Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7814
Views
5
Helpful
6
Replies

FTD 2130 - Changing the Syslog Time zone

Go to solution
dejan_jov1
Level 1
Level 1

‎04-06-2018 07:01 AM - edited ‎02-21-2020 07:36 AM

Hi,

 

Our Firepower 2130 is sending Syslogs with Timestamps in UTC Time Zone and I can't find way how to change it.

I configured in Platform settings/Time Syncronization that the FTD updates its Time from Management Center but when I do show ntp on FTD I get this output:

 

> show ntp
NTP Server                : 127.127.1.1
Status                    : Unknown
Offset                    : 0.000 (milliseconds)
Last Update               : 99m (seconds)

NTP Server                : 127.0.0.2
Status                    : Being Used
Offset                    : 0.278 (milliseconds)
Last Update               : 29 (seconds)

 

Shouldn't tere be the FMCs IP?

On FMC under User Preference the Time Zone is CET.

 

show time on FTD:

 

> show time
UTC -       Fri Apr  6 13:53:30 UTC 2018
Localtime - Fri Apr 06 09:53:31 EDT 2018

 

Is it possibe to change the UTC Timestamps in Syslog messages to another Time Zone?

 

Thanks in Advance!

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-06-2018 09:25 AM

Is your FMC a VM? If so, it is not recommended to use it as an NTP server for the sensors.

 

Firepower syslog messages will always have UTC timestamps. It's not an option to change that.

View solution in original post

6 Replies 6

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-06-2018 09:25 AM

Is your FMC a VM? If so, it is not recommended to use it as an NTP server for the sensors.

 

Firepower syslog messages will always have UTC timestamps. It's not an option to change that.

Go to solution
dejan_jov1
Level 1
Level 1
In response to Marvin Rhoads

‎04-06-2018 10:41 PM

Hi Marvin,

 

Our FMC is an VM, so we will need to use another NTP Server. Thanks!

0 Helpful

Go to solution
HakamAbd79366
Level 1
Level 1
In response to Marvin Rhoads

‎07-09-2020 12:53 AM

Hi,

 

on FTD got timezone UTC (UTC+0:00), Device Management, its possible to change timezone.  bcus on the FMC, have correct timezone.

 

Thanks

0 Helpful

Go to solution
mariya.telitsina
Level 1
Level 1

‎07-08-2022 04:13 AM

Any news on this topic?

on my FMC 7.0 syslog messages are sent to syslog server in UTC format... kind of confusing.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mariya.telitsina

‎07-08-2022 06:21 AM

@mariya.telitsina 

Cisco sees that as the "right" way to do it per the RFC so the behavior remains as-is.

0 Helpful

Go to solution
mariya.telitsina
Level 1
Level 1

‎07-10-2022 08:21 PM

Thank you Marvin for your reply! I googled a way to make an offset on a syslog server. will try this as a workaround.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card