Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1204
Views
5
Helpful
2
Replies

Firepower 4115 and ASA syslogs

lanab
Level 1
Level 1

‎10-08-2020 12:15 PM - edited ‎10-08-2020 12:16 PM

I have problems with the Firepower ASA syslogs messages are sent as UTC timestamps.

 

I have set in FXOS the correct NTP servers and they are synchronized with the correct timezone for our country and the time is correct.

 

# show clock

Thu Oct 8 11:45:10 CEST 2020

 

Our Splunk administrator says all syslog messages does not have the correct timestamps  and believes they are stamped as UTC but i configured it as CEST?

 

Would appreciate input on this case.

 

 

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎10-08-2020 01:46 PM

what time zone they are ? is the same time where Splunk Syslog servers?

what is the time zone configured on Splunk, can you show us some example of logs how it shipped?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-09-2020 06:35 AM - edited ‎10-09-2020 06:36 AM

ASA (and Firepower) will send syslog messages with a UTC-based timestamp. That's independent of whether you have set a local timezone on the appliance.

While this behavior can be changed on IOS-based devices, I don't believe it can on an ASA. So if a system ingesting the logs wants to track them based on a local timezone, the modification must be done on the log server side.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card