Clock set incorrectly-juniper-junos

error
junos
juniper
Clock set incorrectly-juniper-junos
0

#1

Clock set incorrectly-juniper-junos

Vendor: juniper

OS: junos

Description:
indeni will trigger an issue when a device’s clock is more than 24 hours off of Indeni’s clock.

Remediation Steps:
Consider setting the date on the device and activating NTP.
|||1. Run “show system uptime” command to review current time and time source.
|2. The current date and time should not be 24 hours off from the polling date and time.
|3. Set the correct date and time.
|4. Consider activating NTP for time synchronization.
|5. Review the following article on Juniper tech support site: Configure Time and NTP Client
|6. If the problem persists, contact the Juniper Networks Technical Assistance Center (JTAC).

How does this work?
This script logs into the Juniper JUNOS-based device using SSH and retrieves the current time using the output of the “show system uptime” command. The output includes the device’s current date and time as well as configured time zone.

Why is this important?
Capture the current date and time of the device. Device current date and time should never be more than 24 hours away from date and time of the device polling the data, otherwise date and time are not correctly set on device.

Without Indeni how would you find this?
It is possible to poll this data through SNMP.

junos-show-system-uptime

#! META
name: junos-show-system-uptime
description: Fetches system uptime
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: "juniper"
    os.name: "junos"
    high-availability:
        neq: "true"

#! COMMENTS
uptime-milliseconds:
    why: |
        Capture the uptime of the device. If the uptime is lower than the previous sample, the device must have reloaded.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show system uptime" command. The output includes the device's uptime as well as additional information.
    without-indeni: |
        It is possible to poll this data through SNMP or capture a syslog/trap event of a device booting up.
    can-with-snmp: true
    can-with-syslog: true

current-datetime:
    why: |
        Capture the current date and time of the device. Device current date and time should never be more than 24 hours away from date and time of the device polling the data, otherwise date and time are not correctly set on device.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the current time using the output of the "show system uptime" command. The output includes the device's current date and time as well as configured time zone.
    without-indeni: |
        It is possible to poll this data through SNMP.
    can-with-snmp: true
    can-with-syslog: false

timezone:
    why: |
        Capture the current time zone of the device. The time zone information is useful for display purposes.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the configured time zone using the output of the "show system uptime" command. The output includes the device's current date and time as well as configured time zone.
    without-indeni: |
        An administrator may write a script to pull this data from cluster members and compare it.
    can-with-snmp: false
    can-with-syslog: false

#! REMOTE::SSH
show system uptime | display xml

#! PARSER::XML
_vars:
    root: /rpc-reply//system-uptime-information[1]
_metrics:
    -
        _tags:
            "im.name":
                _constant: "uptime-milliseconds"
            "live-config":
                _constant: "true"
            "im.dstype.displayType":
                _constant: "duration"
            "display-name":
                _constant: "Uptime"
        _temp:
            "uptimeSeconds":
                _attribute:
                    _name: "junos:seconds"
                    _path: "${root}/uptime-information/up-time"
        _transform:
            _value.double: |
                {
                    uptime = temp("uptimeSeconds") * 1000
                    print uptime
                }
    -
        _tags:
            "im.name":
                _constant: "current-datetime"
            "live-config":
                _constant: "true"
            "im.dstype.displayType":
                _constant: "date"
            "display-name":
                _constant: "Current date/time"
        _value.double:
            _attribute:
                _name: "junos:seconds"
                _path: "${root}/uptime-information/date-time"
    -
        _tags:
            "im.name":
                _constant: "timezone"
            "live-config":
                _constant: "true"
            "display-name":
                _constant: "Time Zone"
        _temp:
            dateTime:
                _text: "${root}/current-time/date-time"
        _transform:
            _value.complex:
                value: |
                    {
                        currentTime = temp("dateTime")
                        print substr(currentTime, length(currentTime) - 3, length(currentTime))
                    }

RuleMetadata

.builder(
  "cross_vendor_clock_off
package com.indeni.server.rules.library

import com.indeni.apidata.time.TimeSpan
import com.indeni.apidata.time.TimeSpan.TimePeriod
import com.indeni.ruleengine.expressions.conditions.GreaterThan
import com.indeni.ruleengine.expressions.core._
import com.indeni.ruleengine.expressions.data._
import com.indeni.ruleengine.expressions.math.{AbsExpression, MinusExpression}
import com.indeni.ruleengine.expressions.utility.NowExpression
import com.indeni.server.common.data.conditions.True
import com.indeni.server.rules._
import com.indeni.server.rules.library.core.PerDeviceRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class ClockOffRule() extends PerDeviceRule with RuleHelper {

  override val metadata: RuleMetadata = RuleMetadata
    .builder(
      "cross_vendor_clock_off",
      "All Devices: Clock set incorrectly",
      "indeni will trigger an issue when a device's clock is more than 24 hours off of Indeni's clock.",
      AlertSeverity.ERROR
    )
    .build()

  override def expressionTree(context: RuleContext): StatusTreeExpression = {
    val actualValue = TimeSeriesExpression[Double]("current-datetime").last.toTimeSpan(TimePeriod.SECOND)

    StatusTreeExpression(
      // Which objects to pull (normally, devices)
      SelectTagsExpression(context.metaDao, Set(DeviceKey), True),
      // What constitutes an issue
      StatusTreeExpression(
        // The time-series we check the test condition against:
        SelectTimeSeriesExpression[Double](context.tsDao, Set("current-datetime"), denseOnly = false),
        // The condition which, if true, we have an issue. Checked against the time-series we've collected
        GreaterThan(AbsExpression(MinusExpression(NowExpression(), actualValue)),
                    ConstantExpression(Some(TimeSpan.fromDays(1))))

        // The Alert Item to add for this specific item
      ).withRootInfo(
          getHeadline(),
          scopableStringFormatExpression("The current date/time on this device is: %s which seems to be incorrect.",
                                         timeSpanToDateExpression(actualValue)),
          ConditionalRemediationSteps(
            "Consider setting the date on the device and activating NTP.",
            ConditionalRemediationSteps.OS_NXOS ->
              """1. Execute the "show clock" command to check the system time.
              |2. Consider setting the date on the device by activating NTP.
              |3. For more information please review: <a target="_blank" href="https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_3ntp.pdf">Cisco NX-OS NTP configuration guide</a>""".stripMargin,
            ConditionalRemediationSteps.VENDOR_JUNIPER ->
              """|1. Run "show system uptime" command to review current time and time source.
               |2. The current date and time should not be 24 hours off from the polling date and time.
               |3. Set the correct date and time.
               |4. Consider activating NTP for time synchronization.
               |5. Review the following article on Juniper tech support site: <a target="_blank" href="https://kb.juniper.net/InfoCenter/index?page=content&id=KB15756&actp=METADATA">Configure Time and NTP Client</a>
               |6. If the problem persists, contact the Juniper Networks Technical Assistance Center (JTAC).""".stripMargin
          )
        )
        .asCondition()
    ).withoutInfo()
  }
}