Monitoring

NTP Configuration

Configuring NTP is a best practice for network administrators to avoid problems due to inconsistent timekeeping across devices. NTP ensures that your devices' clocks are all synchronized, within milliseconds, across your network so that there are no time incongruities in events. Some devices, like those that support NetFlow and sFlow, will require accurate time synchronization to even function.

Note: The ntp package must be installed on the Linux Collector host in order to monitor NTP on assigned devices. Monitoring NTP with a Windows Collector does not require any special configuration.

To install the Linux ntp package:

apt-get install ntp
yum install ntp  
  • Insert a line allowing the Collector to query the ntp daemon in /etc/ntp.conf
restrict 10.0.0.0 mask 255.255.255.0
  • Change the IP address and mask as appropriate to include the Collector(s) IP address. If security is a concern, you may add multiple restrict lines.
  • Restart NTP:  
service ntpd restart

RedHat/CentOS

  1. Install the RPM:

    yum install ntp
  2. Configure ntp to allow queries from the Collector - 192.168.193.128 in the example below. Be sure to replace the IP address below with of your Collector.

    echo "restrict 192.168.193.128" >> /etc/ntp.conf

    If desired, you can optionally set a subnet and mask instead of a single IP address, like this (where you will also need to be sure to use the correct subnet information):

    echo "restrict 10.9.8.0 mask 255.255.255.0" >> /etc/ntp.conf
  3. Start the service, and set it to start on server reboot. For RedHat/CentOS 7.0 you can use these systemctl commands:

    systemctl restart ntpd.service
    systemctl enable ntpd.service

     

    Otherwise, for older versions of RedHat/CentOS, you can use these commands:

    /etc/init.d/ntpd restart
    chkconfig ntpd on

 

Debian/Ubuntu

Install the ntp package:

apt-get install ntp

Now edit your ntp.conf file:

nano /etc/ntp.conf

Make sure your host is configured to sync from a common set of pool servers that are used across your network, and append the following line to allow queries to be made by the Collector host:

restrict 10.1.1.10

You need to replace "10.1.1.10" with the IP of the Collector host.

If you are running IPtables, make the following exception:

iptables -A INPUT -p udp -s 10.1.1.10 --dport 123 -j ACCEPT

Restart the ntp service and set it to start on server boot:

/etc/init.d/ntp restart
chkconfig ntp on
 

When you have NTP installed, the instances generated by the LogicMonitor NTP datasource can display any offset between device clocks. If NTP is not properly configured, you may instead get an alert like the one below:

The NTP datasources use the ntpq binary command installed on the Collector host. To troubleshoot NTP, you can use the command ntpq -nc peers Host, where Host is the name or IP address of each device you are keeping in sync. Use the following legend to determine its NTP status:

* master (synced),
# master (unsynced),
+ selected,
- candidate,
~ configured  

IP Tables

The following procedures below detail how to allow both SNMP and NTP access for Linux devices.

  1. Access the command shell of the Linux host (via ssh or from the console).
  2. Open the file/etc/sysconfig/iptables in your preferred editor.
  3. After the line matching similar to "-A RH-Firewall-1-INPUT –p udp –dport 5353", add the following lines to the INPUT section:
-A RH-Firewall-1-INPUT -p udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 123 -j ACCEPT 

4. Save and close the file.
5. Restart the firewall service: service iptables restart