Timezone mismatch across cluster members-checkpoint-gaia,ipso
Vendor: checkpoint
OS: gaia,ipso
Description:
Indeni will identify when two devices are part of a cluster and alert if the timezone setting is different.
Remediation Steps:
Review the settings of each device in the cluster and ensure they are the same.
How does this work?
Parse the Gaia/IPSO configuration database in /config/active and retreive the currently configured time zone. It is also possible to list it using clish, but that generates a large amount of logs in /var/log/messages when done repeatedly.
Why is this important?
A correct time and time zone is very important for many reasons. An incorrectly configured time zone could mean that timestamps on logs are incorrect.
Without Indeni how would you find this?
An administrator could login and manually run the command.
chkp-clish-show-timezone
name: chkp-clish-show-timezone
description: records the timezone for the device
type: monitoring
monitoring_interval: 60 minutes
requires:
vendor: checkpoint
or:
- os.name: gaia
- os.name: ipso
comments:
timezone:
why: |
A correct time and time zone is very important for many reasons. An incorrectly configured time zone could mean that timestamps on logs are incorrect.
how: |
Parse the Gaia/IPSO configuration database in /config/active and retreive the currently configured time zone.
It is also possible to list it using clish, but that generates a large amount of logs in /var/log/messages when done repeatedly.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: ${nice-path} -n 15 grep "timezone" /config/active
parse:
type: AWK
file: show-timezone.parser.1.awk
cross_vendor_compare_timezone
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_compare_timezone.scala