Nginx error log delay

nshah14285 · January 30, 2018, 5:25am

The timezone set on graylog server and client is same.

And still, the logs generating in client nGinx error log file is getting delayed by around 1 hour. I mean on graylog server it shows 1 hour before nGinx error log generated even after starting auto refrest interval.

jan · January 30, 2018, 6:46am

is this one hour before your local difference to UTC? What is the Timezone you have configured in your Graylog users profile?

nshah14285 · January 30, 2018, 7:53am

User timezone is same as graylog server timezone.

jochen · January 30, 2018, 9:01am

How are you ingesting the nginx log files?
What’s the content of the nginx log file?

nshah14285 · January 30, 2018, 10:44am

We have created seperate Input in graylog server on different port other then syslog.

It contains error which are generated in PHP.

jan · January 30, 2018, 12:48pm

the question is more:

how did you transport the messages from your message generating server to graylog?
how does a sample line look like?

nshah14285 · January 31, 2018, 5:21am

I am using nGinx content pack from https://marketplace.graylog.org/addons/572ff823-62cc-468e-af17-300bcfd9932d

Timezone set on Graylog server, Graylog server user and client server is same. As you can check in below images.

Timezone

Graylog node timezone
node-timezone

Sample line

I hope above details help in figuring out the cause of the problem.

jan · January 31, 2018, 7:00am

what is the timezone of your client?
does the log timestamp contain timezone information?

nshah14285 · January 31, 2018, 7:17am

Client timezone is Europe/Berlin (CET, +0100) which is same as Graylog server timezone.
Log contains local time which is server time. As you can check in Sample line image attached in previous reply.

jan · January 31, 2018, 8:29am

the timestamp in the provided log does not contain a timestamp.

All messages that did not have a timezone information will be handled like UTC.

nshah14285 · January 31, 2018, 9:09am

Any idea how to add timezone in nginx access and error logs?

jochen · January 31, 2018, 9:24am

You can use the processing pipeline for that, e. g. construct a date with the desired timezone:

http://docs.graylog.org/en/2.4/pages/pipelines/functions.html#parse-date

nshah14285 · January 31, 2018, 9:40am

I have select the timezone ‘Berlin’ from nginx error log input extractor from gaylog > System/Inputs Inputs and the logs from client is getting imported into graylog without any delay.

Isn’t it should pick timezone automatically based on graylog server or graylog user timezone?

jochen · January 31, 2018, 9:58am

No. It’s intentionally using UTC if no timezone was specified in the log message itself.

Food for thought: Yeller - The Worst Server Setup Mistake You Can Make

nshah14285 · January 31, 2018, 10:36am

So the timezone which I have selected from nginx error logs input extractor is correct or not?

I also noticed that after changing the timezone some error logs are not getting imported to graylog server.

jochen · January 31, 2018, 1:18pm

How should we know? You didn’t provide any details.

system · February 14, 2018, 1:19pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timezone graylog for a lot of timezone Graylog Central (peer support)	11	3054	December 20, 2018
Graylog alert log time delay Graylog Central (peer support)	4	1249	March 26, 2019
Incorrect time in log Graylog Central (peer support) pipeline-rules	40	14718	September 28, 2018
Timezone issues. Logs are shown 1 hour behind Graylog Central (peer support)	8	3310	September 17, 2020
Timezone Graylog Server Graylog Central (peer support)	16	42922	November 13, 2018

Nginx error log delay

Related topics