Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
276
Views
0
Helpful
5
Replies

Catalyst 1300 syslog date/time

clape
Level 1
Level 1

‎05-29-2024 10:30 AM

So I might have found a bug with the c1300 4.1.0.76 firmware, but I wanted to get yalls opinion before I report a bug.

Heres the issue:

I am sending syslogs to rsyslog so that they can be ingested into grafana loki via promtail, but the messages are getting rejected at rsyslog because of the timestamp on the syslog message. The time stamp on the syslog message is WAY off!

sh clock: 12:58:37 May 29 2024

terminal logging timestamp: 29-May-2024 12:58:30 (sh clock was run right after this log message)

Here is where it get crazy

syslog timestamp: 2160-07-05T19:26:46-4:00 (this syslog output is with the origin-id set to ip,(same result with host), this is the only way to get a timestamp on the syslog message)

I cannot find this value anywhere! I have triple checked all of the clock setting (pretty sure), I generated diag. tech-support info, and cannot find that date anywhere. I have even run it through wireshark and looked through the hex/dec to try and find where that date/time is coming from, no joy.

Does anyone have any thoughts of a possible fix action or any other locations where I might be able to see where that date is coming from? I'm really starting to dislike this c1300. lol

tech-support info will be coming (on air gapped network) soon. 

Thanks

Charlie

 

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎05-29-2024 11:44 AM

the one you show on the syslog server when the receive message from the device.

what you see on the device when you issue show logging.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

clape
Level 1
Level 1

‎05-29-2024 11:57 AM - edited ‎05-29-2024 12:09 PM

logging enabled

origin_id: ip

console/buffer/file logging level info

AAA enabled, file sys copy - enabled, file sys delete-rename - enabled, mngt acl deny - enabled

aggregation - disabled

logging cbd level informational

logging cbd module: all

All of the log messages under "show logging" have the correct date/time bases on the clock of the switch.

also I see in the logs where the system clock is updated by ntp

 

Charlie

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to clape

‎05-29-2024 12:12 PM

other opensource claims cisco do not use standards - so they need mimic the logs. (but not that difference you show your log)

what Log Server you sending to ? ask them to normalize the logs when they receive from device.

example :

https://community.graylog.org/t/timestamp-vs-timestamp/26728/5

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP

‎05-29-2024 12:18 PM

https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html

I see this issue maybe two months ago but I dont remember the solution'

But sure the solution is using 

One of thesr command 

service sequence-numbersservice timestamps log datetimeservice timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime 

MHM

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎05-29-2024 12:21 PM

https://community.cisco.com/t5/network-management/time-stamps-wrong-in-log/td-p/777236

This what I found it not what I was looking for but it same issue as your

Goodluck friend 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card