000035270 - RSA Security Analytics is unable to talk to the NTP daemon and reports an "Is it running?" message

Document created by RSA Customer Support Employee on Jun 21, 2017Last modified by RSA Customer Support Employee on Jun 26, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035270
Applies ToRSA Product Set: Security Analytics, NetWitness Logs and Packets
RSA Product/Service Type: Core Appliances (excluding the Security Analytics Server/ Head Unit)
RSA Version/Condition: 10.6.x.x
IssueThe ntpd service is running, however when you type "ntpstat" you will receive the message below.
Unable to talk to NTP daemon. Is it running?
CauseThe iptables input chain must be updated to allow NTP communication over UDP port 123.
ResolutionTo resolve the issue, follow the steps below.
  1. Connect to the appliance that is reporting the warning message via SSH and execute the command below.
    iptables -I INPUT 1 -p udp --dport 123 -j ACCEPT ; service iptables save

  2. You should now be able to receive the expected output from the "ntpstat" command as shown below.
    [root@esa ~]# ntpstat
    synchronised to NTP server (x.x.x.x) at stratum 4
       time correct to within 117 ms
       polling server every 64 s