Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Want NTP on your IDS?

Hello everyone! Below you will find my generic howto on how to add NTP service to your Cisco IDS. Obviously Cisco doesn't "support" this configuration but it is very simple so it shouldn't cause any problems. The NTP update service is already installed on the OS so this process is very simple.

1.) SSH/Telnet into your IDS and login as root.

2.) Unless you are familiar with the ed editor, excute these commands so that you don't frustrate yourself. "EDITOR=/usr/bin/vi" then "export EDITOR". Now vi will be your default editor.

3.) Type "crontab -l". This will list your current crontab, I suggest you make a backup of this unless you are good with vi. :)

4.) Tyco "crontab -e". This will allow you to edit your crontab entries within the vi editor. The statement I added is "30 11 * * * /usr/sbin/ntpdate 123.123.123.1 > /dev/null 2>&1"

This will run the ntpdate program every day at 11:30am, pulling the time from the 123.123.123.1 NTP server.

-Bryan <bryangreen@tycoint.com>

5 REPLIES
Community Member

Re: Want NTP on your IDS?

Bryan,

Thanks for the information - excellent instructions. How would you recommend someone "confirm" their sensor is being properly updated via NTP? I have limited experience with Solaris. I presume there might be something from the command prompt which would indicate the system's source of time?

Thanks.

Community Member

Re: Want NTP on your IDS?

To confirm your sensor is updating the time correctly I would simply go in and manually set the date incorrectly and then wait until the cron job runs and the system time should be corrected. :)

Community Member

Re: Want NTP on your IDS?

Hi,

Did this and it worked manually, but for some reason did not appear to work automatically.

Also I noticed that the IDS also attemtps to contact 0.0.0.2 on port 123(udp). Whats this all about?

If I chance your 30 11 to 58 23 does this mean it will run at 11:58pm?

Community Member

Re: Want NTP on your IDS?

I don't understand why you need your crontab to use ntp

To enable NTP on your IDS:

telnet as root on the IDS

1) cd /etc/inet

2) cp ntp.client ntp.conf

3) vi ntp.conf

4) add the following line : server #your_ip_ntp_server

5) close ntp.conf

6) reboot the IDS

... it's done and the process (xntpd) is running: check with ps -ef

use also xntpdc and issue the command peers to check the status of your association.

it works for me

regards

Community Member

Re: Want NTP on your IDS?

Yes, I agree that editing the ntp.conf file will probably achieve the same task. The only problem I see is that the xntpd daemon is ALWAYS running and using up system resources, in addition to whatever security risks associated with keeping this process going. I still believe a simple cronjob running the ntp update is a better all around solution, I guess the point could be argued either way. :)

90
Views
0
Helpful
5
Replies
CreatePlease to create content