Syslog UDP input doesn't recognize BST (British Summer Time)

I have a cisco device sending syslog messages to a syslog UDP input.

Full message as received by graylog:
<189>: 2020 Apr 22 18:56:58.660 BST: last message repeated 1 time

timestamp field converted by graylog:
2020-04-22 02:56:58 -05:00

I have timestamps in EDT getting converted correctly, why is BST failing?

More information:
Server information: Graylog 3.2.4+a407287 (Oracle Corporation 1.8.0_141 on Linux 3.10.0-514.26.2.el7.x86_64)

Time configuration:

User:
2020-04-22 13:42:42 -05:00
Your web browser:
2020-04-22 13:42:42 -05:00
Graylog server:
2020-04-22 13:42:42 -05:00

Please describe your problem precisely:

  1. Do you parse timestamp from cisco messages? Because cisco doesn’t follow RFC syslog format, which graylog doesn’t support by default.
  2. If not, don’t expect to correct timestamp conversion
  3. Check this nice article about parsing cisco logs:
    https://jalogisch.de/2018/working-with-cisco-asa-nexus-on-graylog/
  4. Why your web interface shows timezone -5 and want to parse BST timezone? Do you use different timezone for graylog and cisco device?

Note: You use very old version of RHEL/Centos kernel and java version from 2017, please update:
http://download.rhn.redhat.com/errata/RHBA-2017-1674.html
https://www.oracle.com/java/technologies/8u141-relnotes.html
Latest versions are:

 kernel-3.10.0-1062.18.1.el7.x86_64
 java-1.8.0-openjdk-headless-1.8.0.242
  1. Yes, I am parsing timestamps from cisco, that’s how I know BST isn’t working.
  2. I do expect correct timestamps… only BST is not working.
  3. I’ll read that.
  4. Yes, my cisco device is in BST, its located on the other side of the world which happens to currently be in British Summer Time zone.

I have switched the cisco device to UTC to bypass the issue of converting BST.

please post your extractor, or pipeline rule you use to parse timestamps…

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.