Setting timestamp to UTC in CE | Log collection solutions

#1 crobert 2 years ago

Hello -

Currently using this for Event logs:

Exec $SyslogFacilityValue = 22;to_syslog_snare();

However the timestamp in the logs is local machine time and it needs to be in UTC. From searching around it looks like this is possible in EE:

DateFormat YYYY-MM-DDThh:mm:ss.sUTC

However I cannot find that this is feasible for CE.

Is there a way with Community Edition to either manually set the timestamp to UTC (without having to know the local machine time) or, worst case scenario, is it possible to forward the log from nxlog without a timestamp at all so the received log will only have a timestamp of ingest time?

Permalink

#2 KlevinDeactivated Nxlog ✓ 2 years ago

#1 crobert

Hello - Currently using this for Event logs: Exec $SyslogFacilityValue = 22;to_syslog_snare(); However the timestamp in the logs is local machine time and it needs to be in UTC. From searching around it looks like this is possible in EE: DateFormat YYYY-MM-DDThh:mm:ss.sUTC However I cannot find that this is feasible for CE. Is there a way with Community Edition to either manually set the timestamp to UTC (without having to know the local machine time) or, worst case scenario, is it possible to forward the log from nxlog without a timestamp at all so the received log will only have a timestamp of ingest time?

Hello Sir,

Unfortunately DateFormat is only available on Enterprise Edition.

In Community Edition can i suggest to work with variables if you need to remove them or if you know the timezone you can create new variable by concatenating the variables to define what timezone the machine have configured.

If further help is needed please share the confgiuration.

Sincerely Klevin