SYSLOG To SPLUNK APP Logs are without any time zone reference.
search cancel

SYSLOG To SPLUNK APP Logs are without any time zone reference.


Article ID: 257399


Updated On:


CA Privileged Access Manager (PAM)


We have been reported that PAM syslogs which are been forwarded to splunk application are receiving without time region/zone reference.



We are getting 2 types of logs from DEV servers to Splunk UAT. One of the log type has time stamp details in the log itself.

Kindly check, if other logs format can also have similar timestamp details in it.


Log Sample which has timestamp in it :

<132>1 2022-12-07T04:47:31+00:00 .... pam - metric DETAIL <Metric><type>getAccount</type>...</Metric>


Other log type ( similar logs we are receiving in PROD) :

<134>Dec 7 05:12:02 ... <14>gkpsyslog[4070387]: created = 2022-12-07 05:12:02 Private IP: ... Request Server xxx is added to A2A via auto-registration.



Release : 4.1


Metric and audit logs from Credential Management come with time stamps that include the offset, "+00:00" in the sample above. Session log messages have a different time format in the header and show a "created = " time without offset. All PAM appliances run on UTC time, but the message should make that clear.


This will be fixed in 4.1.3+ and 4.2+. The session log messages sent to the syslog server will have a time stamp with a format like "2023-02-27T21:21:56+00:00" in the header, to be consistent with the Credential Manager messages. The "Created =" time stamp inside the message also will include the time zone (UTC) to make clear which time zone it to.