[an error occurred while processing this directive]

HP OpenVMS Systems Documentation

Compaq TCP/IP Services for OpenVMS
Release Notes

logconfig +sysevents +syncstatus

This configuration would list the synchronization state of the NTP server and the major system events.
For a simple reference server, the following minimum message configuration might be useful:

logconfig +syncall +clockall

This configuration lists all clock information and synchronization information. All other events and messages about peers, system events, and so forth, are suppressed.

tinker [panic panic | dispersion dispersion | minpoll minpoll | allan allan| huffpuff huffpuff]
This statement can be used to alter several system variables in exceptional circumstances. It should occur in the configuration file before any other configuration options. The default values of these options have been carefully optimized for a wide range of network speeds and reliability expectations. In general, they interact in intricate ways that are hard to predict, and some combinations can result in unpredictable behavior. It is rarely necessary to change the default values.
All options are in floating-point seconds or in seconds per second. The minpoll option is an integer in seconds to the power of 2. The options operate as follows:

panic panic
This option becomes the new value for the panic threshold, normally 1000 seconds. If set to zero, the panic sanity check is disabled and a clock offset of any value is accepted.
dispersion dispersion
This option becomes the new value for the dispersion increase rate, usually .000015.
minpoll minpoll
This option becomes the new value for the minimum poll interval used when configuring a multicast client, a manycast client, and symmetric passive-mode association. The value defaults to 6 (64 seconds) and has a lower limit of 4 (16 seconds).
allan allan
This option becomes the new value for the minimum Allan intercept, which is a parameter of the PLL/FLL clock discipline algorithm. The value defaults to 1024 seconds, which is also the lower limit.
huffpuff huffpuff
This option becomes the new value for the experimental huff-n-puff filter span, which determines the most recent interval that the algorithm will search for a minimum delay. The lower limit is 900 seconds (15 minutes), but a more reasonable value is 7200 (2 hours). There is no default, since the filter is not enabled unless this statement is given.

B.3.2.1 NTP Monitoring Options

TCP/IP Services NTP includes a comprehensive monitoring facility that is suitable for continuous, long-term recording of server and client timekeeping performance. Statistics files are managed using file generation sets and scripts.

You can specify the following monitoring commands in your configuration file:

statistics name [ ... ]
Enables writing of statistics records. The following is a list of the supported name statistics:
- loopstats
  Enables recording of loop filter statistics information. Each update of the local clock outputs a line of the following form to the file generation set named loopstats :
  48773 10847.650 0.0001307 17.3478 2
  The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). (A Julian Day [JD] begins at noon and runs until the next noon. The JD number is the number of days [or part of a day] since noon [UTC] on January 1, 4713 B.C. A Modified Julian Day [MJD] is the JD minus 2,400,000.5.)
  The next three fields show time offset (in seconds), frequency offset (in parts per million), and time constant of the clock discipline algorithm at each update of the clock.
- peerstats
  Enables recording of peer statistics information. This includes statistics records of all peers of an NTP server and of special signals, where present and configured. Each valid update appends a line of the following form to the current element of a file generation set named peerstats :
  48773 10847.650 127.127.4.1 9714 -0.001605 0.00000 0.00142
  The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the peer address in dotted-quad notation and status, respectively. The status field is encoded in hexadecimal in the format described in Appendix A of the NTP specification (RFC 1305). The final three fields show the offset, delay, and dispersion (in seconds).
- clockstats
  Enables recording of clock driver statistics information. Each update received from a clock driver outputs a line in the following form to the file generation set named clockstats :
  49213 525.624 127.127.4.1 93 226 00:08:29.606 D
  The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field shows the clock address in dotted-quad notation, The final field shows the last time code received from the clock in decoded ASCII format, where meaningful. In some clock drivers, a good deal of additional information can be gathered and displayed as well. For further details, see information specific to each clock.
- rawstats
  Enables recording of raw timestamps. Each valid update appends a line in the following form to the file generation set named rawstats :
  51554 79509.68 16.20.208.53 16.20.208.97 3156617109.664603 3156617109.673268 3156617109.673268 31 56617109.673268 3156617109.666556
  The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the peer and local addresses in dotted-quad notation. The next four fields are:
  - The originate timestamp
  - The received timestamp
  - The transmitted timestamp (the last one sent to the same peer)
  - The timestamp of the packet's arrival on the server
- statsdir directory-path
  Indicates the full path of a directory in which statistics files should be created.

B.3.2.2 Access Control Options

TCP/IP Services NTP implements a general-purpose address-and-mask based restriction list. The list is sorted by address and by mask, and the list is searched in this order for matches. The last match to be found defines the restriction flags associated with the incoming packets. The source address of incoming packets is used for the match. The 32-bit address is and'ed with the mask associated with the restriction entry, and then is compared with the entry's address (which has also been and'ed with the mask) to look for a match.

Although this facility might be useful for keeping unwanted or broken remote time servers from affecting your own, it is not considered an alternative to the standard NTP authentication facility.

B.3.2.2.1 The Kiss-of-Death Packet

Ordinarily, packets denied service are simply dropped with no further action except to increment statistics counters. Sometimes a more proactive response is needed, such as a server message that explicitly requests the client to stop sending and leave a message for the system operator. A special packet format has been created for this purpose called the kiss-of-death (kod) packet. If the kod flag is set and either service is denied or the client limit is exceeded, the server returns the packet and sets the leap bits unsynchronized, stratum 0, and the ASCII string "DENY" in the reference source identifier field. If the kod flag is not set, the server simply drops the packet.

A client or peer that receives a kiss-of-death packet performs a set of sanity checks to minimize security exposure. If this is the first packet received from the server, the client assumes an ac >B.4 Configuring NTP as Backup Time Server

You can configure the NTP service as a backup time server. In this case, if all other network synchronization sources become unavailable, the NTP service becomes active. You can also use this method to allow the local node to act as the NTP server in an an isolated network. To configure the NTP service as the backup server or the sole NTP server, enter the following commands in the NTP configuration file:

server 127.127.1.0 
fudge 127.127.1.0 stratum 8

In this example, the stratum is set to a high number (8) so that it will not interfere with any other, possibly better, time synchronization source. You should set the stratum to a number that is higher than the stratum of all other time synchronization sources.

B.5 NTP Event Logging

NTP maintains a record of system clock updates in the file SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP_RUN.LOG. NTP reopens this log file daily, each time creating a new version of the file (older versions are not automatically purged). Events logged to this file can include the following messages:

Synchronization status that indicates synchronization was lost, stratum changes, and so forth
System time adjustments
Time adjustment status

Logging can be increased by using the logconfig option in TCPIP$NTP.CONF. For more information, see Section B.3.2.

In addition, you can enable debugging diagnostics by defining the following logical name with /SYSTEM and a value from 1 through 6, where 6 specifies the most detailed logging:

$ DEFINE /SYSTEM TCPIP$NTP_LOG_LEVEL n

Table B-2 describes the messages most frequently included in the NTP log file.

**Table B-2 NTP Log File Messages**
Message	Description
Time slew time	Indicates that NTP has set the local clock by slewing the local time to match the synchronization source. This happens because the local host is no longer synchronized. For example: time slew -0.218843 s
Synchronization lost	This usually occurs after a time reset. All peer filter registers are cleared, for example, for that particular peer; all state variables are reset along with the polling interval; and the clock selection procedure is once again performed.
Couldn't resolve hostname, giving up on it	Indicates that the host name could not be resolved. This peer will not be considered for the candidate list of peers. For example: couldn't resolve 'fred', giving up on it
Send to IP-address: reason	Indicates that a problem occurred while sending a packet to its destination. The most common reason logged is "connection refused." For example: sendto(16.20.208.100): connection refused
Time Correction of delta-time seconds exceeds sanity limit (1000); set clock manually to the correct UTC time	NTP has detected a time difference greater than 1000 seconds between the local clock and the server clock. You must set the clock manually or use the NTPDATE program and then restart NTP. Once NTP sets the clock, it continuously tracks the discrepancy between the local time and NTP time and adjusts the clock accordingly.
offset: n sec freq x ppm poll: y sec error z	An hourly message, in which: `offset` is the offset (in seconds) of the peer clock relative to the local clock (that is, the amount to adjust the local clock to bring it into correspondence with the reference clock). `freq` is the computed error in the intrinsic frequency of the local clock (also known as "drift") (in parts per million). `poll` is the minimum interval (in seconds) between transmitted messages (that is, messages sent between NTP peers, as in a client to a server). `error` is the measure of network jitter (that is, latencies in computer hardware and software).
No clock adjustments will be made, DTSS is active	Indicates that the DTSS time service is running on the system. The DTSS time service should be disabled if you would like NTP to set the system time. To disable the DTSS time service, enter the following command: $ RUN SYS$SYSTEM:NCL DISABLE DTSS Alternatively, you can configure the NTP server not to make clock adjustments, as described in Section B.3.3. NTP dynamically detects whether the DTSS time service is enabled at any time and will log this message if appropriate.
Clock adjustments will resume. DTSS no longer active	Indicates that the DTSS time service has been disabled on the system. NTP will now handle clock adjustments. NTP dynamically detects whether the DTSS time service is enabled at any time and will log this message if appropriate.