I'm trying to debug an ntp issue, and these two commands return inconsistent results. For instance, in queries to the same server, here are a few fields that don't match.
Specifically, the reference time doesn't match, the filter delay appears to be off by an order of magnitude, and the offsets don't match, and dispersion seems to have no relation.
ntpq> rv ####
status=963a
rootdelay=19.272
rootdisp=155.930,
refid=97.107.129.217,
reftime=db6319d2.3731b8d0 Sat, Aug 20 2016 18:02:58.215,
rec=db631d65.4f5ed180 Sat, Aug 20 2016 18:18:13.310
offset=-36.337
delay=0.229
dispersion=67.086
jitter=50.157,
xleave=0.070,
filtdelay= 0.32 0.29 0.39 0.23 1.47 0.62 0.39 0.23,
filtdisp= 0.00 16.05 32.15 48.24 64.19 80.49 96.23 97.26
# ntpdate -d 10.42.244.182
ntpdate 4.2.6p5#1.2349-o Tue May 31 10:09:22 UTC 2016 (1)
delay 0.02579
dispersion 0.00000
reference time: db631c03.1e5e805a Sat, Aug 20 2016 18:12:19.118
filter delay: 0.02591 0.02585 0.02579 0.02579
0.00000 0.00000 0.00000 0.00000
delay 0.02579
dispersion 0.00000
offset -0.113547
Both commands are doing completely different things.
ntpq is querying a running ntp server. So, the values returned are the current state of the association between this server and the related peer.
ntpdate is running ntp protocol handshake with the specified server.
So usually, ntpq is giving values from long term observation of the peer (poll interval), while ntpdate is giving a rather short term snapshot.
Thus, even if the server given in your example (10.42.244.182) exactly is the peer that is returned with assoc id 0 from ntpq, the values need not be identical.
Related
I have installed clamav in Ubuntu 18.04 using
'''sudo apt-get install clamav'''
and tried clamscan but showing the error as follows:
LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav
ERROR: Can't open file or directory
----------- SCAN SUMMARY -----------
Known viruses: 0
Engine version: 0.102.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.004 sec (0 m 0 s)
***
After googling I removed entire clamav, installed again and tried sudo freshclam command, but showing the following error all times when clamav is updating:
Mon Jan 27 21:51:53 2020 -> ^Download failed (28) Mon Jan 27 21:51:53 2020 -> ^ Message: Timeout was reached
Mon Jan 27 21:51:53 2020 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Mon Jan 27 21:51:53 2020 -> Trying again in 5 secs...
^CMon Jan 27 21:51:57 2020 -> Update process terminated
It consumed my entire data and at final I terminated the process. I tried it more that 5 times, same result persist. Anybody please help me to figure out this issue.
Also I need to know which AV is better for Ubuntu Clamav or Comodo?
Thanks
It seems to be timing out getting the virus definition database. Are you able to connect directly to https://database.clamav.net/daily.cvd
It's a fairly large file (~58 MB) so it might not work if you're on a limited connection.
I am using lubuntu Linux 18.04 Bionic. When I print ntpq -pn I cannot see that my computer is synced with my desired NTP server.
I have tried several tutorials like here: LINK. I took the NTP servers from Google HERE and included the all 4 servers to my config file.
Then, I did the following things in order to sync with one of the Google NTP servers:
sudo service stop
sudo service ntpdate time1.google.com and received a log ntpdate[2671]: adjust time server 216.239.35.0 offset -0.000330 sec
sudo service start
Here is my /etc/ntp.conf file:
driftfile /var/lib/ntp/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited
restrict 127.0.0.1
restrict ::1
restrict source notrap nomodify noquery
server time1.google.com iburst
server time2.google.com iburst
server time3.google.com iburst
server time4.google.com iburst
After doing the steps above, I got this result from ntpq -pn:
remote refid st t when poll reach delay offset jitter
+216.239.35.0 .GOOG. 1 u 33 64 1 36.992 0.519 0.550
+216.239.35.4 .GOOG. 1 u 32 64 1 20.692 0.688 0.612
*216.239.35.8 .GOOG. 1 u 36 64 1 22.233 0.088 1.091
-216.239.35.12 .GOOG. 1 u 32 64 1 33.480 -0.218 1.378
Why my computer is not synced?
EDIT:
Here is my log output after sudo systemctl status ntp.service:
ntp.service - Network Time Service
Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-01-17 11:37:33 CET; 17min ago
Docs: man:ntpd(8)
Process: 2704 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
Main PID: 2712 (ntpd)
CGroup: /system.slice/ntp.service
└─2712 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 105:108
Jan 17 11:37:33 ELAR-Systems ntpd[2712]: proto: precision = 1.750 usec (-19)
Jan 17 11:37:33 ELAR-Systems ntpd[2712]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): good hash
Jan 17 11:37:33 ELAR-Systems ntpd[2712]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): loaded, e
Jan 17 11:37:33 ELAR-Systems ntpd[2712]: Listen and drop on 0 v6wildcard [::]:123
Jan 17 11:37:33 ELAR-Systems ntpd[2712]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Jan 17 11:37:33 ELAR-Systems ntpd[2712]: Listen normally on 2 lo 127.0.0.1:123
Jan 17 11:37:33 ELAR-Systems ntpd[2712]: Listen normally on 3 wlan0 192.168.86.26:123
Jan 17 11:37:33 ELAR-Systems ntpd[2712]: Listen normally on 4 lo [::1]:123
Jan 17 11:37:33 ELAR-Systems ntpd[2712]: Listen normally on 5 wlan0 [fe80::71d6:ec6e:fa92:b53%4]:123
Jan 17 11:37:33 ELAR-Systems ntpd[2712]: Listening on routing socket on fd #22 for interface updates
Your system time actually is getting synced but is running off very quick.
The Raspberry Pi, Arduino, Asus Tinker and the other PCB single-board computers have no onboard RTC (real time clock) and no battery to keep it up constantly. It has nothing to do with RAM or current, but simply the fact that there is no hardware clock on the computer.
On my raspberry pi, the time went off several minutes within an hour.
The "software clock" on the computer is impacted by system load and is very unstable.
An RTC extension (for RPI) looks like this:
(Source: www.robotshop.com)
In my server-status apache2.4 in ubuntu16.04 i have many G status. somtimes most of 3000 thread is G . Some queries failed.
High G status is problem or not related?
server: 32 core cpu and 128GB RAM
server status :
Server load: 21.45 22.57 22.66
Total accesses: 1153411 - Total Traffic: 11.5 GB
CPU Usage: u322.14 s2221.14 cu0 cs0 - 24.1% CPU load
109 requests/sec - 1.1 MB/second - 10.4 kB/request
900 requests currently being processed, 60 idle workers
mpm_event config:
ServerLimit 140
StartServers 30
MinSpareThreads 35
MaxSpareThreads 80
# ThreadLimit 64
ThreadsPerChild 30
MaxRequestWorkers 4000
MaxConnectionsPerChild 500
If you don't use the event MPM, these tie up a thread. "MaxConnectionsPerChild 500" is exceptionally low and under any non-trivial load you will be constantly killing off processes which will send all their active requests into 'G' state.
I am working on ntp. I have to connect to some external NTP server to get my system date updated. The issue is that ntpd Daemon is always using my local clock (127.127.1.0) and it is not using the NTP server that I have provided in ntp.conf. I am using 123.108.225.6 as NTP server and I am able to ping this IP. For the purpose of testing i executed ntpdate but i got the following result.
[root#commander_a ~]# sudo ntpdate -dv 123.108.225.6
18 Nov 06:11:47 ntpdate[4781]: ntpdate 4.2.6p3#1.2290 Fri Aug 28 07:43:22 UTC 2015 (1)
Looking for host 123.108.225.6 and service ntp
host found : 123.108.225.6
transmit(123.108.225.6)
transmit(123.108.225.6)
transmit(123.108.225.6)
transmit(123.108.225.6)
transmit(123.108.225.6)
123.108.225.6: Server dropped: no data
server 123.108.225.6, port 123
stratum 0, precision 0, leap 00, trust 000
refid [123.108.225.6], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time: 00000000.00000000 Sun, Dec 31 1899 18:00:00.000
originate timestamp: 00000000.00000000 Sun, Dec 31 1899 18:00:00.000
transmit timestamp: d9f6e989.bbb84d5f Wed, Nov 18 2015 6:11:53.733
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000
18 Nov 06:11:55 ntpdate[4781]: no server suitable for synchronization found
[root#commander_a ~]# ^C
I find it strange that "originate timestamp" it is taking some old time. It is not my local system time.
originate timestamp: 00000000.00000000 Sun, Dec 31 1899 18:00:00.000
ntp.conf
disable stats
server 123.108.225.6
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
driftfile /etc/ntp/drift
I have spent lot of time finding the solution, But i didnt succeeded.
Please help me !!
This website maybe helpful to you
ntpdate: no server suitable for synchronization found
I use this command to modify the date
sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z"
It looks as if your internet service provider is blocking port 123.
Make sure there isn't an external firewall between the machine and the rest of the internet. If there is, request that the people administering the firewall open port 123.
You must use a UDP port (not TCP)
I had the same issue. I opened TCP port 123 bi-direction and it did NOT work. Turns out you specifically need a UDP port, as NTP does not run on TCP by default.
Hope this helps someone, I lost over an hour because of this subtlety.
For me same issue, we found firewall blocking the traffic. We modified rules and started working.
Cheers !!
I am trying to sync with NTP server, but server is responding with below messages.
Below are the wireshark captures.
Flags: 0x0c
11.. .... = Leap Indicator: unknown (clock unsynchronized) (3)
..00 1... = Version number: NTP Version 1 (1)
.... .100 = Mode: server (4)
Peer Clock Stratum: unspecified or invalid (0)
Peer Polling Interval: invalid (0)
Peer Clock Precision: 0.000008 sec
Root Delay: 0.0000 sec
Reference Timestamp: Jan 1, 1970 00:00:00.000000000 UTC
My ntp.conf file has below enteries:
server 127.127.1.0
fudge 127.127.1.0 stratum 0
restrict 127.127.1.0
After some 3 minutes the sync is happening properly.But its not happening immediately.
Can anybody help me in resolving.
The fudge 127.127.1.0 stratum 0 line is telling ntp that your local server has the accuracy of an atomic clock. I doubt this is the case...
My guess is that your local clock is being used as a time source because of this line.
I believe that 0 should be a 10, which will tell ntp that unless there is another server in your ntp.conf that has a better time source(a higher stratum), do not use your local clock as a time source. This line is typically added to be used as a last resort.
ntp typically takes around 3 to 5 minutes to sync by default. Two things that can speed this up:
Use the iburst option in your ntp.conf
Manually sync to a time source using ntpd -gq