Werk #19287: NetApp ONTAP: Add NTP time offset monitoring per node
| Component | Checks & agents | ||||||
| Title | NetApp ONTAP: Add NTP time offset monitoring per node | ||||||
| Date | May 21, 2026 | ||||||
| Level | Prominent Change | ||||||
| Class | New Feature | ||||||
| Compatibility | Incompatible - Manual interaction might be required | ||||||
| Checkmk versions & editions |
|
The check plug-in netapp_ontap_time has been updated to monitor the NTP time offset per
NetApp ONTAP node. Unlike the previous approach (Werk #19165), which compared
the node clock against the Checkmk server time, this check uses the offset that
ONTAP itself measures against its selected NTP peer.
One service per node: System time Node \<node name>.
Service is CRIT if no NTP server is reachable, none is selected, or the selected
peer reports no offset. Otherwise WARN/CRIT based on configurable thresholds
(default: 200 ms / 500 ms), adjustable via the new ruleset NetApp NTP time offset.
To enable: activate NTP Time Sync in your NetApp via ONTAP REST API special agent rule and re-run service discovery.
The werk is flagged as incompatible because now you must enable the time monitoring in the agent configuration rule, and the old rule Netapp system time offset has been removed in favor of the new NetApp NTP time offset.
Required NetApp permissions
The check uses the private CLI passthrough endpoint
/api/private/cli/cluster/time-service/ntp/status. Grant the monitoring user
read access before enabling:
security login rest-role create -vserver <vserver> -role ntp_status_readonly \
-api "/api/private/cli/cluster/time-service/ntp/status" -access readonly
security login modify -vserver <vserver> -user-or-group-name <username> \
-application http -authentication-method password -role ntp_status_readonly
Without this, data collection will fail.