The instructions for Red Hat Installation of Graylog 6.0 strongly recommends setting the timezone to UTC on the Graylog server:
sudo timedatectl set-timezone UTC
but makes no mention of the OpenSearch server timezone. Should we set the OpenSearch server to UTC timezone also just to match up with Graylog?
TL;DR: you can set the timezone of your servers to any value you need/want, such as your correct local timezone. This applies to both Graylog and OpenSearch servers. However, be sure to explicitly set the timezone of your Syslog input(s) in the Graylog Web UI.
More Details and Context:
A quick bit of context: older versions of graylog would use the timezone of the Graylog server when ingesting syslog messages. For example, if your syslog device, like a router/firewall, is configured to use UTC, and sends a syslog message to the graylog server set to a UTC offset, the datetime would be wrong in graylog. The workaround was to change the timezone of the graylog server and most common standard for this is to use UTC.
Now in Graylog 5.1 and later, you can configure the timezone of the syslog input.
Let me know if this doesn’t answer your question!
Thanks Drew - this does answer my question. Your 2014 blog article is still referenced in the Server Timezone paragraph of the Installing Graylog documentation, even for Graylog 6.0 and 6.1, which is what led me to it.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
