On freebsd, can't for the life of me configure the server timezone

I have a mis-match in the time config that I cannot figure out how to resolve, leading to messages appearing 1 hour after the actual event. E.g. I log in via VPN which triggers an alert email. The firewall shows the log in but it will take one hour before I can see it appear in Graylog message flow and before the alert email is sent. Curiously, the email that is sent at 11.23 will also contain the raw message that triggered the alert and in that message the timestamp is 10.23.

My current config worked fine with everything appearing in real time on version 4.3.1, but since I upgraded to 4.3.3 the delay is present. Graylog 4.3.3 installed on freebsd from pkg. Latest version available atm. EDIT: I switched branches from quarterly to latest and have now upgraded to 4.3.9, but the problem remains.

The graylog package in freebsd does not create a server.conf in graylog/server, but the same settings appear to be present in graylog.conf in graylog/. However, changes to root_timezone only affects the admin user, not the graylog server.

I suspect the graylog server time mismatch is the culprit, but how should I configure the servers timezone. I am at a loss as to whether I need to configure a server.conf now when I did not need to before. Using date at the command line also suggests that the server is using correct time (see image).

Can anyone point me in the proper direction to solve this? Thanks!

My timezone is Europe/Sweden, thus +1 from UTC.

Managed to solve it: ran tzsetup on the command line to set time zone for the system. This made the graylog server interpret the time correctly. Curiously, setting the time zone did not affect the output of the date command. It already gave the correct time before and still after.

hey @pastic

My 2 cents, Just looking at you screenshot " Time configuration" section" I can see the node was out of sync , enhance why using tzsetup worked. As for your setting the time zone didn’t work, I’m not sure.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.