Dear Support,
I would like to ask for a help with incorrect timestamps. I’ve already read other topics about this error, but it doesn’t solve my problem. I deployed Graylog from OVA file, running in VMware and version is the latest (3.0.2+1686930). Time setting displayed in System/Overview:
User admin :
2019-07-29 13:45:45 +02:00
Your web browser:
2019-07-29 13:45:45 +02:00
Graylog server:
2019-07-29 11:45:45 +00:00
Server configuration:
There is “Europe/Prague” in GRAYLOG/server.conf (root_timezone)
/etc/localtime of the Linux VM is pointed to Europe/Prague timezone file
timedatectl output of the Linux VM:
root@graylog:~# timedatectl
Local time: Mon 2019-07-29 13:37:30 CEST
Universal time: Mon 2019-07-29 11:37:30 UTC
RTC time: Mon 2019-07-29 11:37:29
Time zone: Europe/Prague (CEST, +0200)
System clock synchronized: yes
systemd-timesyncd.service active: yes
RTC in local TZ: no
From what I’ve read, the Graylog should take settings from the server setting, so it should have time same as Europe/Prague.
If you try to correct the timestamps of messages that are ingested into Graylog via Syslog - you can’t make that happen by changing the Servers timezone.
Graylog assumes that Syslog messages are UTC or contain proper timezone information. So that the messages can be saved with a UTC Timestamp in Elasticsearch.
if you want something different - please rephrase your question.
@jan my goal is to have all three times the same. I’ve installed 3 copies of Graylog (different customers, all of them are VMware VMs) and this “problem” occured only at single site. I did the same steps at every installation. @Karlis thanks for the tip, I’ll try that
@jan
“If you try to correct the timestamps of messages that are ingested into Graylog via Syslog - you can’t make that happen by changing the Servers timezone.” - no, the messages comes with correct time stam inside, because there is timezone configuration on the device
As you mentioned somewhere else (Time configuration incorrect) “Graylog internally use UTC and display the time always as UTC not with the local time setting of the server.” - I understand that, but from my experiences from three installations, two of them have Graylog server time adjusted to the local timezone (means no-UTC) and only one installation uses UTC. That’s weird.
We had had such a problem with our test machines at the time. In the end, only a new installation helped.
But it’s done relatively quickly. After the new installation the problem never occurred again.
Thanks. I’ve already done new installation (download latest OVA and went through configuration). I didn’t find solution, so I switched OS timezone back to UTC and now I see correct timestamps in the Graylog at least. It’s not perfect, but it will work.
