Timezone frustrations with Docker deployment

Graylog Central (peer support)
1

Hi All - I am new to Graylog and was looking for an option for log monitoring where I am unable to use Splunk. So far I really like it but I am having issues with timezone setup. I am deploying via Docker, everything is working fine, I can create a new user and set their timezone properly and it shows up on the search timeline correctly however the logs are still using a different timezone. Here is my docker-compose.yml file, I am in USA Central timezone but everything continues to show UTC.

version: ‘2’
services:

MongoDB:

mongodb:
image: mongo:4.2
networks:
- graylog
#DB in share for persistence
volumes:
- /mongo_data:/data/db
environment:
- TZ=America/Chicago

Elasticsearch:

elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
#data folder in share for persistence
volumes:
- /es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- “ES_JAVA_OPTS=-Xms512m -Xmx512m”
- TZ=America/Chicago
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
networks:
- graylog

Graylog:

graylog:
image: graylog/graylog:4.2
#journal and config directories in local NFS share for persistence
volumes:
- /graylog_journal:/usr/share/graylog/data/journal
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=xxxx
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=xxxx
- GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.1.12:9000/
- root_timezone=America/Chicago
- TZ=America/Chicago
- GRAYLOG_TIMEZONE=America/Chicago
entrypoint: /usr/bin/tini – wait-for-it elasticsearch:9200 – /docker-entrypoint.sh
networks:
- graylog
links:
- mongodb:mongo
- elasticsearch
restart: always
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP

Any ideas? I thought adding the environment variables would work but so far no luck. The containers all have their timezones set properly and the devices feeding into the system have their timezones set correctly as well.

Thanks for any help!

2

Hey @zz87vq

Perhaps i can help, try this

environment:
      # Container time Zone
      - TZ=America/Chicago <----------------------------------------------HERE
      
      - GRAYLOG_PASSWORD_SECRET=pJod1TRZAckHmqM2oQPqX1qnLVJS99jHm2DuCux2Bpiuu2XLT
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=ef92b778bafe771e89245b881f383d4473e94f
      - GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
      - GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.1.28:9000/
      - GRAYLOG_ROOT_TIMEZONE=America/Chicago <--------------------------HERE
      - GRAYLOG_ROOT_EMAIL=greg.smith@domain.com

You need two ENV not three. should be good. Dont forget every user logged in has a timezone setting also.

3

Thank you much, that took care of it!

4

Hey @zz87vq

awesome-yes-will-ferrell (1)

glad to help out.

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.