No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The timestamp of the syslog messages differs from the time synchronized from the NTP server

Publication Date:  2016-05-25 Views:  1995 Downloads:  0
Issue Description

The S5700 switch synchronizes its time from a NTP server which provides the time in an UTC format. The switch is located in a different region with the NTP server and is configured to add an offset of 2 hours to the UTC time according to the local time zone. Along with the NTP configuration the switch is set to send the log information to a syslog server where the logs are received with a different timestamp than the current time of the device.





Current time of the switch:


[R6_U24_S5710_Stack]display ntp-service status                                                                                              

 clock status: synchronized                                                                                                        

 clock stratum: 3                                                                                                                   

 reference clock ID: 192.168.64.1                                                                                                  

 nominal frequency: 60.0002 Hz                                                                                                     

 actual frequency: 60.0002 Hz                                                                                                      

 clock precision: 2^17                                                                                                             

 clock offset: 0.0000 ms                                                                                                           

 root delay: 17.52 ms                                                                                                              

 root dispersion: 0.21 ms                                                                                                          

 peer dispersion: 0.00 ms                                                                                                          

 reference time: 18:09:50.411 UTC Jan 5 2001(BE008C6E.694A2B9D)      //time received from NTP server                                                                

 synchronization state: clock set                                 

 

[R6_U24_S5710_Stack]display clock                                                                                                      

2001-01-05 21:10:09+03:00                        //time adjusted on the switch according to the local timezone                                                                                   

Friday                                                                                                                             

Time Zone(BUC) : UTC+03:00     



Info-center configuration of the device:

 

[R6_U24_S5710_Stack]info-center loghost 172.1.1.19                                                                                 

Warning: There is security risk as this operation enables a non secure syslog protocol.       

 

  

The timestamp of the logs received on the syslog server present the time in UTC format:

 

5/23/2016 12:12:31 PM  | 192.168.64.9    | Local7                | Info   |  Jan  5 2001 18:11:06 R6_U24_S5710_Stack %%01MSTP/6/RECEIVE_MSTITC(l)[18]:MSTP received BPDU with TC, MSTP process 0 instance 0, port name is GigabitEthernet0/0/1.  

5/23/2016 12:12:42 PM  | 192.168.64.9    | Local7                | Notice               |  Jan  5 2001 18:11:17 R6_U24_S5710_Stack %%01SHELL/5/CMDRECORD(s)[19]:Record command information. (Task=VT0, Ip=172.1.1.19, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="quit", Result=Success)

Solution

The timestamp of the syslog displays the UTC time by default and in this situation we should adjust the syslog configuration by adding the local-time parameter in the info-center loghost command as below:

[R6_U24_S5710_Stack]info-center loghost 172.1.1.19 local-time  

 

After the local-time parameter is added, the syslog messages should be sent with the current time of the switch.

Result:                                                                    

5/23/2016 12:12:50 PM  | 192.168.64.9    | Local7                | Notice            |  Jan  5 2001 21:11:25+03:00 R6_U24_S5710_Stack %%01SHELL/5/CMDRECORD(s)[20]:Record command information. (Task=VT0, Ip=172.1.1.19, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="info-center loghost 172.1.1.19 local-time", Result=Success)

5/23/2016 12:12:50 PM  | 192.168.64.9    | Local7                | Notice            |  Jan  5 2001 21:11:25+03:00 R6_U24_S5710_Stack %%01SHELL/5/CMDRECORD(s)[21]:Slot=1;Record command information. (Task=HS2M, Ip=172.1.1.19, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="info-center loghost 172.1.1.19 local-time", Result=Success)

END