1 Reply Latest reply on Jul 22, 2013 11:11 AM by Chris Boldiston

    Finding the source of time sync errors

    siemple

      I've been adding a slew of network devices into the SIEM and I've noticed an increase in the amount of alerts from SIEM concerning times of events being out of sync.  Our team did some research and found that there were a few misconfigured routers.  We've been adding more devices and this issue keeps coming up.  The network team would like to quickly identify which devices need to be corrected.  As it stands, the alerts in the SIEM log only reflect that there was an error and how many messages were received.  How can I track down which devices are the source of these alerts?

        • 1. Re: Finding the source of time sync errors
          Chris Boldiston

          Hi Siemple

           

           

          You are correct that the device log will show a status flag for those events which have a time problem. To see which data source is the cause of those, select "Show All" in the filter column and look at the log entry preceeding the status flag entry. That entry will show the datasource that needs to have the time zone adjusted.

           

           


          Chris