Greetings,

I have figured out a way to have a Cisco IDS appliance running v4.1 of the software update its time via NTP without relying on a server that offers “authenticated time.”

This is accomplished using the following method:

1) Create, if necessary the ‘service’ account (this process is described in the Cisco IDS documentation and in various posts on this forum);

2) Login to the ‘service’ account using a CLI SSH client;

3) Become ‘root’ by issuing the ‘su –‘ command and providing the same password you used to login to the ‘service’ account;

4) Issue the command ‘crontab –e’ to open the ‘root’ user’s crontab file for editing;

5) Add the following lines to the crontab file:

# Use NTP to sync time every other hour

01 */2 * * * /usr/sbin/ntpdate <NTP server IP> /dev/null 2>&1

02 */2 * * * /sbin/hwclock –systohc

6) Verify the crontab using the command ‘crontab –l’;

7) Confirm that the time is accurate at the top of the next even numbered hour by issuing the ‘date’ command; and,

8) Logoff from the ‘service’ account by issuing the ‘exit’ command twice.

NOTE: This is not a Cisco-supported solution! Use at your own risk!

I decided to try this due to two factors. My sensors are suffering from a time drift issue and, I do not control the existing timeservers in my environment. Due to the later, I cannot change their configuration to support “authenticated time” and I cannot deploy my own timeserver to offer it either.

For those of you in the same boat as me (no authenticated time available and a desperate need to have synced time on your production sensors), I hope this helps.

Alex Arndt