Some types of log sources and log formats, such as rfc3339, include a timezone aware timestamp. This applies to the Linux Operating system where the Graylog Input is running. Timezone of the Linux Operating System where Graylog is receiving log messages Consistent time stamps are crucial when correlating logs from multiple sources. Many devices will default to this timezone.īecause not all log messages and not all date formats include the timezone offset, Coordinated Universal Time (UTC) should be used to prevent confusion about what timezone a timestamp is in and allow for consistent logging of timestamps regardless of how those logs are accessed or viewed. We strongly recommend configuring the timezone of any log source to send log messages with a timestamp in UTC. In order for log messages to be viewed with the correct timestamp and timezone, all of the above must be configured appropriately. The timezone display settings for the user logged into Graylog.The timezone of your Linux server’s operating system. Time Zones and Graylogįor a Graylog cluster, time zones come into play in several ways: Log message timestamp issues are commonly caused by a mismatch of timezones between the log source (device sending the log) and log destination (device receiving the log, such as Graylog). Difficulty searching for log messages based on specific date/time.Some problems that incorrect timestamps create include: When working with log messages, the log message’s timestamp must be accurate.
0 Comments
Leave a Reply. |