@timestamp error on syslog logs


(Julian Somoza) #1

I'm monitoring different logs such Squid, Apache, Nginx, Secure and Message syslogs, Postfix and Dovecot.

When the Squid, Apache and Nginx logs arrive the @timestamp time is the same of my PC and Servers times. Otherwise, when syslogs, postfix and Dovecot arrives, the @timestamp have 2 hours diff and in the graphic appear as "future logs".

I search in the forum but not found nothing similar...

Thanks in advance!


(Ben Joyce) #2

Do you want to override the @timestamp with the timestamp from the log,
rather than the system time the log was imported?


(Julian Somoza) #3

No, I want @timestamp to have the real system time... Now is adding 2 hours to the system time, but only on these logs... in Apache @timestamp have the correct system time.


(Andrew Cholakian) #4

Can you post your config? We'll need to see it to assess further.


(Magnus B├Ąck) #5

What's the timezone for the servers involved?


(system) #6