Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NTP configuration On IDS42xx ?

Hi everyone,

Does anybody could time synchronise an IDS 42xx with an NTP server using NTP,

The NTP client does not exist on the IDS, perhaps just adding it from a solaris2.8 distribution should work. has anybody succeded in doing that ?

thanks

5 REPLIES
Bronze

Re: NTP configuration On IDS42xx ?

NTP does in fact exist on 3.x version sensors. We do not currently support the use of NTP on sensors, but it is possible to use. We use it on alot of sensors internally. You just need to create the appropriate entries into /etc/inet/ntp.conf and reboot the sensor. There was a vulnerability in NTP that got fixed in one latest service packs, so make sure you are using the latest sensor software (3.1(2)S26+). Just be warned that you may not be supported running in this mode by the TAC. NTP support is officially slated for 4.0.

New Member

Re: NTP configuration On IDS42xx ?

I currently have 2 4210 sensors running with a NetForensics server. Seems like once a month I have to manually adjust the time on the sensors to be within 30 seconds of the NetForensics server or the data does not get posted into the database. This is a pain in the rear since I can never really tell for sure when they get out of sync. They (netforensics support) recommended setting up ntp on the sensors, but from this post, it looks like you don't recommend or support that. Is there any other option to keep these time sync'd? Would my support contract be void if I did set it up?

Cisco Employee

Re: NTP configuration On IDS42xx ?

NTP is expected to be supported in the next release of our sensor software.

Regards,

-Mun

New Member

Re: NTP configuration On IDS42xx ?

When is the next release of sensor software due for public release? Also is there anywhere on the Cisco Site that shows what other new features are going to be included?

Bronze

Re: NTP configuration On IDS42xx ?

The NTP client software is installed on the 3.x sensors. It's just not configured. Do *not* add any patches to the system. This is totally unsupported and will definitely cause problems for TAC cases. As far as NTP goes, we run it internally on quite a few sensors without problems. If you do enable it and run into problems later, the TAC may ask you to disable NTP to return the sensor to a "supported" mode. To configure the sensor for NTP, you must create the file /etc/inet/ntp.conf. Add lines like:

server

server

Then, reboot the sensor. Also note, that there was a remotely exploitable bug in NTP for Solaris. I believe a patch for this was included in one of the recent service packs, so make sure that you're running the latest code.

108
Views
5
Helpful
5
Replies