Re: IDSM2 - time not synchronized

rafi1979 · ‎09-06-2004

hi..i'm just amateur on IDSM-2.

i'm using cisco IDSM2 on switch 6509, and also using security monitor ver. 1.2. Time on switch are the current time and using PST timezone. Our problem is :

-Time on IDSM2 not synchronized with switch (early 8 hours from switch time) but others like NAM and Firewall module time are synchronized.

-Time display on security monitor event early 8 hours than IDSM2 time (means 16 hour early than current time- switch)

i just using the default time on idsm2,without modifying ntp, summer time and system timezone.. because i thought the idsm2 will follow the switch time automatically.

i have cleared events (cli command) already but still no changes.

pls help..

flyingmunk · ‎09-07-2004

by default, the idsm-2 will synchronize its clock (GMT time) with that of the switch, however, you will need to set the timezone and summertime settings on the idsm-2.

make sure you set these on your switch also.

hope this helps.

chris

rafi1979 · ‎09-07-2004

i'm not familiar with the switch configuration because i'm not a network person.. can you show me an example for time configuration (summertime settings?? & timezone) for both the swith 6509 and idsm2 ?? my location was in kuala lumpur, malaysia..

pls help..tq

jamesand · ‎09-08-2004

For the idsm2 sensor, run cli and enter the "setup" command. Here is an example of how to setup central standard/daylight time (CST and CDT):

sensor29# setup

--- System Configuration Dialog ---

...

Continue with configuration dialog?[yes]:

Enter host name[sensor29]:

Enter IP address[10.89.147.29]:

Enter netmask[255.255.255.128]:

Enter default gateway[10.89.147.126]:

Enter telnet-server status[enabled]:

Enter web-server port[443]:

Modify current access list?[no]:

Modify system clock settings?[no]: yes

Use NTP?[no]:

Modify summer time settings?[no]: yes

Recurring, Date or Disable?[Recurring]:

Start Month[apr]:

Start Week[first]:

Start Day[sun]:

Start Time[02:00:00]:

End Month[oct]:

End Week[last]:

End Day[sun]:

End Time[02:00:00]:

DST Zone[]: CDT

Offset[60]:

Modify system timezone?[no]: yes

Timezone[UTC]: CST

UTC Offset[0]: -360

The following configuration was entered.

...

rafi1979 · ‎09-08-2004

i have tried setting this before by entering the offset value = -480 (minus 8 hours) and the time was synchronized between ids module and switch 6509, but why in security monitor when i run the selected events, the result display was the wrong time (not same with the ids module time)????.

For example let say i choose to display the events on seurity monitor between 5.00pm until 6.00pm on 6 august 2004. The ids module time was synchronized with the switch (current time).

The result display on the local date & time column (on sec monitor events) was 8 hours early than ids module time. Result display was events between 1am-2am on the next day (7 august)

jamesand · ‎09-08-2004

Did you reboot the idsm sensor? If not then reboot the sensor and see if the event times are corrected.

rafi1979 · ‎09-20-2004

of course i always reboot it because by default the sensor will reboot automatically after the time was changed. Is the VMS/Security monitor was corrupted?? i have remove and install back IDS MC and Security MOnitor but still no changes (time display on sec. monitor not synchronized). Should i re-install back the VMS CiscoWorks???