Verifying the time synchronization

Review the SYSLOGS messages on the Admin tab to verify the time synchronization and the status for the capture network interface card on your IBM®-supplied appliance.

About this task

If the appliance is not supplied by IBM, you can use the external LED lights to verify external time synchronization.

Procedure

  1. In a browser window, log in to the QRadar Network Packet Capture appliance as an administrator.

    The default password for the ADMIN account is pandion.

  2. On the Admin tab, review the logs for a general message that indicates that the time synchronization source changed, or that the SmartNIC obtained or released the lock against the time source.
    The following syntax is representative of a general entry:
    Adapter < number > time-sync status:
In-Sync: < Yes | No >
Current time-sync reference: < OsTime | PTP >
Skew (ns): < number >
Clock rate adjustment (ns): < number >
Clock Hard Reset: < Yes | No >
    For example, a general time synchronization might look like this entry:
    Adapter 0 time-sync status:
In-Sync: Yes
Current time-sync reference: OsTime
Skew (ns): -1
Clock rate adjustment (ns): 503
Clock Hard Reset: No
  3. If you are synchronizing against a Precision Time Protocol (PTP) primary, review the logs to look for an extra entry that contains detailed information about the status of the adapter in PTP mode.
    The following syntax is representative of a PTP entry:
    Adapter < number > PTP time-sync status:
PTP Time: "--" | < PTP clock time > [ "(TAI)" ]
Port: < IPv4_address > | < IPv6_address > | "IEEE 802.3"
Link Status: < Down | 10M | 100M >
IPv4 Subnet Mask: < IPv4_address >
IPv4 Gateway: < IPv4_address >
DHCP Enabled: "Yes" | "No"
Profile Id: < six_times_2_hex digits >
Profile: < Default | Telecom | Power >
Clock Id: < six_times_2_hex digits >
Domain: < number > | "--"
VLAN: < number >
Delay Mechanism: "E2E", "P2P", "N/A"
PTP Filter: "Min", "PDV", "None", "N/A"
DelayAssemetry: < number >
Clock State: "Faulty" | "INACTIVE" | "SLAVE" | "--"
Mean Path Delay: <number>
GM Clock Identity: < 16_hex_digits >
    For example, a PTP time synchronization might look like this log entry:
    Adapter 0 time-sync status:
Adapter 0 PTP time-sync status:
PTP Time: Thu 26-May-2016 12:44:03.123456789 (TAI)
Port: 192.168.3.77
Link Status: 100M
IPv4 Subnet Mask: 192.168.3.0
IPv4 Gateway: 192.168.3.1
DHCP Enabled: Yes
Profile Id: 00:1b:19:00:01:00
Profile: Default
Clock Id: 00:0d:e9:03:a2:aa
Domain: 0
VLAN: 0
Delay Mechanism: E2E
PTP Filter: None
Delay Assemetry: 0
Clock State: SLAVE
Mean Path Delay: 0
GM Clock Identity: 000de9fffe03a2aa