×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Want NTP on your IDS?

Unanswered Question
Jan 31st, 2003
User Badges:

Hello everyone! Below you will find my generic howto on how to add NTP service to your Cisco IDS. Obviously Cisco doesn't "support" this configuration but it is very simple so it shouldn't cause any problems. The NTP update service is already installed on the OS so this process is very simple.



1.) SSH/Telnet into your IDS and login as root.


2.) Unless you are familiar with the ed editor, excute these commands so that you don't frustrate yourself. "EDITOR=/usr/bin/vi" then "export EDITOR". Now vi will be your default editor.


3.) Type "crontab -l". This will list your current crontab, I suggest you make a backup of this unless you are good with vi. :)


4.) Tyco "crontab -e". This will allow you to edit your crontab entries within the vi editor. The statement I added is "30 11 * * * /usr/sbin/ntpdate 123.123.123.1 > /dev/null 2>&1"


This will run the ntpdate program every day at 11:30am, pulling the time from the 123.123.123.1 NTP server.


-Bryan <[email protected]>

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
s309973 Mon, 02/03/2003 - 10:00
User Badges:

Bryan,


Thanks for the information - excellent instructions. How would you recommend someone "confirm" their sensor is being properly updated via NTP? I have limited experience with Solaris. I presume there might be something from the command prompt which would indicate the system's source of time?


Thanks.

bryan.green Mon, 02/03/2003 - 11:10
User Badges:

To confirm your sensor is updating the time correctly I would simply go in and manually set the date incorrectly and then wait until the cron job runs and the system time should be corrected. :)


grimish Fri, 02/07/2003 - 02:31
User Badges:

Hi,


Did this and it worked manually, but for some reason did not appear to work automatically.


Also I noticed that the IDS also attemtps to contact 0.0.0.2 on port 123(udp). Whats this all about?


If I chance your 30 11 to 58 23 does this mean it will run at 11:58pm?

duchesne_ced Fri, 02/07/2003 - 06:10
User Badges:

I don't understand why you need your crontab to use ntp


To enable NTP on your IDS:


telnet as root on the IDS


1) cd /etc/inet

2) cp ntp.client ntp.conf

3) vi ntp.conf

4) add the following line : server #your_ip_ntp_server

5) close ntp.conf

6) reboot the IDS


... it's done and the process (xntpd) is running: check with ps -ef


use also xntpdc and issue the command peers to check the status of your association.


it works for me


regards

bryan.green Fri, 02/07/2003 - 10:02
User Badges:

Yes, I agree that editing the ntp.conf file will probably achieve the same task. The only problem I see is that the xntpd daemon is ALWAYS running and using up system resources, in addition to whatever security risks associated with keeping this process going. I still believe a simple cronjob running the ntp update is a better all around solution, I guess the point could be argued either way. :)

Actions

This Discussion