[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 25 Nov 2009, Grant Sewell wrote:
On Wed, 25 Nov 2009 14:59:55 +0000 (GMT) Gordon Henderson wrote:Hm. it's a bit verbose, isn't it?I don't know... is it?All you really need to get going is one line: server uk.pool.ntp.orgOK, I've reduced my ntp.conf file to the above line and only the above line.And you can list that 2 or 3 times as 'uk.pool.ntp.org' is several machines. The rest of the file is config flab. Once it's going with the basics, then you can add in the other stuff, if you need. Most of it is about premissions and logging, but lets face it, you'll never read the log-files and you're behind a firewall...The intention is to find out how frequently a specific device queries an NTP server - running my own and making the device in question query my NTP server should allow me to establish this information... so I probably will check the log files after a few days.
Is it that important? You seem to be doing a lot of work for this...
Reducing the ntp.conf file to the above seems to have worked as I can now issue a "ntpdate -q 192.168.1.251" command from another Linux box and it works. Now to figure out how to monitor this traffic... I'm thinking ntop might be the answer to this one.
ntop is 'heavy' in terms of resources and setup... However... tcpdump -w /var/tmp/capture host 192.168.1.251 and port 123 ... wait 24 hours then control-c (insert IP of real host though) tcpdump -r /var/tmp/capture | wc -lis as crude as it'll get. You'll need to work out how many packets per transaction though, but you can do that by just running tcpdump in interactive mode until it's probed it once or twice...
Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html