No NTP servers configured-checkpoint-gaia,ipso

No NTP servers configured-checkpoint-gaia,ipso
0

No NTP servers configured-checkpoint-gaia,ipso

Vendor: checkpoint

OS: gaia,ipso

Description:
Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps. Indeni will alert when a device has no NTP servers configured.

Remediation Steps:
Configure one or more NTP servers to be used by this device for clock synchronization.

How does this work?
This script parses through the configuration database located in /config/active directory to retrieve the configured NTP servers.

Why is this important?
This metric records configured NTP servers. NTP servers are used to sync the time across all hosts and network devices. This is critical for things such as event correlation and logging. With this information Indeni alerts if the NTP configuration on cluster members are not the same.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-clish-ntp-servers

#! META
name: chkp-clish-ntp-servers
description: Records the configured NTP servers.
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: "checkpoint"
    or:
        -
            os.name: "gaia"
        -
            os.name: "ipso"


#! COMMENTS
ntp-servers:
    why: |
        This metric records configured NTP servers. NTP servers are used to sync the time across all hosts and network devices. This is critical for things such as event correlation and logging. With this information Indeni alerts if the NTP configuration on cluster members are not the same.
    how: |
        This script parses through the configuration database located in /config/active directory to retrieve the configured NTP servers.
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: false
    can-with-syslog: false

#! REMOTE::SSH
${nice-path} -n 15  grep "ntp:server" /config/active

#! PARSER::AWK

BEGIN {
    # Lines are separated by ":"
    FS = ":"

    num_fields = 3;
}

#ntp:servers:secondary someserever.com
#ntp:servers:primary time.nist.gov
/^ntp:servers:(primary|secondary)/ {
    data = $3
    split(data, split_arr, " ")

    type = split_arr[1]
    server = split_arr[2]

    ntp_arr[server, "type"] = type
    ntp_arr[server, "ipaddress"] = server
}

#ntp:server:time.nist.gov:version 3
#ntp:server:someserever.com:version 1
/^ntp:server:.*:version/ {
    server = $3
    version = $NF
    sub(/version /, "", version)
    ntp_arr[server, "version"] = version
}


END {

    # This final section is there to verify that we actually got all the data we were looking for.
    # For some reason Checkpoint devices sometimes seem to omit the last line when issuing "grep"
    # to filter the output. This final piece of code verifies that the number of items in the
    # object array is divisible by num_fields (the number of entries per object array).

    # For more information:
    # https://indeni.atlassian.net/browse/IKP-1840

    total_found_fields = 0
    for (i in ntp_arr) {
        total_found_fields ++
    }

    if (total_found_fields % num_fields == 0) {
        writeComplexMetricObjectArrayWithLiveConfig("ntp-servers", null, ntp_arr, "NTP Servers")
    } # TODO: Throw exception if this is not true
}

cross_vendor_no_ntp_servers

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library._
import com.indeni.server.rules.library.templates.MultiSnapshotValueCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

/**
  *
  */
case class cross_vendor_no_ntp_servers() extends MultiSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_no_ntp_servers",
  ruleFriendlyName = "All Devices: No NTP servers configured",
  ruleDescription = "Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps. Indeni will alert when a device has no NTP servers configured.",
  severity = AlertSeverity.WARN,
  metricName = "ntp-servers",
  alertDescription = "This system does not have an NTP server configured. Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps.",
  baseRemediationText = "Configure one or more NTP servers to be used by this device for clock synchronization.",
  complexCondition = RuleEquals(RuleHelper.createEmptyComplexArrayConstantExpression(), SnapshotExpression("ntp-servers").asMulti().mostRecent().value().noneable))(
  ConditionalRemediationSteps.VENDOR_F5 -> "Log into the Web interface and navigate to System -> Configuration -> Device -> NTP. Add the desired NTP servers and click \"update\".",
  ConditionalRemediationSteps.VENDOR_FORTINET ->
    """
      |1. Login via ssh to the Fortinet firewall and execute the FortiOS “execute time” and “execute date” commands to check the current date/time and the last date of NTP sync.
      |2. Login via ssh to the Fortinet firewall and execute the FortiOS “diagnose sys ntp status” to review the status of the NTP servers and configuration.
      |3. NTP uses UDP protocol (17) and port 123 to communicate between the client and the servers.  Make sure that the firewall rules allow these UDP ports and can route toward the NTP servers.
      |4. Login via ssh to the Fortinet firewall and execute the FortiOS debug commands “diag debug application ntpd -1” and “diag debug enable” and review the debug messages.
      |5. Make sure NTP authentication keys match on both ends. Review the next link for more information: http://kb.fortinet.com/kb/viewContent.do?externalId=FD33783.
      |6. More NTP configuration information can be found at http://help.fortinet.com/cli/fos50hlp/56/Content/FortiOS/fortiOS-cli-ref-56/config/system/ntp.htm.""".stripMargin
)