I have a Graylog server that collects logs from multiple devices and everything is working fine. I am trying to send an email alert for some of the logs. In the Graylog web interface, I can see the correct time in the message.
But when I get the email with the same message. I see the timestamp as below
Does anyone have an idea why is it showing like this and what can I do to correct it?
I think in the email alert it is not doing -5:00 to show correct.
I’m using the Graylog docker container. But I have specified the timezone in the docker-compose file and I see it correctly on the Graylog Web Interface. It only happens in the email alert, everywhere else it is correct.
Yes the datetimectl shows correct. For now I used the extractor to create a new field that contains time from the message. But I will keep looking into this because this shouldn’t be like this.
Yeah I have seen other community members had to do the same but its odd that only your Email is affected. It might be the device send the logs, not 100% sure. Also pipelines are good for this type of issue.
Just an FYI we have “Tag’s” specially for timestamp problems. This may help in searching for a better alternative.
I checked all the places. Including the gmail account I use, GrayLog Server time, the host system time but I got nothing conclusive. I will keep looking into this and as soon as I find something I will post that on the forum for others. Thanks for the help though @gsmith@tmacgbay.
If all Graylog is in time sync and your messages show correct timestamp and it’s just email received that has the wrong timestamp, test against the email server… did you check the timezone in the calendar of the Gmail account you are using? maybe test sending to an alternate e-mail server to go through that you know is in the correct time zone?