Aqui Tamayo Valued Contributor.
Valued Contributor.
311 views

Incorrect manager receipt time.

Jump to solution

Hi,

I'm monitoring events from our ESM and noticed that Manager Receipt time and End time is different. Manager receipt time is quite advance on receiving events. For example, my end time is 8:20, the manager receipt time is at 8:18 meaning it already received the event event if it has not happen yet.

Anyone can help me with this?

Thanks in advance!

Aqui

Labels (3)
1 Solution

Accepted Solutions
Ajith K S Super Contributor.
Super Contributor.

Re: Incorrect manager receipt time.

Jump to solution

Hi @Aqui Tamayo 

Your organization should be having a NTP server as it is very important to have same time on all the systems. Check with your internal teams and try to find out the NTP server details and configure NTP.

Or if you are sure that there is no NTP server in your organization, you can set the time on your ESM server as you do in any Unix/Linux server. You should be logging in to the server with root privileges.

In RHEL, syntax would be

date --set YYYY-MM-DD HH:MM:SS

or

date --set HH:MM:SS

Eg: date --set 2020-01-08 18:24:08 (This will set both date and time as you mentioned)

date --set 18:24:08 (This will set only time. Date will remain as it was earlier)

If you have any other Linux distributions, better you check the syntax in the tutorials. And you always get help online.

 

Hope this helps !

Regards

Ajith K S

View solution in original post

6 Replies
Ajith K S Super Contributor.
Super Contributor.

Re: Incorrect manager receipt time.

Jump to solution

Hi @Aqui Tamayo 

Check if your Manager and the log sources are in sync with NTP server.

 

Regards

Ajith K S

Aqui Tamayo Valued Contributor.
Valued Contributor.

Re: Incorrect manager receipt time.

Jump to solution

Hi Ajith,

We are not using an NTP server.

 

Thanks,

Aqui

0 Likes
Ajith K S Super Contributor.
Super Contributor.

Re: Incorrect manager receipt time.

Jump to solution

Hi @Aqui Tamayo 

Compare the time on ESM Manager and some log source devices (for which  you have issues). Time on your ESM Manager is 2 minutes behind, that proves your issue.

You can update the time on ESM Manager and that should solve your issue.

 

Hope this helps

Regards

Ajith K S

Highlighted
Aqui Tamayo Valued Contributor.
Valued Contributor.

Re: Incorrect manager receipt time.

Jump to solution

Hi @Ajith K S 

Do you mind sharing how can I update the time on ESM? 

 

Thanks!

Aqui

0 Likes
Ajith K S Super Contributor.
Super Contributor.

Re: Incorrect manager receipt time.

Jump to solution

Hi @Aqui Tamayo 

Your organization should be having a NTP server as it is very important to have same time on all the systems. Check with your internal teams and try to find out the NTP server details and configure NTP.

Or if you are sure that there is no NTP server in your organization, you can set the time on your ESM server as you do in any Unix/Linux server. You should be logging in to the server with root privileges.

In RHEL, syntax would be

date --set YYYY-MM-DD HH:MM:SS

or

date --set HH:MM:SS

Eg: date --set 2020-01-08 18:24:08 (This will set both date and time as you mentioned)

date --set 18:24:08 (This will set only time. Date will remain as it was earlier)

If you have any other Linux distributions, better you check the syntax in the tutorials. And you always get help online.

 

Hope this helps !

Regards

Ajith K S

View solution in original post

Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Incorrect manager receipt time.

Jump to solution

Using an NTP server is quite critical for any SIEM to be honest.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.