This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Community Support Forum

SA Time slowly deviates from NTP

B_Hill
New Contributor
New Contributor

‎2024-05-10 10:44 AM

Here is the current situation. I admin Netwitness on 4 different networks and all are configured to use NTP. 3 of the networks are fine and keep time between the SA Head and other appliances w/no issue. However, on one network, all 8 NW devices have time that slowly deviates from NTP despite NTP being configured. Based off my rough calculations, time deviates from the NTP server time by about 10 seconds per day. I have to go into each of the 8 NW devices on this network and run the command to manually update time from the NTP server every few days, which is less than ideal and could cause issues if investigating any type of potential network event and using timestamps to determine cause. Any ideas on what could be causing this, or better yet, any corrective action?

0 Likes
12 REPLIES 12

JohnKisner
Valued Contributor Valued Contributor
Valued Contributor
In response to B_Hill

‎2024-08-13 11:30 AM

@B_Hill 

What I am reading regarding NTP is that the service may not automatically update the time if the variance is too great on check. On Node0 do you see the ntpd service attempting to reach the time source every 64 seconds or so? It should be in the messages file.

0 Likes

B_Hill
New Contributor
New Contributor
In response to JohnKisner

‎2024-08-13 12:00 PM

trying to figure out how to extract that information via "cat messages". I've attempted to grep various keywords but haven't been successful figuring out the exact verbiage to get the info I need. I'll keep trying but open to suggestions if you already have that knowledge.

 

0 Likes

JohnKisner
Valued Contributor Valued Contributor
Valued Contributor
In response to B_Hill

‎2024-08-13 12:25 PM

@B_Hill 

You should be able to grep for ntp in the messages file for when it starts, stops, and makes requests for updates. You may need to use the -i to ignore case.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.