Manager Receipt Time field has wrong time

Hello

Need your help

In ArcSight ESM, the time is incorrectly displayed in the Manager Receipt Time field (one hour behind).
This problem is global and is present on all connectors (the time is correct on the connectors).

I am interested in your thoughts and possible solutions.

Thank you in advance

Bohdan

  • 0  

    My suggestion would be to check the time zones and actual date/times on all the different systems that are connected here (the devices and connectors, ESM and console).  If the date/time is incorrect on one of the systems relative to the time zone, it's possible the times could be off.  Also, curious if the device receipt time, agent receipt time and end time are all proper or incorrect for you right now.  

  • 0 in reply to   

    Hi, vtham1

    Thank you

    There is information that the installation of ArcSight was not done by a professional, so something could have happened during the installation stage.

    Also, does ArcSight have documentation on working with time?

  • Verified Answer

    +1 in reply to 

    Hello Bogdan, 

    the events are saved in ESM, core engine in epoch time, just to be clear

    If the time on the Manager Receipt Time field (one hour behind) is incorrectly displayed when you are using the ArcSight Console then this is related to the time of the station where the console is installed. In these conditions adjust the time in the host where the console is running.

    It is also true that you should set up the right timezone on the system where the ESM server is running. So check the timezone on the Linux level where the ESM solution is installed and address it accordingly. Keep in mind to stop all ESM services if you need to adjust the time zone and do not play with time configuration with the ESM services up and running. 

    all the best, 

    Daniel

  • 0 in reply to 

    Hello, Daniel

    Thank you

    Do you have any information on another time-related issue? If possible, please reply in the discussion"ArcSight Console: start time/ end time of event are similar"

    I will be very grateful

    With best wishes

    Bohdan