Check NTP Synchronization Status

Answered Question
Nov 2nd, 2015
User Badges:

I have two border routers that get time from external NTP servers while delivering it to my internal network devices. Sometimes some or even all of the configured exrernal servers  go down, so we lose the sync.

I am trying to write a script that checks the NTP status and notifies me if NTP is either unsynchronized or synchronized to internal clock.

Polling OID "cntpSysSrvStatus" 1.3.6.1.4.1.9.9.168.1.1.11 (Part of CISCO-NTP-MIB) which according to Cisco reports exactly what I need:

1: server status is unknown

2: server is not running

3: server is not synchronized to any time source

4: server is synchronized to its own local clock

5: server is synchronized to a local hardware refclock (e.g. GPS)

6: server is synchronized to a remote NTP server

And this gives me a result snmp_entry_value_check: OID unavailable, value check skipped

The images I have tested it on are c7200-advipservicesk9-mz.152-4.M8 and asr1002x-universalk9.03.10.05.S.153-3.S5-ext.SPA.bin

One of my questions is: do I need to configure anything in the SNMP part on the device so that EEM could poll it?

Does any one has this task solved and how?

Correct Answer by Daniel Frey about 1 year 5 months ago

Try changing the get-type from exact to next.

Correct Answer by Daniel Frey about 1 year 5 months ago

Try polling ntpEntStatusCurrentMode  from the NTP-MIB.   Gives the same info as cntpSysSrvStatus.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Daniel Frey Mon, 11/02/2015 - 12:55
User Badges:
  • Cisco Employee,

Try polling ntpEntStatusCurrentMode  from the NTP-MIB.   Gives the same info as cntpSysSrvStatus.

asigachev Mon, 11/02/2015 - 16:41
User Badges:

Same result:


event manager applet checkntp authorization bypass
 event snmp oid 1.3.6.1.2.1.197.1.2.1 get-type exact entry-op eq entry-val "1" entry-type value poll-interval 30 ratelimit 60
 action 1.0 puts "OK"
 action 2.0 exit


Nov  2 06:33:19.055: fh_fd_snmp_process_async
Nov  2 06:33:19.055: fh_fd_snmp_process_poll_timer: re=0x6A837C00, timer_type=POLL
Nov  2 06:33:19.059: fh_fd_snmp_oid_val_fetch: storing OID value
Nov  2 06:33:19.059: snmp_entry_value_check: OID unavailable, value check skipped
Nov  2 06:33:19.059: fh_fd_snmp_start_poll_timer: start_t=30000

Correct Answer
Daniel Frey Mon, 11/02/2015 - 16:58
User Badges:
  • Cisco Employee,

Try changing the get-type from exact to next.

asigachev Wed, 11/04/2015 - 05:13
User Badges:

Thanks! It works well with OID 1.3.6.1.2.1.197.1.2.1 and get-type next.

I have tested the situations with NTP unsynchronized, synchronized to internal clock and synchronized to external server, all three statuses were returned correctly.

The whole script, just if anyone needs is:

event manager applet ntp-sync-check
 event tag 1 snmp oid 1.3.6.1.2.1.197.1.2.1 get-type next entry-op ne entry-val "6" entry-type value poll-interval 86400
 event tag 5 none
 trigger
  correlate event 1 or event 5
 action 0.10 info type routername
 action 1.00 cli command "enable"
 action 1.10 cli command "show ntp asso"
 action 1.20 set ntpa "$_cli_result"
 action 2.00 cli command "show ntp status"
 action 2.20 set ntpst "$_cli_result"
 action 3.00 syslog priority critical msg "NTP sync failed" facility "NTP"
 action 3.10 mail server "SERVER" to "[email protected]" from "[email protected]"  subject "** NTP Sync Failure **" body "$ntpst \015\012\015\012 $ntpa"
 action 3.20 snmp-trap strdata "NTP Sync failed"
 action 3.30 exit
Justin Godsey Wed, 03/15/2017 - 08:22
User Badges:

what about an applet that only sends an email when NTP is unsynchronized.  I have tried to edit this applet using "andnot" in the correlation configuration, but it will always email every 24 hours.

Actions

This Discussion