10-08-2020 12:15 PM - edited 10-08-2020 12:16 PM
I have problems with the Firepower ASA syslogs messages are sent as UTC timestamps.
I have set in FXOS the correct NTP servers and they are synchronized with the correct timezone for our country and the time is correct.
# show clock
Thu Oct 8 11:45:10 CEST 2020
Our Splunk administrator says all syslog messages does not have the correct timestamps and believes they are stamped as UTC but i configured it as CEST?
Would appreciate input on this case.
10-08-2020 01:46 PM
what time zone they are ? is the same time where Splunk Syslog servers?
what is the time zone configured on Splunk, can you show us some example of logs how it shipped?
10-09-2020 06:35 AM - edited 10-09-2020 06:36 AM
ASA (and Firepower) will send syslog messages with a UTC-based timestamp. That's independent of whether you have set a local timezone on the appliance.
While this behavior can be changed on IOS-based devices, I don't believe it can on an ASA. So if a system ingesting the logs wants to track them based on a local timezone, the modification must be done on the log server side.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide