Fortigate Messages Still Coming in 4 Hours Late After 2.3.0 Upgrade


#1

Wasn’t this fixed in 2.3.0?


(Jochen) #2

Obviously not?

Maybe you want to elaborate on your issue…


#3

Instead of trying to explain it again, here is the last thread we had where it was discussed about this being fixed in 2.3.0.


(Jochen) #4

If you read that topic further, you’ll see that your particular issue hasn’t been fixed and is best fixed by using the parse_date() function or a Copy Input extractor and a Date Converter with the correct timezone.


#5

How does the copy input extractor work for this process? Yesterday before writing this post I created this extractor but it isn’t working. Do you mind pointing out what I have done wrong?


(Jochen) #6

Field names are case sensitive, so “timestamp” is a different field than “Timestamp” (what you’ve entered as target field).


#7

Target field is actually lowercase timestamp. Hence I am trying to convert it to Timestamp capital so it will fill the primary “Timestamp” field.

image

I tried updating my extractor to this, still no dice.


(Nimol) #8

I had also the same problem but with 24 minutes delay. I creadted another user with utc timezone and everyting was ok and I logged out and logged in as Admin(timezone Berlin) and problem somehow solved!


#9

I have tried modifying my users Timezone but no dice, all of my users are being imported from LDAP.


#10

Any updates on what I am doing wrong?


(system) #11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.