No NTP servers configured-f5-all

No NTP servers configured-f5-all
0

No NTP servers configured-f5-all

Vendor: f5

OS: all

Description:
Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps. Indeni will alert when a device has no NTP servers configured.

Remediation Steps:
Configure one or more NTP servers to be used by this device for clock synchronization.
Log into the Web interface and navigate to System

How does this work?
Indeni logs in over SSH and executes “tmsh -q list sys ntp”. The output is then parsed for any ntp server configuration.

Why is this important?
Not having an NTP server configured could make the clock slowly drift, which makes log entries and other information harder to summarize between devices. If the clock drifts very far out, there could also be issues with validating certificates.

Without Indeni how would you find this?
An administrator could login to the unit through SSH, enter TMSH and issue the command “list sys ntp” to see the configured NTP servers. This information is also availble through the Web Interface by navigating to “System” -> “Configuration” -> “Device” -> “NTP”.

f5-tmsh-list-sys-ntp

name: f5-tmsh-list-sys-ntp
description: Get the configured NTP servers and timezone
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: f5
    product: load-balancer
    linux-based: 'true'
    shell: bash
comments:
    ntp-servers:
        why: |
            Not having an NTP server configured could make the clock slowly drift, which makes log entries and other information harder to summarize between devices. If the clock drifts very far out, there could also be issues with validating certificates.
        how: |
            Indeni logs in over SSH and executes "tmsh -q list sys ntp". The output is then parsed for any ntp server configuration.
        without-indeni: |
            An administrator could login to the unit through SSH, enter TMSH and issue the command "list sys ntp" to see the configured NTP servers. This information is also availble through the Web Interface by navigating to "System" -> "Configuration" -> "Device" -> "NTP".
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: |
            This information is available via both TMSH and the Web Interface.
    timezone:
        why: |
            A correct time and time zone is very important for many reasons. An incorrectly configured time zone could mean that timestamps on logs are incorrect. Indeni will identify when two devices are part of a cluster and alert if the timezone setting is different.
        how: |
            Indeni logs in over SSH and executes "tmsh -q list sys ntp". The output is then parsed for the configured timezone.
        without-indeni: |
            An administrator could login to the unit through SSH, enter TMSH and issue the command "list sys ntp" to see the configured timezone. This information is also availble through the Web Interface by navigating to "System" -> "Platform".
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: This information is available via both TMSH and
            the Web Interface.
steps:
-   run:
        type: SSH
        command: tmsh -q list sys ntp
    parse:
        type: AWK
        file: tmsh-list-sys-ntp.parser.1.awk

cross_vendor_no_ntp_servers

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.MultiSnapshotValueCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.RemediationStepCondition
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class cross_vendor_no_ntp_servers() extends MultiSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_no_ntp_servers",
  ruleFriendlyName = "All Devices: No NTP servers configured",
  ruleDescription = "Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps. Indeni will alert when a device has no NTP servers configured.",
  severity = AlertSeverity.WARN,
  metricName = "ntp-servers",
  alertDescription = "This system does not have an NTP server configured. Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps.",
  baseRemediationText = "Configure one or more NTP servers to be used by this device for clock synchronization.",
  complexCondition = RuleEquals(RuleHelper.createEmptyComplexArrayConstantExpression(), SnapshotExpression("ntp-servers").asMulti().mostRecent().value().noneable))(
  RemediationStepCondition.VENDOR_F5 -> "Log into the Web interface and navigate to System -> Configuration -> Device -> NTP. Add the desired NTP servers and click \"update\".",
  RemediationStepCondition.VENDOR_FORTINET ->
    """
      |1. Login via ssh to the Fortinet firewall and execute the FortiOS “execute time” and “execute date” commands to check the current date/time and the last date of NTP sync.
      |2. Login via ssh to the Fortinet firewall and execute the FortiOS “diagnose sys ntp status” to review the status of the NTP servers and configuration.
      |3. NTP uses UDP protocol (17) and port 123 to communicate between the client and the servers.  Make sure that the firewall rules allow these UDP ports and can route toward the NTP servers.
      |4. Login via ssh to the Fortinet firewall and execute the FortiOS debug commands “diag debug application ntpd -1” and “diag debug enable” and review the debug messages.
      |5. Make sure NTP authentication keys match on both ends. Review the next link for more information: http://kb.fortinet.com/kb/viewContent.do?externalId=FD33783.
      |6. More NTP configuration information can be found at http://help.fortinet.com/cli/fos50hlp/56/Content/FortiOS/fortiOS-cli-ref-56/config/system/ntp.htm.""".stripMargin
)