No NTP servers configured-juniper-junos

No NTP servers configured-juniper-junos
0

No NTP servers configured-juniper-junos

Vendor: juniper

OS: junos

Description:
Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps. Indeni will alert when a device has no NTP servers configured.

Remediation Steps:
Configure one or more NTP servers to be used by this device for clock synchronization.

junos-show-ntp-associations

name: junos-show-ntp-associations
description: JUNOS show NTP status
type: monitoring
monitoring_interval: 10 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall
comments:
    ntp-servers:
        why: |
            This metric shows if at least a NTP server is configured. NTP servers are used to sync the time across all hosts and network devices.
            This is critical for things such as event correlation and logging. Use Network Time Protocol (NTP) to set the date and time if possible.
            However, it is important to ensure the NTP UDP port is allowed through the firewalls on your network.
        how: |
            This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show ntp associations" command.
            Reference: http://nlug.ml1.co.uk/2012/01/ntpq-p-output/831
        can-with-snmp: false
        can-with-syslog: false
    ntp-server-state:
        why: |
            Even though NTP servers are configured, that does not guarantee that they work. It is important to track the actual state of the NTP server.
            Properly sync'd NTP servers are critical for things such as event correlation and logging. In addition, clock drift can lead to authentication failures and connectivity issues.
        how: |
            This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show ntp associations" command.
            Reference: http://nlug.ml1.co.uk/2012/01/ntpq-p-output/831
        can-with-snmp: false
        can-with-syslog: false
steps:
    -   run:
            type: SSH
            file: show-ntp-associations.remote.1.bash
        parse:
            type: AWK
            file: show-ntp-associations.parser.1.awk

cross_vendor_no_ntp_servers

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.MultiSnapshotValueCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.RemediationStepCondition
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class cross_vendor_no_ntp_servers() extends MultiSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_no_ntp_servers",
  ruleFriendlyName = "All Devices: No NTP servers configured",
  ruleDescription = "Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps. Indeni will alert when a device has no NTP servers configured.",
  severity = AlertSeverity.WARN,
  metricName = "ntp-servers",
  alertDescription = "This system does not have an NTP server configured. Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps.",
  baseRemediationText = "Configure one or more NTP servers to be used by this device for clock synchronization.",
  complexCondition = RuleEquals(RuleHelper.createEmptyComplexArrayConstantExpression(), SnapshotExpression("ntp-servers").asMulti().mostRecent().value().noneable))(
  RemediationStepCondition.VENDOR_F5 -> "Log into the Web interface and navigate to System -> Configuration -> Device -> NTP. Add the desired NTP servers and click \"update\".",
  RemediationStepCondition.VENDOR_FORTINET ->
    """
      |1. Login via ssh to the Fortinet firewall and execute the FortiOS “execute time” and “execute date” commands to check the current date/time and the last date of NTP sync.
      |2. Login via ssh to the Fortinet firewall and execute the FortiOS “diagnose sys ntp status” to review the status of the NTP servers and configuration.
      |3. NTP uses UDP protocol (17) and port 123 to communicate between the client and the servers.  Make sure that the firewall rules allow these UDP ports and can route toward the NTP servers.
      |4. Login via ssh to the Fortinet firewall and execute the FortiOS debug commands “diag debug application ntpd -1” and “diag debug enable” and review the debug messages.
      |5. Make sure NTP authentication keys match on both ends. Review the next link for more information: http://kb.fortinet.com/kb/viewContent.do?externalId=FD33783.
      |6. More NTP configuration information can be found at http://help.fortinet.com/cli/fos50hlp/56/Content/FortiOS/fortiOS-cli-ref-56/config/system/ntp.htm.""".stripMargin
)