I have setup syslog on my vma 5. My vma is set to a NTP source which use GMT+2. Logs coming in from esxi hosts are received in UTC. Is there any way to increment these timestamps +2, so they equals my localtime?
This may be possible by modifying/adding rules into the rsyslog configuration in the vMA, but I found it simpler to make my vMA use UTC time as well.
It would require a filter to modify all timestamps coming in and translating them to localtime. That's why I left it alone.
I agree with kjb007, just change your vMA host to UTC which makes troubleshooting/correlating logs much easier.
Ok, thanks guys. I'll change my local TZ to UTC on the vma.