Different times in haproxy.log

Help!
1

Hello Everyone!
I am using Haproxy 1.8.8 on ubuntu 18.04 LTS
I have the problem that in the same line of haproxy.log I have two different hours.
The first one is incorrect, the second one is correct.
I don’t know if the first hour is informed by rsyslog or haproxy.
Here is the example:

Aug 9 17:25:44 s-lbpx01 haproxy[20205]: 10.10.9.232:57991 [09/Aug/2019:14:25:35.471] quid_in squid_pool/s-px03 0/0/0/3/9352 200 1007 - - - --NI 283/283/282/156/0 0/0 "CONNECT twitter.com:443 HTTP/1.1".

Will someone be able to guide me on how to correct the first reported time to match the second time?
The correct time in this log would be 14:25:35

Thanks in advance for the help!
Gabriel

My haproxy.cfg

> global
>         log /dev/log    local0
>         log /dev/log    local1 notice
>         chroot /var/lib/haproxy
>         stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
>         stats timeout 30s
>         user haproxy
>         group haproxy
>         daemon
>         maxconn 4000
> 
>         # Default SSL material locations
>         ca-base /etc/ssl/certs
>         crt-base /etc/ssl/private
> 
>         # Default ciphers to use on SSL-enabled listening sockets.
>         # For more information, see ciphers(1SSL). This list is from:
>         #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
>         # An alternative list with additional directives can be obtained from
>         #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
>         ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
>         ssl-default-bind-options no-sslv3
> 
> defaults
>         log global
>         mode http
>         option httplog
>         option  dontlognull
>         timeout connect 5000
>         timeout client  50000
>         timeout server  50000
>         errorfile 400 /etc/haproxy/errors/400.http
>         errorfile 403 /etc/haproxy/errors/403.http
>         errorfile 408 /etc/haproxy/errors/408.http
>         errorfile 500 /etc/haproxy/errors/500.http
>         errorfile 502 /etc/haproxy/errors/502.http
>         errorfile 503 /etc/haproxy/errors/503.http
>         errorfile 504 /etc/haproxy/errors/504.http
> 
> frontend squid_in
>         bind *:3128
>         default_backend squid_pool
> 
> backend squid_pool
>         mode http
>         cookie SERVERID insert indirect nocache
>         balance source
>         hash-type consistent
>         option httpclose
>         option forwardfor header X-Client
>         option forwardfor
>         server s-px02 x.x.x.1:3128 check inter 2000 rise 2 fall 3
>         server s-px03 x.x.x.2:3128 check inter 2000 rise 2 fall 3
> 
> listen stats
>         bind *:1936
>         mode http
>         stats enable
>         stats hide-version
>         stats realm Haproxy\ Statistics
>         stats uri /haproxy?stats
>         stats auth haproxy:somepass
2

There is definitely a expected difference between the two:

The first timestamp is when the log is emitted and the second timestamp is when HTTP requested was accepted, so with the standard web traffic you’d probably have a few seconds of delta between the two. However this is a CONNECT request, so it may be a lot longer than that.

According to the Ta value however (9352 ms), this request was in flight for 9 seconds, which matches the difference in seconds (45 - 35 = 9 seconds).

The question is, why is there a 3 hour difference between the two timestamps.

Can you confirm that the difference seen between those two timestamps really is 3 hours in this case? What is your timezone setting?

3

Sorry, I didn’t set the server time zone correctly.

sudo timedatectl set-timezone America/Argentina/Buenos_Aires
sudo systemctl restart rsyslog.service
sudo systemctl restart haproxy.service

And voilá:
Aug 12 11:45:51 s-lbpx01 haproxy[24917]: 10.10.10.177:50639 [12/Aug/2019:11:45:01.195] squid_in squid_pool/s-px03 0/0/0/39/50142 200 897 -

Thank you for your attention.

Gabriel