Hi guys , im new using graylog.
Im trying the tool from a docker container , I would like to do some tests before moving to real server.
I followed the documented steeps using docker-compose.
I managed to receive standard messajes.
Now , timestamp on received messages are not ok.
Any idea how to fix it ?
I can access to server cli using portainer cli but have not persmission to run date command.
btw: time stamp on local device is ok.
Regards.
Leandro.
First you need to understand the root cause and based on that you can develop solution.
What does it mean “not ok”?
Is it about incorrect timezone? Incorrect local time in container? Incorrect graylog local time?
Ok, date is ok.
Time it is not ok.
Is it possible that timezone is not ok but, I dont know how to check it from command line neither web.
For example , I can see a line like:
|2019-09-23 15:55:35.589|38.11X.11.1|
| — | — | |system,info,account user admintecnet logged in from 1x8.111.16.11 via winbox|
And proper time should be 12:55:35 , so it is 4 hours ahead.
Please ifyou can provide how to check timezone, would be great:
I can see this:
graylog@907d6bcb03ec:~$ cat /etc/timezone
Etc/UTC
But not what to do with it.
Regards.
If I understand your configuration properly you have
host system
container system
graylog system
Please show output of
date -R
from all 3 systems
so how does a log message look like? Does the message itself has a timestamp with proper timezone information?
How did you ingest messages?
Hi zoulja: yes , I have graylog running on docker container.
Here I will post my time:
On graylog container:
graylog@907d6bcb03ec:~$ date -R
Tue, 24 Sep 2019 13:12:05 +0000
On host (centos 7, time os ok here).
[root@dockers ~]# date -R
Tue, 24 Sep 2019 10:12:08 -0300
Container system: Can not find how to check it on docker system.
BTW: I can not write on /etc/timezone directyl on cli,
Also tried restarting container.
Hope you can helpme,
Regards.
Dear Jan.
This is how it looks like on gl.
|2019-09-24 12:29:02.206|X38.1X7.X6.X| | — | — | |system,info filter rule changed by admin|
And this is how it looks like on exporting device (mikrotik router):
Sep/24/2019 09:05:21 system,info filter rule changed by admin
Is this what you asked ?
Regards.
the question is more - how do you ingest from your device to Graylog?
To be fair, your timestamp does not include a proper timezone and Graylog will take this timestamp as UTC because that is where it defaults to when no timezone is given.
Hi Jan , you were right.
After selecting “bsd” option on login section , time is ok now.
Hope it help to other users.
Regards.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
