The SyslogParser code assumes that all timestamps without a timezone (ie. Feb 28 12:00:00) are in the UTC timezone. This is incorrect: all syslog messages are sent with the local time of the sending system. If all of your syslog agents are operating in UTC, then we parse the dates correctly but if they have a different time zone, the timestamps will be skewed.

We should change the code to use the local timezone of the OpenNMS machine when parsing timestamps which, in most cases, will match the timezone of the sending systems. Note that if you want to use UTC, you can continue to do so by setting the timezone of the OpenNMS machine and all syslog systems to UTC.

If you are operating syslog systems in different timezones than the OpenNMS machine, you should migrate to a syslog timestamp format that includes the timezone (ISO 8601).