Skip to main content

Question on the various times used in logging. 

We are sending our on-prem UVM logs to a SIEM and they are seeing a field of “TimeCreated” which is Date / Time. To confirm, is this the time of the local client when this event was created?  If so, can we have a timezone option with this? It would be very beneficial when incidents arise and we need to investigate that all of our times match up.  If not, which date/time field should be lookedat?  there are a several TimeCreate, FirstOccurence, LastOccurence

 

 

Question on the various times used in logging. 

We are sending our on-prem UVM logs to a SIEM and they are seeing a field of “TimeCreated” which is Date / Time. To confirm, is this the time of the local client when this event was created?  If so, can we have a timezone option with this? It would be very beneficial when incidents arise and we need to investigate that all of our times match up.  If not, which date/time field should be lookedat?  there are a several TimeCreate, FirstOccurence, LastOccurence

 

 

I believe these logs are captured and transmitted as UTC so that regardless of where the machines location is all of the logs enter into the console with same timestamp references. From the console you can set your own personal timezone so that the system does the required calculations to your timezone for easier understanding. SIEM info always transfers as UTC from what I have seen.

 

But to my knowledge there is no overall location to hard set a timezone for all logs. 

Reply


Badge Earners

  • BCA: AD Bridge
    Techwriter40has earned the badge BCA: AD Bridge
  • BCA: Endpoint Privilege Management - Windows
    joselopezhas earned the badge BCA: Endpoint Privilege Management - Windows
  • BCSE: Endpoint Privilege Management - Windows
    toufic.chehaibarhas earned the badge BCSE: Endpoint Privilege Management - Windows
  • BCA: Remote Support
    Techwriter40has earned the badge BCA: Remote Support
  • BCA: Privileged Remote Access
    Techwriter40has earned the badge BCA: Privileged Remote Access
Show all badges
Terms & ConditionsCookie settings