리눅스에서 ntp 서버 확인하는 방법
- Operating System
- 2010. 7. 4.
리눅스에서 ntp 서버 확인하는 방법
[root@localhost ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*211.39.136.4 204.123.2.5 2 u 615 1024 377 5.139 -2.854 0.231
+222.239.76.226 132.239.1.6 2 u 428 1024 377 5.912 -4.585 0.535
+send.mx.cdnetwo 131.107.13.100 2 u 293 1024 357 5.377 5.324 0.847
LOCAL(0) .LOCL. 10 l 28 64 377 0.000 0.000 0.001
[root@localhost ~]#
간단하네요...
[root@localhost ~]# system-config-date
이렇게 해서 먼저 ntp 서버를 활성화하고 설정해야겠지요...
활성화후에 시작하고 리부팅 시 바로 실행되게 설정하시구요
ntpq(8) ntpq(8)
NNAAMMEE
ntpq - standard NTP query program
SSYYNNOOPPSSIISS
nnttppqq [[--4466ddiinnpp]] [[--cc _c_o_m_m_a_n_d]] [[_h_o_s_t]] [[......]]
DDEESSCCRRIIPPTTIIOONN
The nnttppqq utility program is used to monitor NTP daemon nnttppdd operations
and determine performance. It uses the standard NTP mode 6 control mes-
sage formats defined in Appendix B of the NTPv3 specification RFC1305.
The same formats are used in NTPv4, although some of the variables have
changed and new ones added. The description on this page is for the
NTPv4 variables.
The program can be run either in interactive mode or controlled using
command line arguments. Requests to read and write arbitrary variables
can be assembled, with raw and pretty-printed output options being
available. The nnttppqq can also obtain and print a list of peers in a com-
mon format by sending multiple queries to the server.
If one or more request options is included on the command line when
nnttppqq is executed, each of the requests will be sent to the NTP servers
running on each of the hosts given as command line arguments, or on
localhost by default. If no request options are given, nnttppqq will
attempt to read commands from the standard input and execute these on
the NTP server running on the first host given on the command line,
again defaulting to localhost when no other host is specified. nnttppqq
will prompt for commands if the standard input is a terminal device.
nnttppqq uses NTP mode 6 packets to communicate with the NTP server, and
hence can be used to query any compatible server on the network which
permits it. Note that since NTP is a UDP protocol this communication
will be somewhat unreliable, especially over large distances in terms
of network topology. nnttppqq makes one attempt to retransmit requests, and
will time requests out if the remote host is not heard from within a
suitable timeout time.
Note that in contexts where a host name is expected, a --44 qualifier
preceding the host name forces DNS resolution to the IPv4 namespace,
while a --66 qualifier forces DNS resolution to the IPv6 namespace.
For examples and usage, see the NTP Debugging Techniques page.
Command line options are described following. Specifying a command line
option other than --ii or --nn will cause the specified query (queries) to
be sent to the indicated host(s) immediately. Otherwise, nnttppqq will
attempt to read interactive format commands from the standard input.
--44 Force DNS resolution of following host names on the command
line to the IPv4 namespace.
--66 Force DNS resolution of following host names on the command
line to the IPv6 namespace.
--cc The following argument is interpreted as an interactive format
command and is added to the list of commands to be executed on
the specified host(s). Multiple --cc options may be given.
--dd Turn on debugging mode.
--ii Force nnttppqq to operate in interactive mode. Prompts will be
written to the standard output and commands read from the stan-
dard input.
--nn Output all host addresses in dotted-quad numeric format rather
than converting to the canonical host names.
--pp Print a list of the peers known to the server as well as a sum-
mary of their state. This is equivalent to the ppeeeerrss interac-
tive command.
IINNTTEERRNNAALL CCOOMMMMAANNDDSS
Interactive format commands consist of a keyword followed by zero to
four arguments. Only enough characters of the full keyword to uniquely
identify the command need be typed. The output of a command is normally
sent to the standard output, but optionally the output of individual
commands may be sent to a file by appending a >>, followed by a file
name, to the command line. A number of interactive format commands are
executed entirely within the nnttppqq program itself and do not result in
NTP mode 6 requests being sent to a server. These are described follow-
ing.
?? [[_c_o_m_m_a_n_d___k_e_y_w_o_r_d]]
hheellppll [[_c_o_m_m_a_n_d___k_e_y_w_o_r_d]]
A ?? by itself will print a list of all the command keywords
known to this incarnation of nnttppqq. A ?? followed by a command
keyword will print function and usage information about the
command. This command is probably a better source of informa-
tion about nnttppqq than this manual page.
aaddddvvaarrss _v_a_r_i_a_b_l_e___n_a_m_e [[ == _v_a_l_u_e]] [[......]]
rrmmvvaarrss _v_a_r_i_a_b_l_e___n_a_m_e [[......]]
cclleeaarrvvaarrss
The data carried by NTP mode 6 messages consists of a list of
items of the form _v_a_r_i_a_b_l_e___n_a_m_e == _v_a_l_u_e, where the == _v_a_l_u_e is
ignored, and can be omitted, in requests to the server to read
variables. nnttppqq maintains an internal list in which data to be
included in control messages can be assembled, and sent using
the rreeaaddlliisstt and wwrriitteelliisstt commands described below. The
aaddddvvaarrss command allows variables and their optional values to
be added to the list. If more than one variable is to be added,
the list should be comma-separated and not contain white space.
The rrmmvvaarrss command can be used to remove individual variables
from the list, while the cclleeaarrlliisstt command removes all vari-
ables from the list.
ccooookkeedd Causes output from query commands to be "cooked", so that vari-
ables which are recognized by nnttppqq will have their values
reformatted for human consumption. Variables which nnttppqq thinks
should have a decodable value but didn't are marked with a
trailing ??.
ddeebbuugg mmoorree || lleessss || ooffff
Turns internal query program debugging on and off.
ddeellaayy _m_i_l_l_i_s_e_c_o_n_d_s
Specify a time interval to be added to timestamps included in
requests which require authentication. This is used to enable
(unreliable) server reconfiguration over long delay network
paths or between machines whose clocks are unsynchronized.
Actually the server does not now require timestamps in authen-
ticated requests, so this command may be obsolete.
hhoosstt _h_o_s_t_n_a_m_e
Set the host to which future queries will be sent. Hostname may
be either a host name or a numeric address.
hhoossttnnaammeess [[yyeess || nnoo]]
If yyeess is specified, host names are printed in information dis-
plays. If nnoo is specified, numeric addresses are printed
instead. The default is yyeess, unless modified using the command
line --nn switch.
kkeeyyiidd _k_e_y_i_d
This command specifies the key number to be used to authenti-
cate configuration requests. This must correspond to a key num-
ber the server has been configured to use for this purpose.
nnttppvveerrssiioonn 11 || 22 || 33 || 44
Sets the NTP version number which nnttppqq claims in packets.
Defaults to 2, Note that mode 6 control messages (and modes,
for that matter) didn't exist in NTP version 1.
ppaasssswwdd This command prompts for a password (which will not be echoed)
which will be used to authenticate configuration requests. The
password must correspond to the key configured for NTP server
for this purpose.
qquuiitt Exit nnttppqq.
rraaww Causes all output from query commands is printed as received
from the remote server. The only formatting/interpretation done
on the data is to transform non-ASCII data into a printable
(but barely understandable) form.
ttiimmeeoouutt _m_i_l_l_s_e_c_o_n_d_s
Specify a timeout period for responses to server queries. The
default is about 5000 milliseconds. Note that since nnttppqq
retries each query once after a timeout, the total waiting time
for a timeout will be twice the timeout value set.
CCOONNTTRROOLL MMEESSSSAAGGEE CCOOMMMMAANNDDSS
Each association known to an NTP server has a 16 bit integer associa-
tion identifier. NTP control messages which carry peer variables must
identify the peer the values correspond to by including its association
ID. An association ID of 0 is special, and indicates the variables are
system variables, whose names are drawn from a separate name space.
Control message commands result in one or more NTP mode 6 messages
being sent to the server, and cause the data returned to be printed in
some format. Most commands currently implemented send a single message
and expect a single response. The current exceptions are the peers com-
mand, which will send a preprogrammed series of messages to obtain the
data it needs, and the mreadlist and mreadvar commands, which will
iterate over a range of associations.
aassssoocciiaattiioonnss
Obtains and prints a list of association identifiers and peer
statuses for in-spec peers of the server being queried. The
list is printed in columns. The first of these is an index num-
bering the associations from 1 for internal use, the second the
actual association identifier returned by the server and the
third the status word for the peer. This is followed by a num-
ber of columns containing data decoded from the status word.
See the peers command for a decode of the ccoonnddiittiioonn field. Note
that the data returned by the aassssoocciiaattiioonnss command is cached
internally in nnttppqq. The index is then of use when dealing with
stupid servers which use association identifiers which are hard
for humans to type, in that for any subsequent commands which
require an association identifier as an argument, the form
&index may be used as an alternative.
cclloocckkvvaarr [[_a_s_s_o_c_I_D]] [[_v_a_r_i_a_b_l_e___n_a_m_e [[ == _v_a_l_u_e [[......]]]] [[......]]
ccvv [[_a_s_s_o_c_I_D]] [[_v_a_r_i_a_b_l_e___n_a_m_e [[ == _v_a_l_u_e [[......]] ]][[......]]
Requests that a list of the server's clock variables be sent.
Servers which have a radio clock or other external synchroniza-
tion will respond positively to this. If the association iden-
tifier is omitted or zero the request is for the variables of
the ssyysstteemm cclloocckk and will generally get a positive response
from all servers with a clock. If the server treats clocks as
pseudo-peers, and hence can possibly have more than one clock
connected at once, referencing the appropriate peer association
ID will show the variables of a particular clock. Omitting the
variable list will cause the server to return a default vari-
able display.
llaassssoocciiaattiioonnss
Obtains and prints a list of association identifiers and peer
statuses for all associations for which the server is maintain-
ing state. This command differs from the aassssoocciiaattiioonnss command
only for servers which retain state for out-of-spec client
associations (i.e., fuzzballs). Such associations are normally
omitted from the display when the aassssoocciiaattiioonnss command is used,
but are included in the output of llaassssoocciiaattiioonnss.
llppaassssoocciiaattiioonnss
Print data for all associations, including out-of-spec client
associations, from the internally cached list of associations.
This command differs from ppaassssoocciiaattiioonnss only when dealing with
fuzzballs.
llppeeeerrss Like R peers, except a summary of all associations for which
the server is maintaining state is printed. This can produce a
much longer list of peers from fuzzball servers.
mmrreeaaddlliisstt _a_s_s_o_c_I_D _a_s_s_o_c_I_D
mmrrll _a_s_s_o_c_I_D _a_s_s_o_c_I_D
Like the rreeaaddlliisstt command, except the query is done for each of
a range of (nonzero) association IDs. This range is determined
from the association list cached by the most recent aassssoocciiaa--
ttiioonnss command.
mmrreeaaddvvaarr _a_s_s_o_c_I_D _a_s_s_o_c_I_D [[ _v_a_r_i_a_b_l_e___n_a_m_e [[ == _v_a_l_u_e[[ ...... ]]
mmrrvv _a_s_s_o_c_I_D _a_s_s_o_c_I_D [[ _v_a_r_i_a_b_l_e___n_a_m_e [[ == _v_a_l_u_e[[ ...... ]]
Like the rreeaaddvvaarr command, except the query is done for each of
a range of (nonzero) association IDs. This range is determined
from the association list cached by the most recent aassssoocciiaa--
ttiioonnss command.
ooppeeeerrss An old form of the ppeeeerrss command with the reference ID replaced
by the local interface address.
ppaassssoocciiaattiioonnss
Displays association data concerning in-spec peers from the
internally cached list of associations. This command performs
identically to the aassssoocciiaattiioonnss except that it displays the
internally stored data rather than making a new query.
ppeeeerrss Obtains a current list peers of the server, along with a sum-
mary of each peer's state. Summary information includes the
address of the remote peer, the reference ID (0.0.0.0 if this
is unknown), the stratum of the remote peer, the type of the
peer (local, unicast, multicast or broadcast), when the last
packet was received, the polling interval, in seconds, the
reachability register, in octal, and the current estimated
delay, offset and dispersion of the peer, all in milliseconds.
The character at the left margin of each line shows the syn-
chronization status of the association and is a valuable diag-
nostic tool. The encoding and meaning of this character, called
the tally code, is given later in this page.
ppssttaattuuss _a_s_s_o_c_I_D
Sends a read status request to the server for the given associ-
ation. The names and values of the peer variables returned will
be printed. Note that the status word from the header is dis-
played preceding the variables, both in hexadecimal and in pid-
geon English.
rreeaaddlliisstt [[ _a_s_s_o_c_I_D ]]
rrll [[ _a_s_s_o_c_I_D ]]
Requests that the values of the variables in the internal vari-
able list be returned by the server. If the association ID is
omitted or is 0 the variables are assumed to be system vari-
ables. Otherwise they are treated as peer variables. If the
internal variable list is empty a request is sent without data,
which should induce the remote server to return a default dis-
play.
rreeaaddvvaarr _a_s_s_o_c_I_D _v_a_r_i_a_b_l_e___n_a_m_e [[ == _v_a_l_u_e ]] [[ ......]]
rrvv _a_s_s_o_c_I_D [[ _v_a_r_i_a_b_l_e___n_a_m_e [[ == _v_a_l_u_e ]] [[......]]
Requests that the values of the specified variables be returned
by the server by sending a read variables request. If the asso-
ciation ID is omitted or is given as zero the variables are
system variables, otherwise they are peer variables and the
values returned will be those of the corresponding peer. Omit-
ting the variable list will send a request with no data which
should induce the server to return a default display. The
encoding and meaning of the variables derived from NTPv3 is
given in RFC-1305; the encoding and meaning of the additional
NTPv4 variables are given later in this page.
wwrriitteevvaarr _a_s_s_o_c_I_D _v_a_r_i_a_b_l_e___n_a_m_e [[ == _v_a_l_u_e [[ ......]]
Like the readvar request, except the specified variables are
written instead of read.
wwrriitteelliisstt [[ _a_s_s_o_c_I_D ]]
Like the readlist request, except the internal list variables
are written instead of read.
TTAALLLLYY CCOODDEESS
The character in the left margin in the ppeeeerrss billboard, called the
tally code, shows the fate of each association in the clock selection
process. Following is a list of these characters, the pigeon used in
the rrvv command, and a short explanation of the condition revealed.
ssppaaccee rreejjeecctt
The peer is discarded as unreachable, synchronized to this
server (synch loop) or outrageous synchronization distance.
xx ffaallsseettiicckk
The peer is discarded by the intersection algorithm as a
falseticker.
.. eexxcceessss
The peer is discarded as not among the first ten peers sorted
by synchronization distance and so is probably a poor candidate
for further consideration.
-- oouuttllyyeerr
The peer is discarded by the clustering algorithm as an out-
lyer.
++ ccaannddiiddaatt
The peer is a survivor and a candidate for the combining algo-
rithm.
## sseelleecctteedd
The peer is a survivor, but not among the first six peers
sorted by synchronization distance. If the association is
ephemeral, it may be demobilized to conserve resources.
** ssyyss..ppeeeerr
The peer has been declared the system peer and lends its vari-
ables to the system variables.
oo ppppss..ppeeeerr
The peer has been declared the system peer and lends its vari-
ables to the system variables. However, the actual system syn-
chronization is derived from a pulse-per-second (PPS) signal,
either indirectly via the PPS reference clock driver or
directly via kernel interface.
SSYYSSTTEEMM VVAARRIIAABBLLEESS
The ssttaattuuss,, lleeaapp,, ssttrraattuumm,, pprreecciissiioonn,, rroooottddeellaayy,, rroooottddiissppeerrssiioonn,, rreeffiidd,,
rreeffttiimmee,, ppoollll,, ooffffsseett,, aanndd ffrreeqquueennccyy variables are described in
RFC-1305 specification. Additional NTPv4 system variables include the
following.
vveerrssiioonn Everything you might need to know about the software version
and generation time.
pprroocceessssoorr
The processor and kernel identification string.
ssyysstteemm The operating system version and release identifier.
ssttaattee The state of the clock discipline state machine. The values are
described in the architecture briefing on the NTP Project page
linked from www.ntp.org.
ppeeeerr The internal integer used to identify the association currently
designated the system peer.
jjiitttteerr The estimated time error of the system clock measured as an
exponential average of RMS time differences.
ssttaabbiilliittyy
The estimated frequency stability of the system clock measured
as an exponential average of RMS frequency differences.
When the NTPv4 daemon is compiled with the OpenSSL software library,
additional system variables are displayed, including some or all of the
following, depending on the particular dance:
ffllaaggss The current flags word bits and message digest algorithm iden-
tifier (NID) in hex format. The high order 16 bits of the four-
byte word contain the NID from the OpenSSL ligrary, while the
low-order bits are interpreted as follows:
00xx0011 autokey enabled
00xx0022 NIST leapseconds file loaded
00xx1100 PC identity scheme
00xx2200 IFF identity scheme
00xx4400 GQ identity scheme
hhoossttnnaammee
The name of the host as returned by the Unix ggeetthhoossttnnaammee(())
library function.
hhoossttkkeeyy The NTP filestamp of the host key file.
cceerrtt A list of certificates held by the host. Each entry includes
the subject, issuer, flags and NTP filestamp in order. The bits
are interpreted as follows:
00xx0011 certificate has been signed by the server
00xx0022 certificate is trusted
00xx0044 certificate is private
00xx0088 certificate contains errors and should not be trusted
lleeaappsseeccoonnddss
The NTP filestamp of the NIST leapseconds file.
rreeffrreesshh The NTP timestamp when the host public cryptographic values
were refreshed and signed.
ssiiggnnaattuurree
The host digest/signature scheme name from the OpenSSL library.
ttaaii The TAI-UTC offset in seconds obtained from the NIST leapsec-
onds table.
PPEEEERR VVAARRIIAABBLLEESS
The ssttaattuuss,, ssrrccaaddrr,, ssrrccppoorrtt,, ddssttaaddrr,, ddssttppoorrtt,, lleeaapp,, ssttrraattuumm,, pprreecciissiioonn,,
rroooottddeellaayy,, rroooottddiissppeerrssiioonn,, rreeaaddhh,, hhmmooddee,, ppmmooddee,, hhppoollll,, ppppoollll,, ooffffsseett,,
ddeellaayy,, ddssppeerrssiioonn,, rreeffttiimmee variables are described in the RFC-1305 spec-
ification, as are the timestamps oorrgg,, rreecc aanndd xxmmtt. Additional NTPv4
system variables include the following.
ffllaasshh The flash code for the most recent packet received. The encod-
ing and meaning of these codes is given later in this page.
jjiitttteerr The estimated time error of the peer clock measured as an expo-
nential average of RMS time differences.
uunnrreeaacchh The value of the counter which records the number of poll
intervals since the last valid packet was received.
When the NTPv4 daemon is compiled with the OpenSSL software library,
additional peer variables are displayed, including the following:
ffllaaggss The current flag bits. This word is the server host status word
with additional bits used by the Autokey state machine. See the
source code for the bit encoding.
hhoossttnnaammee
The server host name.
iinniittkkeeyy _k_e_y
The initial key used by the key list generator in the Autokey
protocol.
iinniittsseeqquueennccee _i_n_d_e_x
The initial index used by the key list generator in the Autokey
protocol.
ssiiggnnaattuurree
The server message digest/signature scheme name from the
OpenSSL software library.
ttiimmeessttaammpp _t_i_m_e
The NTP timestamp when the last Autokey key list was generated
and signed.
FFLLAASSHH CCOODDEESS
The ffllaasshh code is a valuable debugging aid displayed in the peer vari-
ables list. It shows the results of the original sanity checks defined
in the NTP specification RFC-1305 and additional ones added in NTPv4.
There are 12 tests designated TTEESSTT11 through TTEESSTT1122. The tests are per-
formed in a certain order designed to gain maximum diagnostic informa-
tion while protecting against accidental or malicious errors. The ffllaasshh
variable is initialized to zero as each packet is received. If after
each set of tests one or more bits are set, the packet is discarded.
Tests TTEESSTT11 through TTEESSTT33 check the packet timestamps from which the
offset and delay are calculated. If any bits are set, the packet is
discarded; otherwise, the packet header variables are saved. TTEESSTT44 and
TTEESSTT55 are associated with access control and cryptographic authentica-
tion. If any bits are set, the packet is discarded immediately with
nothing changed.
Tests TTEESSTT66 through TTEESSTT88 check the health of the server. If any bits
are set, the packet is discarded; otherwise, the offset and delay rela-
tive to the server are calculated and saved. TTEESSTT99 checks the health of
the association itself. If any bits are set, the packet is discarded;
otherwise, the saved variables are passed to the clock filter and miti-
gation algorithms.
Tests TTEESSTT1100 through TTEESSTT1122 check the authentication state using
Autokey public-key cryptography, as described in the Authentication
Options page. If any bits are set and the association has previously
been marked reachable, the packet is discarded; otherwise, the origi-
nate and receive timestamps are saved, as required by the NTP protocol,
and processing continues.
The ffllaasshh bits for each test are defined as follows.
00xx000011 TTEESSTT11
Duplicate packet. The packet is at best a casual retransmission
and at worst a malicious replay.
00xx000022 TTEESSTT22
Bogus packet. The packet is not a reply to a message previously
sent. This can happen when the NTP daemon is restarted and
before somebody else notices.
00xx000044 TTEESSTT33
Unsynchronized. One or more timestamp fields are invalid. This
normally happens when the first packet from a peer is received.
00xx000088 TTEESSTT44
Access is denied. See the Access Control Options page.
00xx001100 TTEESSTT55
Cryptographic authentication fails. See the Authentication
Options page.
00xx002200 TTEESSTT66
The server is unsynchronized. Wind up its clock first.
00xx004400 TTEESSTT77
The server stratum is at the maximum than 15. It is probably
unsynchronized and its clock needs to be wound up.
00xx008800 TTEESSTT88
Either the root delay or dispersion is greater than one second,
which is highly unlikely unless the peer is unsynchronized to
Mars.
00xx110000 TTEESSTT99
Either the peer delay or dispersion is greater than one second,
which is highly unlikely unless the peer is on Mars.
00xx220000 TTEESSTT1100
The autokey protocol has detected an authentication failure.
See the Authentication Options page.
00xx440000 TTEESSTT1111
The autokey protocol has not verified the server or peer is
proventic and has valid public key credentials. See the Authen-
tication Options page.
00xx880000 TTEESSTT1122
A protocol or configuration error has occurred in the public
key algorithms or a possible intrusion event has been detected.
See the Authentication Options page.
BBUUGGSS
The peers command is non-atomic and may occasionally result in spurious
error messages about invalid associations occurring and terminating the
command. The timeout time is a fixed constant, which means you wait a
long time for timeouts since it assumes sort of a worst case. The pro-
gram should improve the timeout estimate as it sends queries to a par-
ticular host, but doesn't.
SSEEEE AALLSSOO
ntpd(8), ntpdc(8)
Primary source of documentation: /usr/share/doc/ntp-*
This file was automatically generated from HTML source.
ntpq(8)