Nginx error log delay

(Nshah14285) #1

The timezone set on graylog server and client is same.

And still, the logs generating in client nGinx error log file is getting delayed by around 1 hour. I mean on graylog server it shows 1 hour before nGinx error log generated even after starting auto refrest interval.

(Jan Doberstein) #2

is this one hour before your local difference to UTC? What is the Timezone you have configured in your Graylog users profile?

(Nshah14285) #3

User timezone is same as graylog server timezone.

(Jochen) #4

How are you ingesting the nginx log files?
What’s the content of the nginx log file?

(Nshah14285) #5

We have created seperate Input in graylog server on different port other then syslog.

It contains error which are generated in PHP.

(Jan Doberstein) #6

the question is more:

  • how did you transport the messages from your message generating server to graylog?
  • how does a sample line look like?

(Nshah14285) #7

I am using nGinx content pack from

Timezone set on Graylog server, Graylog server user and client server is same. As you can check in below images.


Graylog node timezone

Sample line

I hope above details help in figuring out the cause of the problem.

(Jan Doberstein) #8
  • what is the timezone of your client?
  • does the log timestamp contain timezone information?

(Nshah14285) #9

Client timezone is Europe/Berlin (CET, +0100) which is same as Graylog server timezone.
Log contains local time which is server time. As you can check in Sample line image attached in previous reply.

(Jan Doberstein) #10

the timestamp in the provided log does not contain a timestamp.

All messages that did not have a timezone information will be handled like UTC.

(Nshah14285) #11

Any idea how to add timezone in nginx access and error logs?

(Jochen) #12

You can use the processing pipeline for that, e. g. construct a date with the desired timezone:

(Nshah14285) #13

I have select the timezone ‘Berlin’ from nginx error log input extractor from gaylog > System/Inputs Inputs and the logs from client is getting imported into graylog without any delay.

Isn’t it should pick timezone automatically based on graylog server or graylog user timezone?

(Jochen) #14

No. It’s intentionally using UTC if no timezone was specified in the log message itself.

Food for thought:

(Nshah14285) #15

So the timezone which I have selected from nginx error logs input extractor is correct or not?

I also noticed that after changing the timezone some error logs are not getting imported to graylog server.

(Jochen) #16

How should we know? You didn’t provide any details.

(system) #17

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.