The S5700 switch synchronizes its time from a NTP server which provides the time in an UTC format. The switch is located in a different region with the NTP server and is configured to add an offset of 2 hours to the UTC time according to the local time zone. Along with the NTP configuration the switch is set to send the log information to a syslog server where the logs are received with a different timestamp than the current time of the device.
|
[R6_U24_S5710_Stack]display ntp-service status <?xml:namespace prefix = "o" /> clock status: synchronized clock stratum: 3 reference clock ID: 192.168.64.1 nominal frequency: 60.0002 Hz actual frequency: 60.0002 Hz clock precision: 2^17 clock offset: 0.0000 ms root delay: 17.52 ms root dispersion: 0.21 ms peer dispersion: 0.00 ms reference time: 18:09:50.411 UTC Jan 5 2001(BE008C6E.694A2B9D) //time received from NTP server synchronization state: clock set
[R6_U24_S5710_Stack]display clock 2001-01-05 21:10:09+03:00 //time adjusted on the switch according to the local timezone Friday Time Zone(BUC) : UTC+03:00 Info-center configuration of the device:
[R6_U24_S5710_Stack]info-center loghost 172.1.1.19 Warning: There is security risk as this operation enables a non secure syslog protocol.
The timestamp of the logs received on the syslog server present the time in UTC format:
5/23/2016 12:12:31 PM | 192.168.64.9 | Local7 | Info | Jan 5 2001 18:11:06 R6_U24_S5710_Stack %%01MSTP/6/RECEIVE_MSTITC(l)[18]:MSTP received BPDU with TC, MSTP process 0 instance 0, port name is GigabitEthernet0/0/1. 5/23/2016 12:12:42 PM | 192.168.64.9 | Local7 | Notice | Jan 5 2001 18:11:17 R6_U24_S5710_Stack %%01SHELL/5/CMDRECORD(s)[19]:Record command information. (Task=VT0, Ip=172.1.1.19, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="quit", Result=Success)  Alarm Information Handling Process Root Cause SolutionThe timestamp of the syslog displays the UTC time by default and in this situation we should adjust the syslog configuration by adding the local-time parameter in the info-center loghost command as below: [R6_U24_S5710_Stack]info-center loghost 172.1.1.19 local-time
After the local-time parameter is added, the syslog messages should be sent with the current time of the switch. Result: 5/23/2016 12:12:50 PM | 192.168.64.9 | Local7 | Notice | Jan 5 2001 21:11:25+03:00 R6_U24_S5710_Stack %%01SHELL/5/CMDRECORD(s)[20]:Record command information. (Task=VT0, Ip=172.1.1.19, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="info-center loghost 172.1.1.19 local-time", Result=Success) 5/23/2016 12:12:50 PM | 192.168.64.9 | Local7 | Notice | Jan 5 2001 21:11:25+03:00 R6_U24_S5710_Stack %%01SHELL/5/CMDRECORD(s)[21]:Slot=1;Record command information. (Task=HS2M, Ip=172.1.1.19, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="info-center loghost 172.1.1.19 local-time", Result=Success) |
|
Comment
