1 Reply Latest reply on Jan 2, 2014 10:59 AM by Peter M

    McAfee Enterprise Log Manager and Computer Time Drift

    dcolbeck

      I have been asked to look into SIEM products (and specifically ELM) and how it is affected by time drift on computers.  By default, domain-joined computers will leverage the built-in domain-based time synchronization that has been used for a long time.  Someone came across this TechNet article - http://support.microsoft.com/kb/939322.  In the article it says:

       

      We do not guarantee and we do not support the accuracy of the W32Time service between nodes on a network. The W32Time service is not a full-featured NTP solution that meets time-sensitive application needs. The W32Time service is primarily designed to do the following:

        • Make the Kerberos version 5 authentication protocol work.
        • Provide loose sync time for client computers.

      The W32Time service cannot reliably maintain sync time to the range of 1 to 2 seconds. Such tolerances are outside the design specification of the W32Time service.

       

      Based on this, some people in our department want to abandon the domain-based time sync and manually configure hundreds of servers to point to our GPS-based NTP devices.

       

      With ELM, does the software overcome the potential computer time drift, and if so, how?

       

      Cheers

      Dave