Details
-
Bug
-
Resolution: Cannot Reproduce
-
Trivial
-
None
-
Community Edition
-
RHEL6u6 w/ rsyslogd 5.8.10
Description
Issue is caused when a device sends a syslog from a timezone ahead of the observium/syslog capture server. In my case, the server is running at UTC-6 and the device runs at UTC.
The "Recent Syslog Messages" displays the message time as negative. When trying to clear out the entries with housekeeping.php it clears out everything but these entries.
Attachments
Activity
I'm not really sure why this is happening without setting up a system with a fake timezone to check it.
The syslog stuff is kinda messy and difficult to deal with.
No argument from me, but sometimes the reality is that you have equipment in different timezones that simply can't all sit on UTC time.
I'm planning on checking back into Observium once the server time has caught up to the entries that were created to see if that fixes the issue and allows me to wipe them out.
I simply reported as a negative timestamp is probably not ideal operating conditions
A note:
Changing the line in /etc/rsyslog.d/30-observium.conf
to:
$template observium,"%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timegenerated:8:25%||%msg%||%programname%\n"
|
Does fix the timestamp issue as it changes the time to the time the server receives the message but doesn't fix the core issue.
ArchTyriel you are still here?
Can you eanable syslog debugging and send me some example syslog messages. See here:
https://docs.observium.org/config_options/#debugging-profiling-settings
Alternatively you can temporary send syslog messages directly for limited (5-10min) time to my devele server by ip: 77.222.50.30.
At last point, please show me info:
./discovery.php -VV