- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Incorrect timestamp in syslog messages forwarded to SIEM from vRealize LogInsight
Hello, when forwarding events from Log insigt to SIEM via syslog (https://docs.vmware.com/en/vRealize-Log-Insight/8.10/com.vmware.log-insight.administration.doc/GUID-...) some of logs (especially with "vcenter-server" in the text are received with wrong timestamp like 2022-12-20T00:00:00.000Z. Whereas in Log Insight console they are with correct timestamp. Please help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As your post needs moving to the Aria Operations for Logs area, I have reported it to the moderators.
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi. There seems to be a fix in 8.10.2 for that according to the release notes
"The vCenter Server logs forwarded from vRealize Log Insight have 0 timestamp at the destination. When vCenter Server logs are ingested into vRealize Log Insight and forwarded to another destination through the syslog protocol, the logs' timestamp is lost."