We've got RME 4.0.5 on Solaris 9.
Now we have a problem with Syslog. The timestamp is wrong, it should be 4 hours earlier than it displayed the messages.I configurd the timezone in the config file but it didn't takes effect.
And I saw that the the Syslog Collector collects the messages but if i made a report it just displays not the half of the recieved messages.
Can someone help me?
What is the current timezone on the server (i.e. cat /etc/TIMEZONE)? Also, what do the raw messages look like? It could be that the devices are configured to send messages with a UTC timestamp.
Thanks for your answer!
In the TIMEZONE file it's MET and in the Collector.properties file the configuration looks so:
# Timezone related properties
# General properties
# Miscellaneous properties. These are not important to users.
But the messages arrives with the correct timestamp. Do you now some Cisco Documentations about the way from the syslog_info to RME??
I configured all how it is written there: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000e/e_4_x/rme405/405ug/syslog.htm
I wonder if the milliseconds are causing the problem here. Try this timestamp line in the config, and see if it helps:
service timestamps log datetime localtime show-timezone
This is an IOS config command. You need to put this into the config of one of the problem devices, then see if it corrects the problem.
Ok I made it, but i still don't work!
I saw that in the syslog_info the timeformat has changed and the msec no longer displayed.
But in RME the messages arrives still with the rong time.
Strange is that today the RME displays the messages with 6 hour time offset but yesterday and the day before the messages had a 4 houre time offset.
Perhaps this is related to the following definitions:
syslog properties: MEST
if I check my TimeZone.lst file I see the following:
bash-2.05# more TimeZone.lst
# TIMEZONE LIST FOR SYSLOG COLLECTOR
# This is the TimeZone list used by SyslogCollector.
# Each entry represents a timezone abbreviation, and its offset from GMT.
# Each offset given here is 10 multiplied by the actual offset;
# Example, the actual offset for IST is 5.5 hours, and the
# corresponding entry here is 55.
# Please use the same method while modifying it.
and with summertime in MET you will get a diff of 4 hours...
just an assumption, but what happens if you change MEST=-20 to MEST=20 (what I think it should be) and restart the syslogAnalyzer process
Hmmm, good catch. This is either a bug, or there is another timezone, MEST, that has an offset of -2 hours from UTC. I highly suspect the former.