Json log alerts timezone

[Pedro Henrique]

Hello all. 

I was with a wazuh installation working fine but had to destroy the machine and i made a new machine installed wazuh everything was ok instead of timezone on json alerts file.

{"timestamp":"2021-02-15T12:49:50.156+0000","rule":{"level":7,"description"

it must to be -0300 but its not, I have looked all configurations but cant figure out where iam missing. 

Can i have a help here?

Thanks for the wazuh team for creating this amazing engine and for supporting us very well and fast!

cya!

[Yana Zaeva]

Hi Pedro,

It seems this could be related that the timezone you have in this machine is the default one (UTC +0000). You can check this by running:

timedatectl 

The output will be similar to this one: 

Local time: Mon 2021-02-15 13:34:26 UTC

  Universal time: Mon 2021-02-15 13:34:26 UTC

        RTC time: Mon 2021-02-15 13:34:22

       Time zone: UTC (UTC, +0000)

     NTP enabled: yes

NTP synchronized: yes

 RTC in local TZ: no

      DST active: n/a

In order to set the time of your region, (which I suppose is GTM -3), just run the following lines: 

timedatectl set-timezone "America/Argentina/Buenos_Aires"

Now, your output, if you run timedatectl, should be similar to this one: 

Local time: Mon 2021-02-15 10:43:24 -03

  Universal time: Mon 2021-02-15 13:43:24 UTC

        RTC time: Mon 2021-02-15 13:43:20

       Time zone: America/Argentina/Buenos_Aires (-03, -0300)

     NTP enabled: yes

NTP synchronized: yes

 RTC in local TZ: no

      DST active: n/a

Let me know if the logs are arriving with the right timestamp!

Waiting for your reply,

Yana.

[Pedro Azzi]

Hi Yana! Thanks alot for your reply, I have checked everything in the machine and it's configured with the correct timezone, below is the output of timedatectl command.

# timedatectl
               Local time: Mon 2021-02-15 12:02:01 -03
           Universal time: Mon 2021-02-15 15:02:01 UTC
                 RTC time: Mon 2021-02-15 15:02:02
                Time zone: America/Sao_Paulo (-03, -0300)
System clock synchronized: yes
              NTP service: inactive

          RTC in local TZ: no

#

Before send the message to the group I have googled alot about this and did the timedatectl configuration and dpkg-reconfigure tzdata to put the correct timezone, but all of this was AFTER install the wazuh-manager.

On the moment i installed wazuh it was with the incorrect timezone configuration, do you think this may be the cause?

Thanks!

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/Y0zWGTGFghM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/0091cfd0-a195-4041-83d3-2988e5f10cc6n%40googlegroups.com.

[Yana Zaeva]

Hi Pedro,

I have tested changing the time configuration before installing the Wazuh manager, and it seems to work. Also, I have tested upgrading the Wazuh manager to the newest version (4.1.0), so if you are currently behind this, with an upgrade you will set the right timestamp too. You can check the current version by running:

cat /var/ossec/etc/ossec-init.conf

Let me know if this worked for you. 

Yana.

[Pedro Azzi]

Hello Yana!

You are right, I was with the version 4.0.1, after upgrade to 4.1.0 the timezone "problem" was solved!

Thank you so much for your help

--

Pedro

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/45f02d3c-7238-41f1-ad82-8a57f0fcec85n%40googlegroups.com.

[Yana Zaeva]

Hi Pedro,

It is always a pleasure to help. Do not hesitate to contact us if you have any doubt!

Regards,

Yana.