Standardizing Timezones (SEC 35) - Chromosom3/TechNotes GitHub Wiki

We will want to update our systems to use a standardized timestamp format. This new format will help when reviewing logs from multiple sources and will even include the system timezone when logging. This can help you correlate events across systems in different timezones.

The first thing we will want to do is comment out this line in /etc/rsyslog.conf

Below you can see the difference between the previous log format (first two whattimeisit messages) and the new format (last whattimeisit message).

To achieve the things mentioned above you will want to run the following commands. Note you really only need to edit the rsyslog.conf file and restart the service. The rest is just so you can compare the logs before and after the change.

logger -t test whattimeisit
sudo vi /etc/rsyslog.conf
sudo systemctl resatrt rsyslog
logger -t test whattimeisit
sudo cat /var/log/syslog | grep whattimeisit

These changes were implemented on log01-dylan, web01-dylan, and rw01-dylan.

Now we can double check the /etc/rsyslog.d/sec350.conf configuration file and ensure it is pointed to our log server. The image below shows the proper configuration file that we want.

If that file is correct you should be able to see the new log format in Graylog as shown in the image below.