NTP sync failure(s)-juniper-junos

warn
health-checks
junos
juniper
NTP sync failure(s)-juniper-junos
0

#1

NTP sync failure(s)-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni will alert if one or more of the configured NTP servers is not syncing correctly.

Remediation Steps:
Review the cause for the NTP sync not working.

How does this work?
This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the “show ntp associations” command. Reference: http://nlug.ml1.co.uk/2012/01/ntpq-p-output/831

Why is this important?
Even though NTP servers are configured, that does not guarantee that they work. It is important to track the actual state of the NTP server. Properly sync’d NTP servers are critical for things such as event correlation and logging. In addition, clock drift can lead to authentication failures and connectivity issues.

Without Indeni how would you find this?
An administrator could login and manually run the command.

junos-show-ntp-associations

#! META
name: junos-show-ntp-associations
description: JUNOS show NTP status
type: monitoring
monitoring_interval: 10 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall

#! COMMENTS
ntp-servers:
    skip-documentation: true
ntp-server-state:
    why: |
        Even though NTP servers are configured, that does not guarantee that they work. It is important to track the actual state of the NTP server. Properly sync'd NTP servers are critical for things such as event correlation and logging. In addition, clock drift can lead to authentication failures and connectivity issues.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show ntp associations" command. Reference: http://nlug.ml1.co.uk/2012/01/ntpq-p-output/831
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: false
    can-with-syslog: false
    vendor-provided-management: |
        This can only be tested from the command line interface.

#! REMOTE::SSH
show ntp associations no-resolve
show configuration system ntp | display set

#! PARSER::AWK
BEGIN{
    ntp_server_index = 1
}
#Match lines that contains digits
#*10.10.10.144  193.204.114.233  2 u   42   64   37    0.193   -7.375   9.959
/^[\#\+\*o][1-9]|^(\s[0-9])/ {
    serverIP = $1
	
    if ( serverIP ~ /^[\*]/ ) {
        ntp_servers[ntp_server_index, "type"] = "primary" 
    } else if ( serverIP ~ /^[\+]/ ) {
        ntp_servers[ntp_server_index, "type"] = "secondary" 
    } else {
        ntp_servers[ntp_server_index, "type"] = "other" 
    }
   
    #Remove the first character if it's not a number
    sub(/^[\#\+\*o]/, "", serverIP)
    ntp_servers[ntp_server_index, "ipaddress"] = serverIP
    ntp_server_index++	
    #Extract the ipaddress
    ntpServerTags["name"] = serverIP
        	
    #Rows that starts with the following contains failed ntp servers
    #" "	non-communicating remote machines,
    #	"LOCAL" for this local host,
    #	(unutilised) high stratum servers,
    #	remote machines that are themselves using this host as their synchronisation reference;
    #Rows that starts with the following contains functioning ntp servers
    #"#" 	Good remote peer or server but not utilised (not among the first six peers sorted by synchronization distance, ready as a backup source);
    #"+"	Good and a preferred remote peer or server (included by the combine algorithm);
    #"*"	The remote peer or server presently used as the primary reference;
    #"o"	PPS peer (when the prefer peer is valid). The actual system synchronization is derived from a pulse-per-second (PPS) signal, either indirectly via the PPS reference clock driver or directly via kernel interface.
    #Source:
    #http://nlug.ml1.co.uk/2012/01/ntpq-p-output/831
	
    if( match($0, /^[\#\+\*o]/) ) {
        state = 1
    } else {
        state = 0
    }	
    writeDoubleMetricWithLiveConfig("ntp-server-state", ntpServerTags, "gauge", 300, state, "NTP Servers", "state", "name")
}

#set system ntp server 140.142.1.9
/^(set\s+system\s+ntp\s+server)/ {
    configured_line = $0
    ntp_server = $5
    if (configured_line ~ /version/) {
        ntp_server_version[ntp_server] = $NF 
    } else {  
        ntp_server_version[ntp_server] = "4" 
    }
}

END{
    if ( ntp_server_index > 1 ) {
        for ( i=1; i < ntp_server_index; i++ ) {
            ntp_servers[i, "version"] = ntp_server_version[ntp_servers[i, "ipaddress"]]
        }
        writeComplexMetricObjectArray( "ntp-servers", null, ntp_servers )
    }
}

all_devices_ntp_not_syncing

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.{ConditionalRemediationSteps, StateDownTemplateRule}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

/**
  *
  */
case class all_devices_ntp_not_syncing(context: RuleContext) extends StateDownTemplateRule(context,
  ruleName = "all_devices_ntp_not_syncing",
  ruleFriendlyName = "All Devices: NTP sync failure(s)",
  ruleDescription = "Indeni will alert if one or more of the configured NTP servers is not syncing correctly.",
  severity = AlertSeverity.WARN,
  metricName = "ntp-server-state",
  applicableMetricTag = "name",
  alertItemsHeader = "NTP Servers Affected",
  alertDescription = "One or more NTP servers configured on this device is not responding.",
  historyLength = 2,
  baseRemediationText = "Review the cause for the NTP sync not working.")(
  ConditionalRemediationSteps.VENDOR_CP -> "Review sk92602: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92602",
  ConditionalRemediationSteps.VENDOR_PANOS -> "Run \"show ntp\" and review the status of each NTP server. You can also review the dagger.log, based on https://live.paloaltonetworks.com/t5/tkb/articleprintpage/tkb-id/Management-TKB/article-id/2078",
  ConditionalRemediationSteps.OS_NXOS ->
    """|
      |Examples of common NTP issues are the next:
      |• NTP packets are not received.
      |• NTP packets are received, but are not processed by the NTP process on the NX-OS.
      |• NTP packets are processed, but erroneous factors or packet data causes the loss of synchronization.
      |• NTP clock-period is manually set.
      |
      |1. Check the current NTP status by running the NX-OS command "show ntp peer-status".
      |2. If the "show ntp peer-status" command does not provide any output then try to ping the NTP servers. The NTP source and vrf may need to be provided as command options.
      |3. Check the routing table with the "show ip route vrf all" NX-OS command to verify that there is routing to the NTP servers.
      |4. Check that the UDP 123 port used by NTP service is permitted to the network.
      |5. Execute the "show run ntp" NX-OS command to review the NTP current configuration.
      |6. For more information review the next Nexus NTP troubleshooting guide: https://www.cisco.com/c/en/us/support/docs/ip/network-time-protocol-ntp/116161-trouble-ntp-00.html""".stripMargin,
  ConditionalRemediationSteps.VENDOR_FORTINET ->
    """
      |1. Login via ssh to the Fortinet firewall and execute the FortiOS “execute time” and “execute date” commands to check the current date/time and the last date of NTP sync.
      |2. Login via ssh to the Fortinet firewall and execute the FortiOS “diagnose sys ntp status” to review the status of the NTP servers and configuration.
      |3. NTP uses UDP protocol (17) and port 123 to communicate between the client and the servers.  Make sure that the firewall rules allow these UDP ports and can route toward the NTP servers.
      |4. Login via ssh to the Fortinet firewall and execute the FortiOS debug commands “diag debug application ntpd -1” and “diag debug enable” and review the debug messages.
      |5. Make sure NTP authentication keys match on both ends. Review the next link for more information http://kb.fortinet.com/kb/viewContent.do?externalId=FD33783.
      |6. More NTP configuration information can be found at link http://help.fortinet.com/cli/fos50hlp/56/Content/FortiOS/fortiOS-cli-ref-56/config/system/ntp.htm.""".stripMargin
)