RE: [logs] NTP Client?

From: Daniele Muscetta (danieleat_private)
Date: Tue Feb 11 2003 - 10:59:54 PST

  • Next message: Tom Perrine: "[logs] security animation - datamining experiment" 

    Well... On W2K the NTP client is installed by default.... It is the
"windows time service".... It is both an NTP client and an NTP server.
It is designed to be used in an active directory environment so that the
first DC of the forest synchronizes with some "external" source, and
then the other servers from the first, and then the clients from their
respective server...

But it can be manually configured:
Just do  net time /setsntp:1.2.3.4 (where 1.2.3.4 is of course the IP
address, or the name of the time source you want to use). Done. You can
search on technet for further reference. If you don't want to use that,
there is a "replacement" time server (that can be further configured)
that was basically the OLD version of the same stuff.... It used to be a
"TIMESERV" (on windows NT, but that was ONLY a time SERVER, not a
client) and then W32Time... You need to search among the old stuff,
resource kits, etc...
But the built in one works just FINE.

For the Cisco I do not know... Well, let's say that it is ideal to be
able to CORRELATE events... So, well, then it is useful to have the
sources synchronized... But if it doesn't do it... Well, it just does
not do it!! Just put manually the same time and timezone... And check it
every now and again.... ;)

Best regards, 

Daniele


-----Original Message-----
From: loganalysis-adminat_private
[mailto:loganalysis-adminat_private] On Behalf Of Ryan
Sent: Tuesday, February 11, 2003 7:06 PM
To: loganalysisat_private
Subject: [logs] NTP Client?


Hi,

I'm working on creating a syslog infrastucture on a network, and was
wondering about synching the times on all the machines.  I will be using
NTP, but on the Windows 2000 Server I'm not sure what to use for a NTP
client.

Also, I've found that my Cisco 1924 switch doesn't support NTP.  Should
I even worry about having correct time in relation to the rest of the
network?  This would mean that the switch's time wouldn't be exactly the
same as the rest of the network when logging.  How should I solve these
problems?  Let me know.  Thanks.

Ryan
www.packetwatch.net 

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis


_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

    This archive was generated by hypermail 2b30 : Tue Feb 11 2003 - 21:36:51 PST