The timestamp of the syslog messages differs from the time synchronized from the NTP server

Issue Description

The S5700 switch synchronizes its time from a NTP server which provides the time in an UTC format. The switch is located in a different region with the NTP server and is configured to add an offset of 2 hours to the UTC time according to the local time zone. Along with the NTP configuration the switch is set to send the log information to a syslog server where the logs are received with a different timestamp than the current time of the device.QQ图片20171117101327

Current time of the switch:

 

[R6_U24_S5710_Stack]display ntp-service status

clock status: synchronized

clock stratum: 3

reference clock ID: 192.168.64.1

nominal frequency: 60.0002 Hz

actual frequency: 60.0002 Hz

clock precision: 2^17

clock offset: 0.0000 ms

root delay: 17.52 ms

root dispersion: 0.21 ms

peer dispersion: 0.00 ms

reference time: 18:09:50.411 UTC Jan 5 2001(BE008C6E.694A2B9D)      //time received from NTP server

synchronization state: clock set

 

[R6_U24_S5710_Stack]display clock

2001-01-05 21:10:09+03:00                        //time adjusted on the switch according to the local timezone

Friday

Time Zone(BUC) : UTC+03:00

Info-center configuration of the device:

 

[R6_U24_S5710_Stack]info-center loghost 172.1.1.19

Warning: There is security risk as this operation enables a non secure syslog protocol.

 

 

The timestamp of the logs received on the syslog server present the time in UTC format:

 

5/23/2016 12:12:31 PM  | 192.168.64.9    | Local7                | Info   |  Jan  5 2001 18:11:06 R6_U24_S5710_Stack %%01MSTP/6/RECEIVE_MSTITC(l)[18]:MSTP received BPDU with TC, MSTP process 0 instance 0, port name is GigabitEthernet0/0/1.

5/23/2016 12:12:42 PM  | 192.168.64.9    | Local7                | Notice               |  Jan  5 2001 18:11:17 R6_U24_S5710_Stack %%01SHELL/5/CMDRECORD(s)[19]:Record command information. (Task=VT0, Ip=172.1.1.19, VpnName=, User=admin, AuthenticationMethod=”Local-user”, Command=”quit”, Result=Success)

Solution

The timestamp of the syslog displays the UTC time by default and in this situation we should adjust the syslog configuration by adding the local-time parameter in the info-center loghost command as below:

[R6_U24_S5710_Stack]info-center loghost 172.1.1.19 local-time

After the local-time parameter is added, the syslog messages should be sent with the current time of the switch.

Result:

5/23/2016 12:12:50 PM  | 192.168.64.9    | Local7                | Notice            |  Jan  5 2001 21:11:25+03:00R6_U24_S5710_Stack %%01SHELL/5/CMDRECORD(s)[20]:Record command information. (Task=VT0, Ip=172.1.1.19, VpnName=, User=admin, AuthenticationMethod=”Local-user”, Command=”info-center loghost 172.1.1.19 local-time”, Result=Success)

5/23/2016 12:12:50 PM  | 192.168.64.9    | Local7                | Notice            |  Jan  5 2001 21:11:25+03:00 R6_U24_S5710_Stack %%01SHELL/5/CMDRECORD(s)[21]:Slot=1;Record command information. (Task=HS2M, Ip=172.1.1.19, VpnName=, User=admin, AuthenticationMethod=”Local-user”, Command=”info-center loghost 172.1.1.19 local-time”, Result=Success)

For more Huawei Switch model, please check http://www.thunder-link.com

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s