How to check if the clock/ntp is correctly configured and synch'd?

I would like to run a compliance report on a cisco switch to check the clock time is synch'd correctly to a ntp server and matches the current time. I could run "show clock" on each switch but it would take "life" due to the size of our estate. 

Does anyone have any idea or tips how i do this please? I can search for the ntp lines in the config but for some reasons e.g. authentication keys may be incorrect and therefore the clock is not synch'd and "compliance report" would not work for what i am after.

Could someone assist and help out please?

Thank you.

  • just to check, what other Solarwinds modules do you have apart from NCM

  • Some of my routers at remote offices won't let me monitor their NTP status. I created a job to run daily that merely runs this script and returns the results via email to me.

    show ntp status | inc synchronized
    show ntp status | inc offset

  • Hi ,

    Thanks for the reply. We are licensed for:

    NCM - Network Configuration Manager

    NPM - Network Performance Monitor

    LA - Log Analyzer

    NTA - Netflow

    Regards,

    Irfan.

  • Hi ,

    Thanks for the reply. I'm not really familiar with scripts but will look into it as i know jobs can be created on Solrwinds. 

    Is there no way this be created via a rule in Compliance though as this will alert which clock on devices is synchronised and which is not? 

    Regards,

    Irfan.

  • I recognize you want a Report that confirms your devices are in sync with NTP.  However, a Compliance Report might not be what you intuitively would use.  (Or, I might be doing things incorrectly, and YOU are in the right)

    Compliance Reports, in my environment, are primarily used to look for specific lines of configuration in our switches, routers, firewalls, etc.  If a line we believe is mandatory happens to be missing, or has typos in it, a Compliance Report will highlight it and notify us.  

    If you trust your scripting commands, Compliance Reports will also automatically change the configuration to match your needs via the Remediation script section.

    Tread carefully in the realm of the automatic remediation scripting, lest you inadvertently make changes that are detrimental to your environment the next time the Compliance Report runs.  You don't have to put anything into the Remediation section, or if you do put commands in there, you don't have to enable them to run automatically.

    I'm a fan of creating an NCM Job that issues the "show ntp" commands referenced by another.  I tend to run that kind of Job after Daylight Savings Time changes here, and I treat it as a Report.

  • I have basically the same requirement.  I found that most of the Cisco platfroms have an OID for that.  

    MIB NAME: CISCO-NTP-MIB

    OID: 1.3.6.1.4.1.9.9.168.1.1.11
    NAME: cntpSysSrvStatus

    DESCRIPTION:
    "Current state of the NTP server with values coded as follows:
    1: server status is unknown
    2: server is not running
    3: server is not synchronized to any time source
    4: server is synchronized to its own local

    Also there is another

    OID: 1.3.6.1.2.1.197.1.2.1

    NAME: ntpEntStatusCurrentMode

    DESCRIPTION:

    "The current mode of the NTP. The definition of each possible
    value is:
    notRunning(1) - NTP is not running.
    notSynchronized(2) - NTP is not synchronized to any time
    source (stratum = 16).
    noneConfigured(3) - NTP is not synch

  • you may find it easier to use NPM, as you already own it.

    Create a poller to check the snmp using OID that  mentioned

    That will give you a specific method to at least know when something drops out.

    For added points you can build an alert that looks for specific return codes to attempt remediation before alerting you :)

  • Yea, that would be two different things. 

     NCM Compliance manager can check to see if its configured right as previously said.  

     NPM's custom pollers can poll the OID you mentioned and figure out if it syched ok and alert on it if not.

    There was a discussion some time ago on the NTP question, specifically making sure that only the right servers were configured, and potentially remove any others that might be there.

    Link for that discussion is here:  https://thwack.solarwinds.com/t5/NCM-Discussions/Automated-Config-clean-up/m-p/312578

  • Hi ,

    Are you able to provide the steps how to create a poller for the snmp OID check please? I'm new to this so may struggle here. Apologies and thanks in advance.

    Thank you.

  • Hi ,

    Thanks. I've asked  for the steps how to do this. I'm hoping this works ;-).

    Thank you.