This article describes how to resolve the Collector Clock Skew alert in FortiSIEM GUI.
Scope
FortiSIEM v7.0
Solution
Collector Clock Skew error is received when collector time is not in sync with Super. Make sure that Collector and Super are in sync with the same NTP server to avoid such issues and differences for no more than 2 minutes.
If the NTP client (chronyd) is not configured already, use the below steps to configure the NTP client on FortiSIEM nodes.
Verify chronyd running:
# systemctl status chronyd.service
Configure the NTP client using the below configuration file (leave the configuration as default if the Supervisor/worker/collectors have outbound internet access).
/etc/chrony.conf
Note:
Use 'pool' for the pool of NTP servers.
Use 'server' for mentioning IP of a specific NTP server. Ex: server 192.168.5.100 iburst prefer.
Once done, restart chronyd service
# systemctl restart chronyd.service
Verify the new NTP pools:
# chronyc sources
Confirm the NTP synchronization status:
# chronyc tracking
Now validate this by running the '#date' command on super and collector. The time difference should not be more than 2 minutes.
Refer to Linux forums to learn more details on NTP sync and to involve the Linux Administrator.
