Clock set incorrectly-cisco-ios

Clock set incorrectly-cisco-ios
0

Clock set incorrectly-cisco-ios

Vendor: cisco

OS: ios

Description:
indeni will trigger an issue when a device’s clock is more than 24 hours off of Indeni’s clock.

Remediation Steps:
Consider setting the date on the device and activating NTP.
||1. Execute the “show clock” command to check the system time.
|2. Consider setting the date on the device by activating NTP.
|3. For more information please review: Cisco NX-OS NTP configuration guide

How does this work?
This script logs into the Cisco IOS device using SSH and retrieves the current time using the output of the “show clock” command. The output includes the device’s current date and time as well as configured time zone.

Why is this important?
Capture the current date and time of the device. Device current date and time should never be more than 24 hours away from date and time of the device polling the data, otherwise date and time are not correctly set on device.

Without Indeni how would you find this?
It is possible to poll this data through SNMP.

ios-show-clock

name: ios-show-clock
description: IOS show clock
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: cisco
    os.name: ios
comments:
    current-datetime:
        why: |
            Capture the current date and time of the device. Device current date and time should never be more than 24 hours
            away from date and time of the device polling the data, otherwise date and time are not correctly set on device.
        how: |
            This script logs into the Cisco IOS device using SSH and retrieves the current time using the output of the
            "show clock" command. The output includes the device's current date and time as well as configured time zone.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false
    timezone:
        why: |
            Capture the time zone setting of the device. Time zone denotes offset from Coordinated Universal Time (UTC).
        how: |
            This script logs into the Cisco IOS device using SSH and retrieves the configured time zone using the output
            of the "show clock" command. The output includes the current time and configured time zone, i.e. EST for
            Eastern Standard Time. If the time zone is mismatched across vPC domain (cluster) members an alert will be
            triggered.
        without-indeni: |-
            It is possible to poll this data through SNMP although there is no way to correlate across vPC domain (cluster)
            members without additional logic.
            can-with-snmp: false
            can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show clock
    parse:
        type: AWK
        file: show_clock.parser.1.awk

cross_vendor_clock_off

package com.indeni.server.rules.library.core

import com.indeni.apidata.time.TimeSpan
import com.indeni.apidata.time.TimeSpan.TimePeriod
import com.indeni.ruleengine.expressions.conditions.GreaterThan
import com.indeni.ruleengine.expressions.core._
import com.indeni.ruleengine.expressions.data._
import com.indeni.ruleengine.expressions.math.{AbsExpression, MinusExpression}
import com.indeni.ruleengine.expressions.utility.NowExpression
import com.indeni.server.common.data.conditions.True
import com.indeni.server.rules._
import com.indeni.server.rules.library.{ConditionalRemediationSteps, PerDeviceRule, RuleHelper}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class ClockOffRule() extends PerDeviceRule with RuleHelper {

  override val metadata: RuleMetadata = RuleMetadata
    .builder(
      "cross_vendor_clock_off",
      "Clock set incorrectly",
      "indeni will trigger an issue when a device's clock is more than 24 hours off of Indeni's clock.",
      AlertSeverity.ERROR,
      categories = Set(RuleCategory.HealthChecks),
      deviceCategory = DeviceCategory.AllDevices
    )
    .build()

  override def expressionTree(context: RuleContext): StatusTreeExpression = {
    val actualValue = TimeSeriesExpression[Double]("current-datetime").last.toTimeSpan(TimePeriod.SECOND)

    StatusTreeExpression(
      // Which objects to pull (normally, devices)
      SelectTagsExpression(context.metaDao, Set(DeviceKey), True),
      // What constitutes an issue
      StatusTreeExpression(
        // The time-series we check the test condition against:
        SelectTimeSeriesExpression[Double](context.tsDao, Set("current-datetime"), denseOnly = false),
        // The condition which, if true, we have an issue. Checked against the time-series we've collected
        GreaterThan(AbsExpression(MinusExpression(NowExpression(), actualValue)),
                    ConstantExpression(Some(TimeSpan.fromDays(1))))

        // The Alert Item to add for this specific item
      ).withRootInfo(
          getHeadline(),
          scopableStringFormatExpression("The current date/time on this device is: %s which seems to be incorrect.",
                                         timeSpanToDateExpression(actualValue)),
          ConditionalRemediationSteps(
            "Consider setting the date on the device and activating NTP.",
            RemediationStepCondition.VENDOR_CISCO ->
              """1. Execute the "show clock" command to check the system time.
              |2. Consider setting the date on the device by activating NTP.
              |3. For more information please review: <a target="_blank" href="https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_3ntp.pdf">Cisco NX-OS NTP configuration guide</a>""".stripMargin,
            RemediationStepCondition.VENDOR_JUNIPER ->
              """|1. Run "show system uptime" command to review current time and time source.
               |2. The current date and time should not be 24 hours off from the polling date and time.
               |3. Set the correct date and time.
               |4. Consider activating NTP for time synchronization.
               |5. Review the following article on Juniper tech support site: <a target="_blank" href="https://kb.juniper.net/InfoCenter/index?page=content&id=KB15756&actp=METADATA">Configure Time and NTP Client</a>
               |6. If the problem persists, contact the Juniper Networks Technical Assistance Center (JTAC).""".stripMargin
          )
        )
        .asCondition()
    ).withoutInfo()
  }
}