We help IT Professionals succeed at work.

NTP:  Check Network to Ensure NTP is Synch'd

High Priority
69 Views
Last Modified: 2020-01-18
What logs would house information on NTP?  I'm trying to see if I can ingest these logs into Splunk to check and see if any servers times on the network are off.
Comment
Watch Question

Dr. KlahnPrincipal Software Engineer
CERTIFIED EXPERT

Commented:
I/M/O:  Unless you are running a very large, geographically distributed network, then there should not be more than one NTP server on your network and that system should do nothing else so that its own reliability is preserved.  NTP traffic is low and packet sizes are small; even if the server received 100 requests simultaneously it would be able to serve them all properly.

When there is only one NTP server the question of non-matching times can not arise.
nociSoftware Engineer
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
If you want to validate NTP you need to use an NTP service to verify the other servers.
An monitor that server.....

Or use nagios  check_ntp  (in one of its incarnations)  make it possible to verify the local clock against a different system and produce a log record from this.

Multiple NTP servers are possible and you can make them peers  with outside anchors where needed.
Peers will synchronise if the anchors are (temporary) unavailable.

Author

Commented:
would it be possible to run a query in Tanium to spit out NTP configurations across all servers on the network?
nociSoftware Engineer
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
I have no idea what Tanium can/cannot do.

How many NTP servers are you talking about,  to what extend are they in geographicaly the same place.
(  it makes sense to sync to an NTP server in the same region (country, state, province,  It makes no sense to sync a FR server to a JP  NTP server.).

if you have a few (2/3 servers within one network in one site (or 2,3 nearby sites)  then  make all servers each other peer..., then you can use the same config to all of them.
You can select (external) ntp  servers from a pool.  by using a name and resolve through DNS.

See also: https://www.pool.ntp.org/en/

Author

Commented:
Thanks, all. After some research I can query server (Windows and Lunux) nodes within Tanium to pull times.
Commented:
Thanks, all. After some research I can query server (Windows and Lunux) nodes within Tanium to pull times.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.