NTP servers used do not match across cluster members-checkpoint-gaia,ipso

NTP servers used do not match across cluster members-checkpoint-gaia,ipso
0

NTP servers used do not match across cluster members-checkpoint-gaia,ipso

Vendor: checkpoint

OS: gaia,ipso

Description:
Indeni will identify when two devices are part of a cluster and alert if the NTP servers they are using are different.

Remediation Steps:
Review the NTP configuration on each device to ensure they match.

How does this work?
This script parses through the configuration database located in /config/active directory to retrieve the configured NTP servers.

Why is this important?
This metric records configured NTP servers. NTP servers are used to sync the time across all hosts and network devices. This is critical for things such as event correlation and logging. With this information Indeni alerts if the NTP configuration on cluster members are not the same.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-clish-ntp-servers

name: chkp-clish-ntp-servers
description: Records the configured NTP servers.
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: ipso
comments:
    ntp-servers:
        why: |
            This metric records configured NTP servers. NTP servers are used to sync the time across all hosts and network devices. This is critical for things such as event correlation and logging. With this information Indeni alerts if the NTP configuration on cluster members are not the same.
        how: |
            This script parses through the configuration database located in /config/active directory to retrieve the configured NTP servers.
        without-indeni: |
            An administrator could login and manually run the command.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15  grep "ntp:server" /config/active
    parse:
        type: AWK
        file: ntp-servers.parser.1.awk

cross_vendor_ntp_servers_comparison

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SnapshotComparisonTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

/**
  *
  */
case class cross_vendor_ntp_servers_comparison() extends SnapshotComparisonTemplateRule(
  ruleName = "cross_vendor_ntp_servers_comparison",
  ruleFriendlyName = "Clustered Devices: NTP servers used do not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the NTP servers they are using are different.",
  severity = AlertSeverity.WARN,
  metricName = "ntp-servers",
  isArray = true,
  alertDescription = "Devices that are part of a cluster must have the same NTP servers used. Review the differences below.",
  baseRemediationText = "Review the NTP configuration on each device to ensure they match.")()