Cisco IPS-4255-K9 Installation Guide - Page 296
Correcting Time on the Sensor, Advantages and Restrictions of Virtualization
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 296 highlights
Advantages and Restrictions of Virtualization Chapter A Troubleshooting Step 3 Step 4 Generate the hosts statistics again after a few minutes. sensor# show statistics host ... NTP Statistics remote refid st t when poll reach delay *11.22.33.44 CHU_AUDIO(1) 8 u 22 64 377 0.518 LOCAL(0) 73.78.73.84 5 l 22 64 377 0.000 ind assID status conf reach auth condition last_event cnt 1 10372 f624 yes yes ok sys.peer reachable 2 2 10373 9024 yes yes none reject reachable 2 status = Synchronized offset jitter 37.975 33.465 0.000 0.001 If the status continues to read Not Synchronized, check with the NTP server administrator to make sure the NTP server is configured correctly. Correcting Time on the Sensor If you set the time incorrectly, your stored events will have the incorrect time because they are stamped with the time the event was created. The Event Store time stamp is always based on UTC time. If during the original sensor setup, you set the time incorrectly by specifying 8:00 p.m. rather than 8:00 a.m., when you do correct the error, the corrected time will be set backwards. New events might have times older than old events. For example, if during the initial setup, you configure the sensor as central time with daylight saving time enabled and the local time is 8:04 p.m., the time is displayed as 20:04:37 CDT and has an offset from UTC of -5 hours (01:04:37 UTC, the next day). A week later at 9:00 a.m., you discover the error: the clock shows 21:00:23 CDT. You then change the time to 9:00 a.m. and now the clock shows 09:01:33 CDT. Because the offset from UTC has not changed, it requires that the UTC time now be 14:01:33 UTC, which creates the time stamp problem. To ensure the integrity of the time stamp on the event records, you must clear the event archive of the older events by using the clear events command. Note You cannot remove individual events. For More Information For the procedure for clearing events, see Clearing Events, page A-92. Advantages and Restrictions of Virtualization To avoid configuration problems on your sensor, make sure you understand the advantages and restrictions of virtualization on your sensor. Note The AIM IPS and the NME IPS do not support virtualization. A-18 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01