cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
pakorn
Level 9
Report Inappropriate Content
Message 1 of 6

How to modify access log to local time stamp

Jump to solution

Hi 

I put access log via rsylog to splunk 

But my customer need to change the time in access log to GMT+7  How to config it ? 

result.jpg

BR

Pakorn

 

 

1 Solution

Accepted Solutions
fw_mon
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 6

Re: How to modify access log to local time stamp

Jump to solution

Hello @pakorn 

here are several options:

  • change MWG system time zone from UTC to +0700 (Configuraiton > Data and Time)
  • Recalculate the timestamp for each log line (Set User-Defined.timeshift = DateTime.ToNumber
    + 25200 then DateTime.ISOString.FromEpoch (User-Defined.timeshift) )
  • Modify the timestamp in the rsyslog configuration timezone(id="ITC" offset="+07:00")
  • change the TZ property in props.conf on Splunk
  • a brute force solution: use DateTime.ISOString and just add "+0700" as a string to "fake" the timestamp
MWG+Splunk=❤

View solution in original post

5 Replies
fw_mon
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 6

Re: How to modify access log to local time stamp

Jump to solution

Hello @pakorn 

here are several options:

  • change MWG system time zone from UTC to +0700 (Configuraiton > Data and Time)
  • Recalculate the timestamp for each log line (Set User-Defined.timeshift = DateTime.ToNumber
    + 25200 then DateTime.ISOString.FromEpoch (User-Defined.timeshift) )
  • Modify the timestamp in the rsyslog configuration timezone(id="ITC" offset="+07:00")
  • change the TZ property in props.conf on Splunk
  • a brute force solution: use DateTime.ISOString and just add "+0700" as a string to "fake" the timestamp
MWG+Splunk=❤
pakorn
Level 9
Report Inappropriate Content
Message 3 of 6

Re: How to modify access log to local time stamp

Jump to solution

@fw_mon 

I forget syn ntp time in my customer WMG

after change MWG system time zone from UTC to +0700 (Configuraiton > Data and Time) and ntp sync

 RAW log is change to local time +7:00 but in the rsyslog time stamp still +0:00 

 

time stamp issue.jpg

 

Screenshot_1.jpg

 

But in my lab and another customer site time stamp is the same value

 

Screenshot_2.jpg

 

Screenshot_3.jpg

 

do you have any recommend ? 

fw_mon
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: How to modify access log to local time stamp

Jump to solution

try to reboot the mwg, the timestamp should be the same

MWG+Splunk=❤
pakorn
Level 9
Report Inappropriate Content
Message 5 of 6

Re: How to modify access log to local time stamp

Jump to solution
After rebooting. the Time is the same thank you.

Re: How to modify access log to local time stamp

Jump to solution

A secure web gateway is a cloud-based or local network security service. Located between users and the Internet, Secure Web Gateways provide advanced network protection by inspecting web requests in accordance with company policy to ensure malicious websites and applications are blocked and inaccessible.

Secure web gateways are installed as a software component or a hardware device at the edge of the network or at user endpoints. The gateway monitors this traffic for malicious code, uses web applications, and any URL  that users or non-users attempt. 

A secure web gateway is a security solution that seeks to allow unsafe traffic to enter an organization's internal network. Businesses use it to protect their employees and users from access and infection by malicious web traffic, websites, viruses, and malware. It also ensures the implementation and compliance with the organization's regulatory policy.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community