ā05-18-2016 02:51 AM
hi, I am new here. I'd like to find time related OID in ASA 5520. But when I run "show snmp-server oidlist", I found there is no time related OID in ASA 5520. I want to use snmp sensor about ntp status or system current time. Is there any solution for my problem? Thank you.
Solved! Go to Solution.
ā05-18-2016 09:08 AM
Hi
The OID to monitor current time and date is csyClockDateAndTime, that belongs to the CISCO-SYSTEMS-MIB which is not supported on the ASA, for NTP status the MIB is CISCO-NTP-MIB which also is not supported on ASA devices.
ā05-18-2016 09:08 AM
Hi
The OID to monitor current time and date is csyClockDateAndTime, that belongs to the CISCO-SYSTEMS-MIB which is not supported on the ASA, for NTP status the MIB is CISCO-NTP-MIB which also is not supported on ASA devices.
ā05-18-2016 09:42 AM
Clock synchronization is vital for security, especially for audit log correlation. PCI DSS mandates that network equipment synchronize their time with an NTP server and their time is monitored (i.e by a NMS) for possible skews. So when logs need to be audited for a certain date and time, first the NTP sensor logs in the NMS is queried to fetch the skew value at a particular time instant, then the actual log in the syslog for that particular time is retrieved and then its time stamp is corrected considering the skew value.
How could Cisco miss this in their major security line of product?
ā05-18-2016 09:54 AM
Thank you for replying. So, there is no way in ASA to achieve my goal?
ā05-18-2016 09:54 AM
Using snmp polling there is no way for the NTP synchronization or current time and date to be polled, you can try other options like EEM scripts and TCL scripts. For that there is a specific forum where you can get help configuring the scripts so that you can get that information send on a syslog manner.
https://supportforums.cisco.com/community/5941/eem-scripting
ā05-18-2016 09:57 AM
thank you. I will check it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide