NTP servers used do not match across cluster members-fortinet-FortiOS
Vendor: fortinet
OS: FortiOS
Description:
Indeni will identify when two devices are part of a cluster and alert if the NTP servers they are using are different.
Remediation Steps:
Review the NTP configuration on each device to ensure they match.
How does this work?
This script logs into the FortiGate using SSH and retrieves the NTP servers configuration status information using the output of the “diagnose sys ntp status” command. The output includes the device’s servers configuration status as well as information about the NTP configured parameters.
Why is this important?
This metric shows if at least a NTP server is configured. NTP servers are used to sync the time across all hosts and network devices. This is critical for things such as event correlation and logging. Use Network Time Protocol (NTP) to set the date and time if possible. However, it is important to ensure the NTP UDP port is allowed through the firewalls on your network. FortiToken synchronization requires NTP in many situations. Check the link below for more information about NTP config in FortiOS: http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266
Without Indeni how would you find this?
An administrator would need to log into the device and use the “diagnose sys ntp status” command to identify if the NTP servers are reachable from the device.
fortios-diagnose-sys-ntp-status
name: fortios-diagnose-sys-ntp-status
description: FortiGate Diagnose ntp status
type: monitoring
monitoring_interval: 20 minutes
requires:
vendor: fortinet
os.name: FortiOS
product: firewall
comments:
ntp-is-synchronized:
why: |
It checks if the device is sync via NTP. NTP servers are used to sync the time across all hosts and network
devices. This is critical for things such as event correlation and logging. Use Network Time Protocol (NTP) to
set the date and time if possible. However, it is important to ensure the NTP UDP port is allowed through the
firewalls on your network. FortiToken synchronization requires NTP in many situations. Check the link below for
more information about NTP config in FortiOS:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266
how: |
This script logs into the FortiGate using SSH and retrieves the NTP sync status information using the output of
the "diagnose sys ntp status" command. The output includes the device's ntp sync status as well as information
about all the NTP configured parameters.
can-with-snmp: false
can-with-syslog: false
ntp-sync-is-enabled:
why: |
This metric monitors if the use of NTP is enabled. NTP servers are used to sync the time across all hosts and
network devices. This is critical for things such as event correlation and logging. Use Network Time Protocol
(NTP) to set the date and time if possible. However, it is important to ensure the NTP UDP port is allowed
through the firewalls on your network. FortiToken synchronization requires NTP in many situations. Check the
link below for more information about NTP config in FortiOS:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266
how: |
This script logs into the FortiGate using SSH and retrieves the NTP sync status information using the output of
the "diagnose sys ntp status" command. The output includes the device's ntp sync status as well as information
about the NTP configured parameters.
can-with-snmp: false
can-with-syslog: false
ntp-server-mode:
why: |
This metric shows if the device is used as NTP server. This is applicable starting with FortiOS 5.0. NTP
servers are used to sync the time across all hosts and network devices. This is critical for things such as
event correlation and logging. Use Network Time Protocol (NTP) to set the date and time if possible. However,
it is important to ensure the NTP UDP port is allowed through the firewalls on your network. FortiToken
synchronization requires NTP in many situations. Check the link below for more information about NTP config in
FortiOS: http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266
how: |
This script logs into the FortiGate using SSH and retrieves the NTP server status information using the output
of the "diagnose sys ntp status" command. The output includes the device's server status as well as information
about the NTP configured parameters.
can-with-snmp: false
can-with-syslog: false
ntp-server-state:
why: |
This metric shows if the NTP servers used by the FortiGate are reachable. NTP servers are used to sync the
time across all hosts and network devices. This is critical for things such as event correlation and logging.
Use Network Time Protocol (NTP) to set the date and time if possible. However, it is important to ensure the
NTP UDP port is allowed through the firewalls on your network. FortiToken synchronization requires NTP in many
situations. Check the link below for more information about NTP config in FortiOS:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266
how: |
This script logs into the FortiGate using SSH and retrieves the NTP servers readhabilty status information
using the output of the "diagnose sys ntp status" command. The output includes the device's server reachability
status as well as information about the NTP configured parameters.
can-with-snmp: false
can-with-syslog: false
ntp-servers:
why: |
This metric shows if at least a NTP server is configured. NTP servers are used to sync the time across all
hosts and network devices. This is critical for things such as event correlation and logging. Use Network Time
Protocol (NTP) to set the date and time if possible. However, it is important to ensure the NTP UDP port is
allowed through the firewalls on your network. FortiToken synchronization requires NTP in many situations.
Check the link below for more information about NTP config in FortiOS:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266
how: |
This script logs into the FortiGate using SSH and retrieves the NTP servers configuration status information
using the output of the "diagnose sys ntp status" command. The output includes the device's servers
configuration status as well as information about the NTP configured parameters.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: diagnose sys ntp status
parse:
type: AWK
file: diagnose_sys_ntp_status.parser.1.awk
cross_vendor_ntp_servers_comparison
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_ntp_servers_comparison.scala