No NTP servers configured-cisco-asa
Vendor: cisco
OS: asa
Description:
Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps. Indeni will alert when a device has no NTP servers configured.
Remediation Steps:
Configure one or more NTP servers to be used by this device for clock synchronization.
How does this work?
This script login into the ASA using SSH and retrieves the NTP servers configuration status information using the output of the “show ntp associations” command. The output includes the list of the device’s NTP configured servers.
Why is this important?
This metric shows the list of the configured NTP servers. NTP servers are used to sync the time across all hosts and network devices. This is critical for things such as event correlation and logging. Use Network Time Protocol (NTP) to set the date and time if possible. However, it is important to ensure the NTP UDP port and IP address is allowed through the firewalls on your network. Check the link below for more information about NTP config in Cisco ASA: https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/basic_hostname_pw.html
Without Indeni how would you find this?
An administrator would need to login into the device and use the “show ntp associations” command to identify if the NTP servers are configured.
cisco-asa-ntp-servers
name: cisco-asa-ntp-servers
description: ASA ntp configured servers
type: monitoring
monitoring_interval: 2 minutes
requires:
vendor: cisco
os.name: asa
privileged-mode: 'true'
comments:
ntp-servers:
why: |
This metric shows the list of the configured NTP servers. NTP servers are used to sync the time across all
hosts and network devices. This is critical for things such as event correlation and logging. Use Network Time
Protocol (NTP) to set the date and time if possible. However, it is important to ensure the NTP UDP port and IP address is
allowed through the firewalls on your network.
Check the link below for more information about NTP config in Cisco ASA:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/basic_hostname_pw.html
how: |
This script login into the ASA using SSH and retrieves the NTP servers configuration status information
using the output of the "show ntp associations" command. The output includes the list of the device's NTP configured servers.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
file: asa-ntp-servers.remote.1.bash
parse:
type: AWK
file: asa-ntp-servers.parser.1.awk
cross_vendor_no_ntp_servers
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_no_ntp_servers.scala