Syslog Timezone Problem

jhcc · ‎03-29-2004

I am using Syslog Analyzer to collect syslog messages form switches and routers. From syslog analyzer, I see:

30 Mar 2004 19:51:49 CST Configured from console by ns010185 on vty 0.

And from show logging, the same message is

Mar 30 11:51:49 gmt: %SYS-5-CONFIG_I: Configured from console by ns010185 on vty 0 (10.100.254.166).

The time now is 11:51:49. Why it is 8 hours earlier than it really is ?

n.elms · ‎03-29-2004

There are only certain timezone acronyms and zones supported by CiscoWorrks.. Have a look at this link..

http://cisco.com/en/US/products/sw/cscowork/ps3996/prod_release_note09186a008017adfc.html#1039999

You will find the same for your version/platform on the Cisco site.

Hope it helps..

milan.kulik · ‎03-30-2004

Hi,

it seems like your switch is using GMT in syslog while CiscoWorks are using CST.

Have you configured

service timestamps log datetime msec localtime

in the switch config?

Then it will use local time in syslog timestamps.

You can configure the local time offset from GMT using

clock timezone CET 1 (e.g.)

command.

Regards,

Milan

jhcc · ‎03-30-2004

I had already configured 'service timestamps log datetime msec localtime show-timezone'.

Switch#sh clock

10:51:53.552 GMT Wed Mar 31 2004

It is learned from NTP server.

From CiscoWorks>RME>Administration>Syslog Analysis>Syslog Collector Status, the syslog analyzer is using the right time. But the log messages from reports is wrong.

Martin Ermel · ‎03-31-2004

search the online help of Cisco Works for the following:

country code

search all words

in Syslog Analysis

the first you get is Overview: Syslog Analysis

there you get info how Syslog Analysis handles time and timestamps.

HTH

guffe · ‎03-31-2004

If you change the solaris to use DST/GMT time and use the same on cisco device even that the cisco devices can use summertime with specific area definitions and the solaris can't it works fine for me.

I have TZ=DST-2 on the solaris(Because of the summertime is running right now)

and have

clock timezone DNT 1

clock summer-time DST recurring last Sun Mar 2:00 last Sun Oct 3:00

clock calendar-valid

on the IOS box

pycong · ‎04-15-2004

I met the same problem.

I find the following in help of the Syslog Analysis Overview:

Managed devices send syslog messages that contain a time stamp reflecting the device's local time zone. Because the device time zone might differ from the server, the Syslog Analyzer converts time stamps in all Syslog messages to GMT format for all supported time zones. If a device time zone is not supported, the server time zone is used. If a managed device is not configured to send time zone information with its messages, Syslog assumes the device resides in the server time zone and uses that time zone in the message time stamp. For example, if a managed device in India is set to the local time zone, sends a syslog message to an Essentials server in California, and the message is then viewed on a client browser in New York, the message will reflect California time.

It is recommended that you set the country code variable with the appropriate country code in the Sa.properties file located in the directory NMSROOT/lib/classpath/com/cisco/nm/sysloga/sa, to make sure that the Syslog timestamp conversion works correctly. For example, if you are in Singapore, you must set the country code variable as COUNTRY=SGP.

For a list of country codes, see the file, CountryCode.txt, located in the directory, NMSROOT\lib\classpath\com\cisco\nm\sysloga\CountryCode.txt. The country code is the 3-letter abbreviation specified in the CountryCode.txt (in column A 3).

Syslog reports are always displayed by converting stored GMT time to server time.

Hope these can help you.

jhcc · ‎05-11-2004

I have modified the Sa.properties ,set the country code as COUNTRY=CHN and restart the server. It still doesn't work.

Richard Burts · ‎05-12-2004

One of the previous answers stressed the importance of configuring service timestamps logging which includes the parameter "localtime". You responded that you had indeed configured this.

The aspect that has not yet been pointed out is what does the switch think localtime is. There is a clue in the log message:Mar 30 11:51:49 gmt: %SYS-5-CONFIG_...

and it is even more clear when you did

Switch#sh clock

10:51:53.552 GMT Wed Mar 31 2004

The switch is using GMT (Greenwich Mean Time) which it is learning from the NTP server.

What you need to do is to configure the local timezone (set timezone CST -6 0). You may also want to configure daylight savings (set summertime enable CDT)

HTH

Rick