Email Alert has wrong timestamp in the "Timestamp" field

I have a Graylog server that collects logs from multiple devices and everything is working fine. I am trying to send an email alert for some of the logs. In the Graylog web interface, I can see the correct time in the message.

2021-11-30 16_50_37-Window

But when I get the email with the same message. I see the timestamp as below
2

Does anyone have an idea why is it showing like this and what can I do to correct it?

I think in the email alert it is not doing -5:00 to show correct.

Hello,

By chance did you check the Date/Time on Graylog server?
Under System/Overview does your Time configuration all look the same?
Example:

Do you have NTP running on your GL node?

What type of Notification did you configure?
Examples:
image

Perhaps some more details about your environment, To help us, help you please take a look here.

There should have been a Text box Template prior to posting here that would guide you for the information needed.

Hope that helps

The time in the system/overview tab is correct.

And I am using Email Notification

I’m using the Graylog docker container. But I have specified the timezone in the docker-compose file and I see it correctly on the Graylog Web Interface. It only happens in the email alert, everywhere else it is correct.

Thank you for the added information.
How about your Server OS Date/Time? What do you see when you execute this?

root # timedatectl

Yes the datetimectl shows correct. For now I used the extractor to create a new field that contains time from the message. But I will keep looking into this because this shouldn’t be like this.

Hello,

Yeah I have seen other community members had to do the same but its odd that only your Email is affected. It might be the device send the logs, not 100% sure. Also pipelines are good for this type of issue.

Just an FYI we have “Tag’s” specially for timestamp problems. This may help in searching for a better alternative.

Hope that helps

Seems to me it’s an issue at the e-mail sever. It may be receiving the messages in UTC or not recognizing the offset in some way…

1 Like

Actually good call, I forgot to ask about the email server config.

I am using Gmail as the email server. Here is my configuration, as I am using docker for Graylog.

3

you may need to set the timezone in your gmail account …

I checked all the places. Including the gmail account I use, GrayLog Server time, the host system time but I got nothing conclusive. I will keep looking into this and as soon as I find something I will post that on the forum for others. Thanks for the help though @gsmith @tmacgbay.

1 Like

I believe there is a timezone in the calendar portion of Gmail - not sure if that will solve the issue though. Good luck!

Hello there,

Can I check what version of Graylog you are using? I beleive this is may be a bug that was fixed in later versions of Graylog.

Here is my version info

4

I’m sure you can guess what my next suggestion is going to be :slight_smile:

Thanks for the suggestion but that didn’t help

If all Graylog is in time sync and your messages show correct timestamp and it’s just email received that has the wrong timestamp, test against the email server… did you check the timezone in the calendar of the Gmail account you are using? maybe test sending to an alternate e-mail server to go through that you know is in the correct time zone?

Had a poke through github. Looks like this is a known limitation:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.