JP Vossen on 4 Jan 2014 12:51:17 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Quick & Dirty NTP monitoring

For years I've have a cron job like this on my internal time server (single line): ntptrace | head -n1 | perl -ne 'm/^[\w.]+: stratum (\d+),/ or next; print qq(NTP not in sync: $_) if ( $1 > 3 );'

Similar on all my on all my other servers, note the added "2> /dev/null" and "$1 > 5" instead of "$1 > 3": ntptrace 2> /dev/null | head -n1 | perl -ne 'm/^[\w.]+: stratum (\d+),/ or next; print qq(NTP not in sync: $_) if ( $1 > 5 );'

All these do is look at the first line of 'ntptrace' output and make sure it says either:
	stratum 3		# time server
	stratum 4		# other servers

If not, I get an error message via email from cron. Simple, no monitoring framework needed.

Over the years I've gotten various "foo: timed out, nothing received" errors, and if I get enough I'd add that server to the ignore list. But now, since the 2012-12 NTP reflection attacks [1], I'm getting way too many timeouts, so I had to the the "2> /dev/null" part to my time server cronjob. That should ignore the errors and if my time server is "stratum 3" I'm happy.

So... Anyone have a better quick & dirty method for this? And if not, steal this one...


JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --