cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2658
Views
0
Helpful
13
Replies

Syslog Anlazer time stamp shifted by 6 hrs

habeebk
Level 1
Level 1

Hi,

I have Cw2k with RME 3.4 of RWAN installed on Windows platform. Even though the devices are sending NTP synchronised syslog messages (with correct time) to Cisco Works server, the Syslog analzer results shows permanant 6 hour time lag from the actual log time. I did "pdterm SyslogAnalyzer" and "pdexec SyslogAnalyzer" etc and verified the configuration.../nm/sysloga/sa/sa.properties file, everything looks correct.

Any solutions?

Thanks in Advance

Habeeb

13 Replies 13

Keyan
Level 1
Level 1

The syslog system will show the local time to the server while your devices may be set up to sync to GMT. So if your devices are set up to use GMT and the time zone on the server is configured differently ciscoworks's syslog system will show you the time on the server when the message was received.

I have verified that both are configured for local time, any other suggestions?

Best Regards

On a router, configure:

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

This forces the timestamp to be on localtime. The default is to use UTC timezone timestamp.

More here:

http://www.cisco.com/warp/public/477/RME/rme_syslog.html#correct

HTH,

Mustafa

Hi Musthafa,

Thnks for reply,

These two commands are already there (service timestamps debug datetime msec localtime show-timezone &

service timestamps log datetime msec localtime show-timezone )on all devices, i have gone through the mentioned Cisco document as well.

The time stamp on the syslogs recieved (from devices) in the CiscoWorks server is perfectly correct, this I verified on the messages recieved in the Syslog flat file. But the time shift arises when Cisco Works' syslog analyzer reports from this and all automated actions like email shows a consistant drift of 6 hours.

Thanks

Habeeb

Hi CW gurus,

Any solutions?, I am still struggling with this problem

Thanks

Habeeb

Hi Habeeb,

I too am having this problem. It's exactly six hours off. Have you had any solutions presented?

Thanks,

Dave

Hi Dave,

My problem is still unresolved, as suggested by the local Cisco Support I do updated with all patches & updates of this version of RME, but no luck.

To get the root cause of this problem, I installed the same version on a similiar OS environment with a test lab network. Result was perfect, syslog analyzer generates reports without any time shifts eventhough it had the same settings and configuration of production CW2K.

I wish if CISCO can help us giving some document that explains from where Syslog Analyzer takes the time to generate report so that we can probe back.

Thanks

Habeeb

This is usually due to the timezone that is set on the CiscoWorks server

Was it set to one timezone before the installation and then changed?

What is it set to now?

The TZ is correct on the server. We're in Atlantic time, so it's GMT-4. After turning debugs on, I'm seeing that it thinks it's a Solaris server, but it's actuallly Win2K. I'm thinking that it's having troubles deciphering the time (cause of the differences in Unix and Windows time).

Anyway, I'm working with TAC on this now. I'll post if I get a solution.

Regards,

Dave

Would the TZ happen to be set to ADT by any chance?

If so, I think RME is confused, and thinks you are on Arabia Daylight Time. You will require a patch.

EXCELLENT!! That's it. It is ADT. Do you know what patch I require?

Thanks very much!!

Dave

It will have to be compiled. Your TAC engineer will probably contact development for it.

OK,I will advise him. Thanks for the heads up. Since your post, I decided to look at the Bug Took Kit. Seems like there are a lot of timzeone related problems with CW2K.

Thanks again!

Dave

Review Cisco Networking for a $25 gift card