>> Have you been logging it? If so, we on the NTPsec team would like to see >> it's logs, to see if there are any warnings or anything unexpected.
> Can you please give me the stanza I should add? This is what I use: logfile /var/log/ntp/ntpd.log logconfig =syncall +clockall +peerall +sysall statsdir /var/log/ntp/ filegen loopstats type day link filegen peerstats type day link filegen protostats type day link filegen rawstats type day link filegen sysstats type day link The first two lines will put lots of syslog style messages into /var/log/ntp/ntpd.log You can setup logrotate/newsyslog to rotate it, but ntpd won't switch to the new file until you restart it. (So you don't want to compress it.) There should be a batch of messages at startup and another batch at exit and not much in between. If you find something that isn't reasonably obvious, ask me. The second clump will put info into various files and rotate to new ones daily. You probably want to add clockstats and turn on flag4 for the SHM driver. Details on the stats files are in monopt.html The clockstats info is different for each driver. Look in the individual driverNN.html files. You have to get the permissions on the directories right so ntpd can make new files after it has switched to a non-root user. ---------- All that doesn't tell you much about what your clients are doing. There is an hourly summary in sysstats. You can collect client info per-IPaddress by making the mrulist much bigger. I'm using: mru initmem 32000 maxmem 64000 maxage 86400000 That will use up to 64 megabytes of memory and drop slots after 1000 days. I set the age to super-long so it wouldn't automatically discard info that I might want. It will also drop the oldest if it needs room for a new slot. I haven't seen that with 64 megabytes. I'll probably drop the age to 2 days now that I have a nightly cron job to capture the data. Then "ntpq -c mru" will print the list for you. Details are in the ntpq man page. There is a mincount option to skip the light users. I print everything from a cron job at midnight. For a system in the pool with the default bandwidth, the file from the cron job grows about 2 megabytes per day. The mrulist only records time requests, both requests and responses. It doesn't count ntpq/ntpdc packets so it won't show bad guys probing for DoS helpers. I haven't seen any really nasty bad clients. -- These are my opinions. I hate spam. -- These are my opinions. I hate spam. _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
