McAfee Enterprise Log Manager and Computer Time Drift
I have been asked to look into SIEM products (and specifically ELM) and how it is affected by time drift on computers. By default, domain-joined computers will leverage the built-in domain-based time synchronization that has been used for a long time. Someone came across this TechNet article - http://support.microsoft.com/kb/939322. In the article it says:
We do not guarantee and we do not support the accuracy of the W32Time service between nodes on a network. The W32Time service is not a full-featured NTP solution that meets time-sensitive application needs. The W32Time service is primarily designed to do the following:
Make the Kerberos version 5 authentication protocol work.
Provide loose sync time for client computers.
The W32Time service cannot reliably maintain sync time to the range of 1 to 2 seconds. Such tolerances are outside the design specification of the W32Time service.
Based on this, some people in our department want to abandon the domain-based time sync and manually configure hundreds of servers to point to our GPS-based NTP devices.
With ELM, does the software overcome the potential computer time drift, and if so, how?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.