1. Describe your incident:
Winlogbeat send events from domain controller to graylog.
I created alert which send email if users use wrong password.
In original event on DC I see right time. In graylog I see right timestamp
timestamp 2023-03-28 07:33:04.026
But if I get email notifications I see
I attachk for email backlog and there is also a bad hour.
Why is the time shifted by two hours?
2. Describe your environment:
- OS Information:
Ubuntu 22.04 LTS
- Package Version:
3. What steps have you already taken to try and solve the problem?
My time configuration from graylog → Overview
Time configuration Dealing with timezones can be confusing. Here you can see the timezone applied to different components of your system. You can check timezone settings of specific graylog-server nodes on their respective detail page. User xxxxxxx: 2023-03-28 07:44:34 +02:00 Your web browser: 2023-03-28 07:44:34 +02:00 Graylog server: 2023-03-28 07:44:34 +02:00
4. How can the community help?
How I can fix this?