Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Installation And Configuration Manual page 412

Troubleshooting the 4200 Series Appliance
Verifying that the Sensor is Synchronized with the NTP Server
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
B-34
To verify that the sensor is synchronized with the NTP server, follow these steps:
Log in to the service account.
Check to see if the sensor can communicate with the NTP server by running
/usr/sbin/ntpg -p:
sensor# /usr/sbin/ntpq -p
remote refid
10.89.147.99 CHU_AUDIO(1) 6
LOCAL(0) LOCAL(0)
In the servers's IP address line, if the value in the reach column is 0, the sensor
either cannot communicate with the NTP server or the keys do not match.
Make sure the sensor can contact the NTP server by running /usr/sbin/ntptrace:
sensor# /usr/sbin/ntptrace
If this is the output, the sensor can contact the NTP server but the key ID or value
is most likely incorrect:
10.89.147.99: stratum 6, offset 0.025372, synch distance 0.00003
If this is the output, there is most likely a network connectivity or access problem:
10.89.147.99: 'Timeout'
If you can contact the NTP server, make sure the sensor can authenticate the NTP
server:
sensor# /usr/sbin/ntpq -c assoc
In this output, the auth column has
authenticate the NTP server. If the auth column has
key value configured on the sensor does not match the value configured on the
server.
ind assID status conf reach auth condition
1 1052 f614 yes
2 1053 9014 yes
st t when poll reach delay offset jitter
u 47 64 0
5 l 59 64 0
server_ip_address
, indicating that the sensor was able to
ok
yes ok sys.peer
yes none reject
Appendix B Troubleshooting
0.410 19.457 0.740
0.000 0.000 0.004
most likely the key ID or
bad
last_event cnt
reachable 1
reachable 1
78-15597-02