Keep Server Clocks Synchronized
Make log analysis easier by keeping the time on your systems in sync.
Correlating events that occurred on multiple servers can be a chore if there are discrepancies between the machines’ clocks. Keeping the clocks on your systems synchronized can save valuable time when analyzing router, firewall, and host logs after a compromise, or when debugging everyday networking issues. Luckily, it’s not that hard to do this with a little help from NTP, the Network Time Protocol.
NTP is a peer-to-peer protocol designed to provide subsecond precision and accuracy between host clocks. To get this going, all you need is the NTP distribution (http://www.ntp.org/downloads.html), which contains a daemon for performing clock synchronization, plus other supporting tools. While NTP might not be installed on your system, it usually comes with the various Linux distributions, FreeBSD, and OpenBSD as an optional package or port, so poke around your installation media or the ports tree if it’s not already installed. If it isn’t available with your OS of choice, you can still download and compile it yourself.
Configuring ntpd as a client is a fairly simple
process. However, first you’ll need to find out
whether you have a local time server, either on your network or at
your ISP. If you don’t, you’ll have
to locate an NTP server that will let you query from it.
Don’t worry, though—a list of all the publicly
accessible time servers is available at http://www.eecis.udel.edu/~mills/ntp/servers.html ...