VMware Cloud Community
leba12
Contributor
Contributor

Incorrect timestamp in syslog messages forwarded to SIEM from vRealize LogInsight

Hello, when forwarding events from Log insigt to SIEM via syslog (https://docs.vmware.com/en/vRealize-Log-Insight/8.10/com.vmware.log-insight.administration.doc/GUID-...) some of logs (especially with "vcenter-server" in the text are received with wrong timestamp like 2022-12-20T00:00:00.000Z. Whereas in Log Insight console they are with correct timestamp. Please help

Reply
0 Kudos
2 Replies
scott28tt
VMware Employee
VMware Employee

As your post needs moving to the Aria Operations for Logs area, I have reported it to the moderators.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
Cederberg
Enthusiast
Enthusiast

Hi. There seems to be a fix in 8.10.2 for that according to the release notes

"The vCenter Server logs forwarded from vRealize Log Insight have 0 timestamp at the destination. When vCenter Server logs are ingested into vRealize Log Insight and forwarded to another destination through the syslog protocol, the logs' timestamp is lost."

https://docs.vmware.com/en/vRealize-Log-Insight/8.10.2/rn/vrealize-log-insight-8102-release-notes/in...

Reply
0 Kudos