https://support.nagios.com/forum/viewto ... mp#p142871

Posted: **Wed Jul 22, 2015 9:09 am**

Check the date on Nagios Log Server by running these commands:

Code: Select all

date
hwclock
grep timezone /etc/php.ini

Is the date proper?

To explain things a little further, the date you have labelled as '1' is the UTC timestamp altered to display in your local timezone. This is so that different browsers across the world can see the log timing in their respective local timezones.

Posted: **Wed Jul 22, 2015 1:20 pm**

Thanks for the response, @joison

I have the correct date and timezone set for the system as well as PHP.

Code: Select all

# date
Wed Jul 22 11:11:50 PDT 2015

Code: Select all

# grep timezone /etc/php.ini 
date.timezone = America/Los_Angeles

hwclock won't work as this is on AWS.

Thanks for the clarification and yes I'm aware that #1 is UTC adjusted for local time but it's off because the UTC time (#2) is incorrect. However, the UTC time on the NLS is not incorrect and nor is it on the syslog messages coming in as shown in the tcpdump.

Code: Select all

# date -u
Wed Jul 22 18:19:10 UTC 2015

Posted: **Wed Jul 22, 2015 2:16 pm**

Does this happen with all of your logs, or just the ones from this OSX device?

Which input is OSX sending to - I assume a syslog input on port 5544 based on the 'syslog' tag? Does the log run through any additional filters after the input?

I would like to see a full log line from that OSX machine, so that I could test it locally on our latest revision. I would also like to see your logstash configuration:

Code: Select all

cat /usr/local/nagioslogserver/logstash/etc/conf.d/*

I cannot think of a reason this behavior would surface unless logstash hadn't been restarted in awhile - it might be worth trying a service logstash restart.

If you click on the 'Raw' button when you have your log open in the Web GUI, does it display the information any differently?

Nagios Support Forum

Timestamp incorrect

Timestamp incorrect

Re: Timestamp incorrect

Re: Timestamp incorrect

Re: Timestamp incorrect