Time mismatch between mail time and wazuh notification time

[Kerim Karataş]

Hello everyone, 

I have a problem. As I mentioned in the image, I am having a time mismatch problem in the email and alert. How can I make the alert time and email time equal?

I'm grateful for your help.

[Farouk Musa]

Hello Kerim,

The timestamp on the left is the timestamp from Wazuh while the one on the right is the one from your mail agent. This disparity can be caused by mail agent delaying sending notifications to your configured email or a time zone difference between the Wazuh manager and your configured mail.

I'll suggest the following:

1. Check the timezone of your Wazuh server and compare with your gmail.

2. Review your postfix log to see if messages are queued for long before being sent.

This will help give an idea of where the time difference might be coming from.

[Kerim Karataş]

Hi Farouk Musa,

1) The wazuh server's local time and my gmail time are correct. My request is that when Wazuh sends an alert, it sends an e-mail according to the server's local time.

2) I examined the logs, there is no queue in Postfix.

So I couldn't understand. Why does Wazuh still write the alert time according to universal time? I want the local time of the wazuh server to be written in the email notification.

25 Haziran 2024 Salı tarihinde saat 13:01:45 UTC+3 itibarıyla Farouk Musa şunları yazdı:

[Kerim Karataş]

Hello

Can you help with the issue?

Thank you.

26 Haziran 2024 Çarşamba tarihinde saat 11:14:18 UTC+3 itibarıyla Kerim Karataş şunları yazdı:

[Farouk Musa]

Hello Kerim,

Wazuh uses UTC as a default time zone, i believe your time zone has not been updated from this. Please provide me with the following information:

1. What version of Wazuh do you use and what deployment option.

2. Share with me output of cat /etc/localtime (output will look weird but the last line will be helpful)
3. Share with me output of cat /var/ossec/etc/localtime

4. Did you just change your timezone or your timezone has always been Asia/Istanbul?

[Farouk Musa]

Also check the ossec log file and let me know if the timestamp in there is correct.

[Kerim Karataş]

Hello Farouk Musa,

1)  

2) 

3)

4)I changed the time after installing wazuh.

The command I entered is "timedatectl set-timezone Asia/Istanbul"

5) I checked the ossec.logs file path in the visual, but it is not according to Istanbul time.

Thank you for everything.

1 Temmuz 2024 Pazartesi tarihinde saat 12:08:18 UTC+3 itibarıyla Farouk Musa şunları yazdı:

[Farouk Musa]

Thank you for the information. Looks like the Wazuh time has not synced with your local time as seen in  /var/ossec/etc/localtime UTC is still being used.

When you change your time config with timedatectl, you have to restart the Wazuh manager so the new settings can sync and take effect. Please restart your Wazuh maanger and check the ossec logs again to see if the correct timezone is now being used. 

[Kerim Karataş]

Hello Faruk Musa,

I restarted wazuh-manager but nothing changed.

Best regards.

1 Temmuz 2024 Pazartesi tarihinde saat 15:47:45 UTC+3 itibarıyla Farouk Musa şunları yazdı:

[Kerim Karataş]

Hello,

Is there any development on the subject?

Thank you.

1 Temmuz 2024 Pazartesi tarihinde saat 16:20:12 UTC+3 itibarıyla Kerim Karataş şunları yazdı:

[abdulelah alsalem]

Hi,

I had the same issue and solved it by:

1- insure that Ubuntu (Linux) is set to UTC as its timezone.

2- then install Wazuh

hope it helps

[Kerim Karataş]

Thank you so much Abdulelah alsalem 🙏🏻

22 Temmuz 2024 Pazartesi tarihinde saat 09:25:20 UTC+3 itibarıyla abdulelah alsalem şunları yazdı: