FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Article Id 294532


Description This article describes how to resolve the Collector Clock Skew alert in FortiSIEM GUI.
Scope FortiSIEM v7.0

Collector Clock Skew error is received when collector time is not in sync with Super. Make sure that Collector and Super are in sync with the same NTP server to avoid such issues and differences for no more than 2 minutes.

If the NTP client (chronyd) is not configured already, use the below steps to configure the NTP client on FortiSIEM nodes.


  1. Verify chronyd running:

# systemctl status chronyd.service


  1. Configure the NTP client using the below configuration file (leave the configuration as default if the  Supervisor/worker/collectors have outbound internet access).



  • Use 'pool' for the pool of NTP servers.
  • Use 'server' for mentioning IP of a specific NTP server. Ex: server iburst prefer.


  1. Once done, restart chronyd service


# systemctl restart chronyd.service


  1. Verify the new NTP pools:


# chronyc sources


  1. Confirm the NTP synchronization status:

# chronyc tracking


Now validate this by running the '#date' command on super and collector. The time difference should not be more than 2 minutes.

Refer to Linux forums to learn more details on NTP sync and to involve the Linux Administrator.