Correcting Network Time Protocol Issues
If you are not receiving any AWS events, and the message below is found in the logs Network Time Protocol (NTP), it should be checked to ensure it is configured correctly.
Oct 28, 15 14:38:26.898556 (endpoint_0) INFO (webquery_endpoint.cpp:168,sendHealthStatus) - LCE Web Client Status: Alert: Endpoint Demo/CloudTrail-test-Cloud: CloudTrail query signature was invalid, and no further queries will be submitted. Check your system clock and timezone. To resume querying, update the system clock or restart the client.
To correct Network Time Protocol issues:
-
Running the clock or date command will show the current time of the server.
# clock
Wed 04 Nov 2015 04:33:29 PM EST -0.266432 seconds
# date
Wed Nov 4 16:33:32 EST 2015
-
The following command can be run to re-sync the time with the configured NTP servers if the time is found to be incorrect.
# ntpd -qg
ntpd: time set -6.953726s
-
After the time is has been re-synced stop the Log Correlation Engine Web Query Client using the command below.
# service lce_webquery stop
-
Remove the state.json file from the /opt/lce/webquery directory.
# rm –rf /opt/lce_webquery/state.json
-
Start the Log Correlation Engine Web Query Client.
# service lce_webquery start