Configuring date and time

To ensure that captured data is time-stamped correctly, you must configure the date and time that QRadar® Network Packet Capture uses. You can configure a local date and time for QRadar Network Packet Capture, or you can enable Network Time Protocol (NTP) or Precision Time Protocol (PTP) to synchronize the date and time from an external source.

About this task

Ensure that a PTP cable is not connected to the QRadar Network Packet Capture appliance.

If you are modifying the time system from a previous setting, make sure you turn off the data capture before you install any updates.

If a significant time-jump (greater than one minute) is expected, restart the QRadar Network Packet Capture appliance after the update to ensure that all the subsystems are synchronized.

If a negative time-jump is expected, erase all captured data before the update to avoid timestamp problems. For more information about using Clean Slate to do this, see Restarting the appliance and performing a factory reset.

Procedure

  1. In QRadar Network Packet Capture, click the ADMIN tab and scroll to the TIME PROTOCOL SETUP widget.
    Figure 1. TIME PROTOCOL SETUP widget
    The window shows the current date and time in UTC and local time, and fields for Time service type, Server addresses (1 to 4), and status of the setup (for example, NTP not enabled). Two buttons are at the bottom of the window to Apply and Reset the current settings.
  2. Choose a Time service type based on your requirements:
    Time service type Description
    NTP Synchronize the date and time with an external server.
    RDate Synchronize the current date and time from a network server.
    Manual Enter the date and time using either ISO8601 or dd/mm/yyyy h:m:s format.
  3. Choose the relevant server addresses for the date and time sources.
  4. Click Apply to complete.

Results

The QRadar Network Packet Capture appliance automatically synchronizes its time to the operating system time.