cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
403
Views
0
Helpful
5
Replies

Catalyst 1300 syslog date/time

clape
Level 1
Level 1

So I might have found a bug with the c1300 4.1.0.76 firmware, but I wanted to get yalls opinion before I report a bug.

Heres the issue:

I am sending syslogs to rsyslog so that they can be ingested into grafana loki via promtail, but the messages are getting rejected at rsyslog because of the timestamp on the syslog message. The time stamp on the syslog message is WAY off!

sh clock: 12:58:37 May 29 2024

terminal logging timestamp: 29-May-2024 12:58:30 (sh clock was run right after this log message)

Here is where it get crazy

syslog timestamp: 2160-07-05T19:26:46-4:00 (this syslog output is with the origin-id set to ip,(same result with host), this is the only way to get a timestamp on the syslog message)

I cannot find this value anywhere! I have triple checked all of the clock setting (pretty sure), I generated diag. tech-support info, and cannot find that date anywhere. I have even run it through wireshark and looked through the hex/dec to try and find where that date/time is coming from, no joy.

Does anyone have any thoughts of a possible fix action or any other locations where I might be able to see where that date is coming from? I'm really starting to dislike this c1300. lol

tech-support info will be coming (on air gapped network) soon. 

Thanks

Charlie

 

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

the one you show on the syslog server when the receive message from the device.

what you see on the device when you issue show logging.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

clape
Level 1
Level 1

logging enabled

origin_id: ip

console/buffer/file logging level info

AAA enabled, file sys copy - enabled, file sys delete-rename - enabled, mngt acl deny - enabled

aggregation - disabled

logging cbd level informational

logging cbd module: all

All of the log messages under "show logging" have the correct date/time bases on the clock of the switch.

also I see in the logs where the system clock is updated by ntp

 

Charlie

other opensource claims cisco do not use standards - so they need mimic the logs. (but not that difference you show your log)

what Log Server you sending to ? ask them to normalize the logs when they receive from device.

example :

https://community.graylog.org/t/timestamp-vs-timestamp/26728/5

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html

I see this issue maybe two months ago but I dont remember the solution'

But sure the solution is using 

One of thesr command 

service sequence-numbersservice timestamps log datetimeservice timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime 

MHM

https://community.cisco.com/t5/network-management/time-stamps-wrong-in-log/td-p/777236

This what I found it not what I was looking for but it same issue as your

Goodluck friend 

MHM

Review Cisco Networking for a $25 gift card