Scribble
(Scribble)
1
I have a cisco device sending syslog messages to a syslog UDP input.
Full message as received by graylog:
<189>: 2020 Apr 22 18:56:58.660 BST: last message repeated 1 time
timestamp field converted by graylog:
2020-04-22 02:56:58 -05:00
I have timestamps in EDT getting converted correctly, why is BST failing?
More information:
Server information: Graylog 3.2.4+a407287 (Oracle Corporation 1.8.0_141 on Linux 3.10.0-514.26.2.el7.x86_64)
Time configuration:
User:
2020-04-22 13:42:42 -05:00
Your web browser:
2020-04-22 13:42:42 -05:00
Graylog server:
2020-04-22 13:42:42 -05:00
shoothub
(Shoothub)
2
Please describe your problem precisely:
- Do you parse timestamp from cisco messages? Because cisco doesn’t follow RFC syslog format, which graylog doesn’t support by default.
- If not, don’t expect to correct timestamp conversion
- Check this nice article about parsing cisco logs:
https://jalogisch.de/2018/working-with-cisco-asa-nexus-on-graylog/
- Why your web interface shows timezone -5 and want to parse BST timezone? Do you use different timezone for graylog and cisco device?
Note: You use very old version of RHEL/Centos kernel and java version from 2017, please update:
http://download.rhn.redhat.com/errata/RHBA-2017-1674.html
https://www.oracle.com/java/technologies/8u141-relnotes.html
Latest versions are:
kernel-3.10.0-1062.18.1.el7.x86_64
java-1.8.0-openjdk-headless-1.8.0.242
Scribble
(Scribble)
3
- Yes, I am parsing timestamps from cisco, that’s how I know BST isn’t working.
- I do expect correct timestamps… only BST is not working.
- I’ll read that.
- Yes, my cisco device is in BST, its located on the other side of the world which happens to currently be in British Summer Time zone.
I have switched the cisco device to UTC to bypass the issue of converting BST.
shoothub
(Shoothub)
4
please post your extractor, or pipeline rule you use to parse timestamps…
system
(system)
Closed
5
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.