Graylog Discovery
-
When trying to figure out why my Graylog was not working correctly, I think i figured it out, and might have also solved the issue we were discussing last week.
https://www.mangolassi.it/topic/10244/syslog-forwarding-for-xenserver/86When you install the appliance version, the time zone is set to UTC. So, when you are searching, looking for the recent entries that should be trickling in, nothing shows up.
I stumbled across them in the input section, and realized it might be a time zone issue. And sure enough after some more Linux tutelage by @DustinB3403 and a reboot of the Graylog VM, sure enough, everything was working perfectly.
So if you are having issues having anything appear in Graylog, make sure your time zone is set correctly.
sudo timedatectl set-timezone America/New_York -
Or... learn to work in UTC like the rest of us
Or build your own Graylog server and it doesn't have this issue.
-
@scottalanmiller said in Graylog Discovery:
Or... learn to work in UTC like the rest of us
Or build your own Graylog server and it doesn't have this issue.
A one liner is pretty easy fix, and there is no installation required. Import the OVA and power it on.
-
@scottalanmiller said in Graylog Discovery:
Or... learn to work in UTC like the rest of us
Or build your own Graylog server and it doesn't have this issue.
I mean, I'm already using open source and moving away from GUI.
Let me have SOME creature comforts for goodness sake.
-
Also, if you want to join the civilized world, and also have the web interface show the correct time, you need to edit the graylog.conf file located in /opt/graylog/conf
There is a time zone line to edit.
-
@scottalanmiller said in Graylog Discovery:
Or... learn to work in UTC like the rest of us
Or build your own Graylog server and it doesn't have this issue.
Is there any specific reason for using UTC?
-
@Romo said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
Or... learn to work in UTC like the rest of us
Or build your own Graylog server and it doesn't have this issue.
Is there any specific reason for using UTC?
Because it never has a daylight saving problem, it's standard and universal, every system uses it identically, and it is the only option that doesn't play favourites with a region.
-
@BRRABill
You can also make a new Graylog user (like AdminUserGuy) and set that user to the correct time zone from the web interface/user options -
@scottalanmiller said in Graylog Discovery:
@Romo said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
Or... learn to work in UTC like the rest of us
Or build your own Graylog server and it doesn't have this issue.
Is there any specific reason for using UTC?
Because it never has a daylight saving problem, it's standard and universal, every system uses it identically, and it is the only option that doesn't play favourites with a region.
So......you just add (say 5, for NY) to everything you see?
-
@BRRABill said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
@Romo said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
Or... learn to work in UTC like the rest of us
Or build your own Graylog server and it doesn't have this issue.
Is there any specific reason for using UTC?
Because it never has a daylight saving problem, it's standard and universal, every system uses it identically, and it is the only option that doesn't play favourites with a region.
So......you just add (say 5, for NY) to everything you see?
Or just work in UTC. In modern international business you always have to adjust the time. Nothing is easier than using UTC which is stable, as a base.
-
@scottalanmiller said in Graylog Discovery:
@BRRABill said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
@Romo said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
Or... learn to work in UTC like the rest of us
Or build your own Graylog server and it doesn't have this issue.
Is there any specific reason for using UTC?
Because it never has a daylight saving problem, it's standard and universal, every system uses it identically, and it is the only option that doesn't play favourites with a region.
So......you just add (say 5, for NY) to everything you see?
Or just work in UTC. In modern international business you always have to adjust the time. Nothing is easier than using UTC which is stable, as a base.
How do you get everyone to play along? Server support? Desktop support? Etc..
-
@BRRABill said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
@BRRABill said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
@Romo said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
Or... learn to work in UTC like the rest of us
Or build your own Graylog server and it doesn't have this issue.
Is there any specific reason for using UTC?
Because it never has a daylight saving problem, it's standard and universal, every system uses it identically, and it is the only option that doesn't play favourites with a region.
So......you just add (say 5, for NY) to everything you see?
Or just work in UTC. In modern international business you always have to adjust the time. Nothing is easier than using UTC which is stable, as a base.
How do you get everyone to play along? Server support? Desktop support? Etc..
You make it a company policy. Times are in UTC. It's pretty easy, you can set desktops through GP or similar. Set servers to UTC. Works like magic. Some people might adjust their own stuff, but if they miss things it's purely a failure on their part that they have no excuse for. In fact, the excuse might be worse than missing things (intentionally breaking policy to not know when to show up.)
-
@scottalanmiller said in Graylog Discovery:
@BRRABill said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
@BRRABill said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
@Romo said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
Or... learn to work in UTC like the rest of us
Or build your own Graylog server and it doesn't have this issue.
Is there any specific reason for using UTC?
Because it never has a daylight saving problem, it's standard and universal, every system uses it identically, and it is the only option that doesn't play favourites with a region.
So......you just add (say 5, for NY) to everything you see?
Or just work in UTC. In modern international business you always have to adjust the time. Nothing is easier than using UTC which is stable, as a base.
How do you get everyone to play along? Server support? Desktop support? Etc..
You make it a company policy. Times are in UTC. It's pretty easy, you can set desktops through GP or similar. Set servers to UTC. Works like magic. Some people might adjust their own stuff, but if they miss things it's purely a failure on their part that they have no excuse for. In fact, the excuse might be worse than missing things (intentionally breaking policy to not know when to show up.)
Wait, wait...so you expect all your users to also adapt to UTC?
-
@BRRABill said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
@BRRABill said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
@BRRABill said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
@Romo said in Graylog Discovery:
@scottalanmiller said in Graylog Discovery:
Or... learn to work in UTC like the rest of us
Or build your own Graylog server and it doesn't have this issue.
Is there any specific reason for using UTC?
Because it never has a daylight saving problem, it's standard and universal, every system uses it identically, and it is the only option that doesn't play favourites with a region.
So......you just add (say 5, for NY) to everything you see?
Or just work in UTC. In modern international business you always have to adjust the time. Nothing is easier than using UTC which is stable, as a base.
How do you get everyone to play along? Server support? Desktop support? Etc..
You make it a company policy. Times are in UTC. It's pretty easy, you can set desktops through GP or similar. Set servers to UTC. Works like magic. Some people might adjust their own stuff, but if they miss things it's purely a failure on their part that they have no excuse for. In fact, the excuse might be worse than missing things (intentionally breaking policy to not know when to show up.)
Wait, wait...so you expect all your users to also adapt to UTC?
Easier than have them not be able to figure out timezones. It's LESS adaptation, rather than more.
