|Applies To||RSA NetWitness NextGen|
RSA NetWitness Decoder
RSA NetWitness Log Decoder
RSA NetWitness Concentrator
RSA NetWitness Hybrid
RSA NetWitness Broker
RSA NetWitness Administrator
|Issue||How to configure NTP on an RSA Netwitness appliance.|
How to get NetWitness appliances to be in sync with each other using NTP.
The RSA NetWitness architecture relies heavily on a consistent time source to keep the data synchronized between multiple devices. It is highly recommended that NTP be setup on every RSA NetWitness appliance to ensure optimal performance. Not doing so may result in sluggish query performance, concentrators falling behind in consumption, and/or devices being aggregated always remaining in a waiting state instead of consuming.
NTP can be configured by following the steps below, which will configure the time synchronization parameters.
You can verify the NTP server information by examining the /etc/ntp.conf file via SSH. The entry will appear similar to the following: server 0.pool.ntp.org
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
If your appliances have access to the Internet, 0.pool.ntp.org can be used as the NTP server.
If the NTP configuration does not appear to be persistent after rebooting the appliance, follow the procedure in the knowledgebase article Setting the NTP source on an RSA NetWitness appliance is not persistent after reboot.
|Legacy Article ID||a58598|