Syslog Timestamps Showing Wrong Time Zone
Presenting Symptom
Syslog messages on the Cisco router show timestamps that are consistently off by several hours from the actual local time.
Network Context
A small branch office with a Cisco 4321 router running IOS XE 16.9 connects to the corporate headquarters via a WAN link. The router is configured with NTP to synchronize time from a central NTP server. Syslog messages are sent to a remote syslog server for monitoring, but the timestamps are incorrect, showing UTC instead of the local time zone (EST).
Diagnostic Steps
Check current system clock and time zone configuration
show clock detail17:30:45.123 UTC Mon Mar 4 2024 Time source is NTP
The system clock shows UTC time. If the local time zone is not set, the clock will display UTC. This confirms that the time zone is missing or misconfigured.
Verify the logging timestamp configuration
show running-config | include logging timestamplogging timestamp
If only 'logging timestamp' is present without 'datetime' or time zone, syslog messages will use the system clock time (UTC). The expected output should show 'service timestamps log datetime localtime' to include local time.
Check the time zone configuration
show running-config | include clock timezoneclock timezone EST -5 0
If this line is missing, the time zone is not configured. If present, verify the offset is correct for the local time zone.
Examine syslog message format
show loggingSyslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, small buffer) Console logging: disabled Monitor logging: disabled Buffer logging: level debugging, 100 messages logged Logging to: 10.1.1.100 17:30:45: %SYS-5-CONFIG_I: Configured from console by console
The timestamps in the buffer show UTC time (17:30:45). If local time were configured, they would show the correct local time (e.g., 12:30:45).
Root Cause
The router's syslog timestamps are not configured to use local time. The 'service timestamps log datetime localtime' command is missing from the configuration, causing syslog messages to be timestamped with UTC time instead of the local time zone (EST).
Resolution
Verification
1. show clock detail: Verify the clock shows local time (e.g., 12:30:45.123 EST Mon Mar 4 2024) 2. show logging: Check that new syslog messages display local timestamps (e.g., 12:30:45: %SYS-5-CONFIG_I: Configured from console by console)
Prevention
1. Always configure the correct time zone and daylight saving time on all network devices. 2. Use NTP to synchronize time and ensure the time zone is set before enabling syslog timestamp services. 3. Standardize syslog timestamp configuration across the network using automation tools like Ansible or templates.
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario may appear as a troubleshooting question where you must identify why syslog timestamps are incorrect. The exam tests knowledge of the 'service timestamps' command and the 'clock timezone' command. A key fact is that 'service timestamps log datetime localtime' is required to display local time in syslog messages.
Exam Tips
Remember that 'service timestamps' controls the format of timestamps in debug and log messages; 'datetime localtime' is needed for local time.
The 'show clock detail' command shows the time source and time zone; if the time zone is missing, the clock will show UTC.
Be aware that NTP synchronizes UTC; the time zone offset must be configured separately to display local time.
Commands Used in This Scenario
show clock
Displays the current system date, time, timezone, and whether the time is synchronized via NTP or manually set, used to verify system time accuracy for logging, authentication, and scheduled tasks.
show logging
Displays the state of system logging (syslog) on the device, including buffer contents, logging configuration, and statistics, used for troubleshooting and monitoring system events.
show running-config
Displays the current active configuration in DRAM, showing all non-default settings.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions