3

I just want to preface by saying that I am still learning linux and don't have too much experience with it.

My job requires me to monitor an alert system for our clients hosts that are running our product.

I just received an alert regarding NTP that confused me a bit so I was hoping someone here can help me clarify it.

The alert was for the NTP offset of a particular host. That's fine, just go and resync to the NTP server. However, turns out that there is no NTP server defined in the config file and is not even running when I go to stop it:

"ntpd: unrecognised service"

However, this check has been running for a while and only alerted today.

So my question is, if there is no NTP server defined for that host and NTP is not even running, what triggered the alert? I mean, if the alert is only supposed to go off when the offset is large, how can there be an offset if there is no server defined to be compared to?

The alert even specifies an exact time in seconds, and it's updating. So It's comparing itself to something, right?

I've tried to look online for an answer but nothing is clicking with me. Any help would be great.

Ian
  • 131
  • 2
  • Without knowing how this is checked, it's hard to tell. If your monitoring server just matches the time of a remote host against it's own local timestamp, the remote server doesn't need to have NTP installed at all. So the interesting question here is, how it the time monitored? – Oldskool Feb 14 '15 at 17:51
  • I was talking to my boss after posting this and he thinks that the domain controller might be handling the NTP, but I don't have access to that so I think I might have to wait until monday. – Ian Feb 14 '15 at 19:02
  • Are there NTP servers defined in the DHCP configuration? – Aaron Jul 17 '15 at 16:18

1 Answers1

0

But, before we continue, let's check the state of the ntp daemon synchronization. On that host, run:

ntpq -pn

Does this returns anything?

If it does, it looks to me that you had executed this command to stop the service:

service ntpd stop

And you've received the following message:

"ntpd: unrecognised service"

Well, in that case, you might try to stop the ntp service (no "d" on the end), like this:

service ntp stop

If that doesn't work, list what ntp* services you have on the initd dir:

ls -l /etc/init.d/ntp*

If you don't have any ntp, ntpd or ntpdate service, than you have to install it.

The service command is only valid for CentOS. For other linux flavours, replace it with /etc/init.d/ntpd stop and /etc/init.d/ntp stop.

Nuno Pereira
  • 150
  • 10