Solved: Check NTP Synchronization Status

asigachev · ‎11-02-2015

I have two border routers that get time from external NTP servers while delivering it to my internal network devices. Sometimes some or even all of the configured exrernal servers go down, so we lose the sync.

I am trying to write a script that checks the NTP status and notifies me if NTP is either unsynchronized or synchronized to internal clock.

Polling OID "cntpSysSrvStatus" 1.3.6.1.4.1.9.9.168.1.1.11 (Part of CISCO-NTP-MIB) which according to Cisco reports exactly what I need:

1: server status is unknown

2: server is not running

3: server is not synchronized to any time source

4: server is synchronized to its own local clock

5: server is synchronized to a local hardware refclock (e.g. GPS)

6: server is synchronized to a remote NTP server

And this gives me a result snmp_entry_value_check: OID unavailable, value check skipped

The images I have tested it on are c7200-advipservicesk9-mz.152-4.M8 and asr1002x-universalk9.03.10.05.S.153-3.S5-ext.SPA.bin

One of my questions is: do I need to configure anything in the SNMP part on the device so that EEM could poll it?

Does any one has this task solved and how?

Dan Frey · ‎11-02-2015

Try polling ntpEntStatusCurrentMode from the NTP-MIB. Gives the same info as cntpSysSrvStatus.

View solution in original post

Dan Frey · ‎11-02-2015

Try changing the get-type from exact to next.

View solution in original post

Dan Frey · ‎11-02-2015

Try polling ntpEntStatusCurrentMode from the NTP-MIB. Gives the same info as cntpSysSrvStatus.

asigachev · ‎11-02-2015

Same result:

event manager applet checkntp authorization bypass
event snmp oid 1.3.6.1.2.1.197.1.2.1 get-type exact entry-op eq entry-val "1" entry-type value poll-interval 30 ratelimit 60
action 1.0 puts "OK"
action 2.0 exit

Nov 2 06:33:19.055: fh_fd_snmp_process_async
Nov 2 06:33:19.055: fh_fd_snmp_process_poll_timer: re=0x6A837C00, timer_type=POLL
Nov 2 06:33:19.059: fh_fd_snmp_oid_val_fetch: storing OID value
Nov 2 06:33:19.059: snmp_entry_value_check: OID unavailable, value check skipped
Nov 2 06:33:19.059: fh_fd_snmp_start_poll_timer: start_t=30000

Dan Frey · ‎11-02-2015

Try changing the get-type from exact to next.

asigachev · ‎11-04-2015

Thanks! It works well with OID 1.3.6.1.2.1.197.1.2.1 and get-type next.

I have tested the situations with NTP unsynchronized, synchronized to internal clock and synchronized to external server, all three statuses were returned correctly.

The whole script, just if anyone needs is:

event manager applet ntp-sync-check
 event tag 1 snmp oid 1.3.6.1.2.1.197.1.2.1 get-type next entry-op ne entry-val "6" entry-type value poll-interval 86400
 event tag 5 none
 trigger
  correlate event 1 or event 5
 action 0.10 info type routername
 action 1.00 cli command "enable"
 action 1.10 cli command "show ntp asso"
 action 1.20 set ntpa "$_cli_result"
 action 2.00 cli command "show ntp status"
 action 2.20 set ntpst "$_cli_result"
 action 3.00 syslog priority critical msg "NTP sync failed" facility "NTP"
 action 3.10 mail server "SERVER" to "MAIL@MAIL" from "$_info_routername@DOMAIN"  subject "** NTP Sync Failure **" body "$ntpst \015\012\015\012 $ntpa"
 action 3.20 snmp-trap strdata "NTP Sync failed"
 action 3.30 exit

Justin Godsey · ‎03-15-2017

what about an applet that only sends an email when NTP is unsynchronized. I have tried to edit this applet using "andnot" in the correlation configuration, but it will always email every 24 hours.

tneuhuber · ‎08-25-2023

hello,

thx to Asigachev.

i did it this way, you will get a syslog/trap once a week if ntp is in sync. "unsync" state is checked every hour, syslog/trap is

send every hour, as long unsync persists.

kind regards, Thomas

event manager applet NTP_SYNC_CHECK
event tag 1 snmp oid 1.3.6.1.2.1.197.1.2.1 get-type next entry-op eq entry-val "6" entry-type value poll-interval 302400
event tag 2 snmp oid 1.3.6.1.2.1.197.1.2.1 get-type next entry-op ne entry-val "6" entry-type value poll-interval 3600
trigger
correlate event 1 or event 2
action 0.10 info type routername
action 1.10 info type snmp oid 1.3.6.1.2.1.197.1.2.1 get-type next
action 1.20 if $_info_snmp_value eq "6"
action 1.30 syslog priority inform msg "NTP_in_Sync" facility "NTP"
action 1.31 snmp-trap strdata "NTP in Sync"
action 1.50 cli command "enable"
action 1.51 cli command "show ntp asso | append flash:ntpstatus.txt"
action 1.52 set ntpa "$_cli_result"
action 1.53 cli command "show ntp status | append flash:ntpstatus.txt"
action 1.60 set ntpst "$_cli_result"
action 2.00 else
action 2.10 cli command "enable"
action 2.11 cli command "show ntp asso | append flash:ntpstatus.txt"
action 2.12 set ntpa "$_cli_result"
action 2.13 cli command "show ntp status | append flash:ntpstatus.txt"
action 2.14 set ntpst "$_cli_result"
action 2.30 syslog priority critical msg "NTP sync failed" facility "NTP"
action 2.31 snmp-trap strdata "NTP Sync failed"
action 9.00 end