NTP Troubleshooting for SIEM devices

Version 1

    Activities generated by the ESM and its connected SIEM devices are time-stamped, so it is important that they are all synchronized. This enables the ESM and the various devices to keep a constant frame of reference for data that they gather.

    You can set the ESM system time manually or choose to have the ESM and devices synchronized to an NTP server, which is the preferred option.

    If you experience issues with NTP synchronization between the ESM and other SIEM devices, you should use the NTPQ utility to troubleshoot. For more information, see KB79641 (https://kc.mcafee.com/corporate/index?page=content&id=KB79641).