ntp.conf File
Purpose
Controls the operation and behavior of the Network Time Protocol (NTP) ntpd daemon.
Description
The ntp.conf file is a basic configuration file that controls the ntpd daemon.
Configuration Options
The two classes of commands that are used to configure the ntpd daemon are configuration commands and auxiliary commands. Auxiliary commands are used to specify environmental variables that control various related operations.
- Configuration Commands
- Configuration commands are used to configure an association with a remote server, peer, or
reference clock.
server address [options ...] peer address [options ...] broadcast address [options ...] manycastclient address [options ...]
These four commands specify the time server name or address to be used and the mode in which to operate. The address can be either a DNS name or an IP address in dotted-quad notation. Additional information on association behavior can be found in the Association Management page.Command Description server For type s
andr
addresses (only), this command normally mobilizes a persistent client mode association with the specified remote server or local reference clock. If the preempt flag is specified, apeerutable
association is mobilized instead. In client mode the client clock can synchronize to the remote server or local reference clock, but the remote server can never be synchronized to the client clock. This command must not be used for typeb
, orm
addresses.peer For type s
addresses (only), this command mobilizes a persistent symmetric-active mode association with the specified remote peer. In this mode, the local clock can be synchronized to the remote peer or the remote peer can be synchronized to the local clock. This command is useful in a network of servers where, depending on various failure scenarios, either the local or remote peer might be the better source of time. This command must not be used for typeb
,m
, orr
addresses.broadcast For type b
andm
addresses (only), this command mobilizes a persistent broadcast mode association. Multiple commands can be used to specify multiple local broadcast interfaces (subnets) and multiple multicast groups. Local broadcast messages go only to the interface associated with the subnet specified, but multicast messages go to all interfaces. In broadcast mode, the local server sends periodic broadcast messages to a client population at the address specified. The address that is specified is usually the broadcast address on one or more local networks or a multicast address that is assigned to NTP. The IANA assigned the multicast group addressIPv4 224.0.1.1
andIPv6 ff05::101
(site local) exclusively to NTP, but other addresses that are not conflicting can be used to contain the messages within administrative boundaries. Ordinarily, this specification applies only to the local server operating as a sender; for operation as a broadcast client, see the broadcastclient or multicastclient commands.manycastclient For type m
addresses (only), this command mobilizes apreemptable
manycast client mode association for the multicast group address specified. In this mode, a specific address must be supplied which matches the address that is used on the manycastserver command for the designated manycast servers. The NTP multicast address 224.0.1.1 that is assigned by the IANA must not be used unless specific means are taken to limit the span of the reply and avoid a possibly massive implosion at the original sender. The manycastclient command specifies that the host is to operate in client mode with the remote servers that are discovered as the result of broadcast or multicast messages. The client broadcasts a request message to the group address associated with the specified address and enabled servers respond to these messages. The client selects the servers that provide the best time and continues as with the server command. The remaining servers are discarded.- Command options
-
Options Description autokey All packets that are sent to and received from the server or peer are to include authentication fields encrypted using the autokey scheme described in the Authentication Options page. This option is valid with all commands. burst When the server is reachable, send a burst of eight packets instead of the usual one. The packet spacing is normally 2 s. However, the spacing between the first and the second packet can be changed with the calldelay command to allow more time for a modem or ISDN call to complete. This option is valid with only the server command and is a recommended option with this command when the maxpoll option is 11 or greater. iburst When the server is unreachable, send a burst of eight packets instead of the usual one. The packet spacing is normally 2 s. However, the spacing between the first and the second packet can be changed with the calldelay command to allow more time for a modem or ISDN call to complete. This option is valid with only the server command and is a recommended option with this command. key key All packets that are sent to and received from the server or peer are to include authentication fields encrypted using the specified key identifier with values from 1 to 65534, inclusive. The default is to include no encryption field. This option is valid with all commands. minpoll or maxpoll These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1,024 s), but can be increased by using the maxpoll option to a higher limit of 17 (36.4 h). The default minimum poll interval is 6 (64 s). However, it can be decreased by using the minpoll option to a minimum limit of 4 (16s). These options are valid only with the server and peer commands. noselect Marks the server as unused, except for display purposes. The selection algorithm discards the server. This option is valid only with the server and peer commands. preempt Specifies the association as preemptable
rather than the default persistent. This option is valid only with the server command.prefer Marks the server as preferred. If all other parameters are equal in a set of hosts, the host that is marked as preferred is chosen for synchronization among a set of correctly operating hosts. For more information, see the Mitigation Rules and the prefer Keyword page. This option is valid only with the server and peer commands. true Force the association to assume truechimer
status; that is, always survive the selection and clustering algorithms. This option can be used with any association. However, it functions best with reference clocks that have large serial port jitter and accurate pulse-per-second (PPS) signals.Note: This option defeats the algorithms that are designed to cast outfalsetickers
and can allow these sources to set the system clock. This option is valid only with the server and peer commands.ttl ttl This option is used only with broadcast server and manycast client modes. It specifies the maximum time-to-live (ttl) for the expanding ring search with manycast client packets and the ttl to be used on broadcast servers and multicast servers. Selection of the proper value, which defaults to 127, is something of a black art and must be coordinated with the network administrator. version version Specifies the version number to be used for outgoing NTP packets. Versions 1-4 are the choices, with version 4 the default. This option is valid only with the server, peer, and broadcast commands.
- Auxiliary Commands
-
Command Decription broadcastclient [ novolley
]This command enables reception of broadcast server messages to any local interface (type b
) address. Upon receiving a message for the first time, the broadcast client measures the nominal server propagation delay by using a brief client or server exchange with the server after which it continues in listen-only mode. If thenovolley
keyword is present, the exchange is not used and the value that is specified in the broadcastdelay command is used or, if the broadcastdelay command is not used, the default 4.0 ms.Note: To avoid accidental or malicious disruption in this mode, both the server and client must operate by using symmetric key or public key authentication as described in the Authentication Options page. Thenovolley
keyword is incompatible with public key authentication.manycastserver address [...] This command enables reception of manycast client messages to one or more multicast group addresses (type m
) specified. At least one address is required. The NTP multicast address 224.0.1.1 that is assigned by the IANA must not be used, unless specific means are taken to limit the span of the reply and avoid a possibly massive implosion at the original sender.Note: To avoid accidental or malicious disruption in this mode, both the server and client must operate by using symmetric key or public key authentication as described in the Authentication Options page.multicastclient address [...] This command enables reception of multicast server messages to one or more multicast group addresses (type m
) specified. Upon receiving a message for the first time, the multicast client measures the nominal server propagation delay by using a brief client or server exchange with the server. Then the multicast client enters the broadcast client mode, in which it synchronizes to succeeding multicast messages.Note: To avoid accidental or malicious disruption in this mode, both the server and client must operate by using symmetric key or public key authentication.
Configuration access control options
The ntpd daemon implements a general-purpose address-based or mask-based restriction list. The list contains address or match entries sorted first by increasing address values and then by increasing mask values. A match occurs when the bitwise AND of the mask and the packet source address are equal to the bitwise AND of the mask and the address in the list. The list is searched in order with the last match found defining the restriction flags associated with the entry.
While this facility might be useful for keeping unwanted or broken or malicious clients from congesting innocent servers, it must not be considered an alternative to the NTP authentication facilities. A determined cracker can easily circumvent source address-based restrictions.
Clients can be denied service because they are explicitly included in the restrict list that is created by the restrict command or implicitly as the result of cryptographic or rate limit violations. Cryptographic violations include certificate or identity verification failure. Rate limit violations result from defective NTP implementations that send packets at abusive rates. Some violations cause denied service only for the offending packet. Some violations cause denied service for a timed period and some violations cause the denied service for an indefinite period. When a client or network is denied access for an indefinite period, the only way currently to remove the restrictions is by restarting the server.
Command | Description |
---|---|
discard [ average avg ][ minimum min ] [ monitor prob ] | Set the parameters of the limited facility that protects the server from client abuse. The average subcommand specifies the minimum average packet spacing, while the minimum subcommand specifies the minimum packet spacing. Packets that violate these minimum values are discarded and a kiss-o'-death packet is returned if enabled. The default minimum average is 5 and default minimum is 2. The monitor subcommand specifies the probability of discard for packets that overflow the rate-control window. |
restrict address [mask mask] [flag][...] | The address argument that is expressed in dotted-quad form is the address of a host or network. Alternatively, the address argument can be a valid host DNS name. The mask argument that is expressed in dotted-quad form defaults to 255.255.255.255, meaning that the address is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0) is always included and is always the first entry in the list. The text string default, with no mask option, might be used to indicate the default entry. |
In the current implementation, a flag always restricts access. An entry with no flags indicates that free access to the server is to be given. The flags are not orthogonal and hence more restrictive flags often makes less restrictive ones redundant. The flags can generally be classed into two categories, flags that restrict time service and flags that restrict informational queries and attempts to do runtime reconfiguration of the server. One or more of the following flags can be specified:
Flags | Description |
---|---|
ignore | Deny packets of all kinds, including ntpq and ntpdc
queries. |
kod | If this flag is set when an access violation occurs, a kiss-o'-death (KoD) packet is sent. KoD packets are rate-limited to no more than one per second. If another KoD packet occurs within one second after the last one, the packet is dropped. |
limited | Deny service if the packet spacing violates the minimum limits that are specified in the discard command. A history of clients is kept by using the monitoring capability of the ntpd command. Monitoring is always active if there is a restriction entry with the limited flag. |
lowpriotrap | Declare traps set by matching hosts to be low priority. There is a limit on the number of traps a server can maintain. The current limit is 3. Traps are assigned on a first-come, first-served basis. If a requester is assigned a trap more than the maximum limit of the server, service is denied. This flag modifies the assignment algorithm by allowing low-priority traps to be overridden by later requests for normal priority traps. |
nomodify | Deny ntpq and ntpdc queries that attempt to
modify the state of the server (that is, runtime reconfiguration). Queries that return information
are permitted. |
noquery | Deny ntpq and ntpdc queries. Time service is
not affected. |
nopeer | Deny packets that would result in mobilizing a new association. This flag includes broadcast, symmetric-active, and manycast client packets when a configured association does not exist. |
noserve | Deny all packets except ntpq and ntpdc
queries. |
notrap | Decline to provide mode 6 control message trap service to matching hosts. The trap service is a subsystem of the ntpdq control message protocol that is intended for use by remote event logging programs. |
notrust | Deny packets unless the packet is cryptographically authenticated. |
ntpport | This flag is a match algorithm modifier, rather than a restriction flag. Its
presence causes the restriction entry to be matched only if the source port in the packet is the
standard NTP UDP port (123). Both ntpport and non-ntpport might be
specified. The ntpport is considered more specific and is sorted later in the list.
|
version | Deny packets that do not match the current NTP version. |
Default restriction list entries with the flags ignore, interface, and ntpport
for each of the local host's interface addresses are inserted into the table at startup to prevent
the server from attempting to synchronize to its own time. A default entry is also always present,
though if it is otherwise unconfigured. No flags are associated with the default entry. Everything
except your own NTP server is unrestricted.
Configuration authentication options
Authentication support allows the NTP client to verify that the server is in fact a known and trusted serve and not an intruder intending accidentally or on purpose to masquerade as that server. The NTPv3 specification RFC-1305 defines a scheme that provides cryptographic authentication of received NTP packets. Originally, it was done by using the Data Encryption Standard (DES) algorithm operating in Cipher Block Chaining (CBC) mode, commonly called DES-CBC. Later, it was replaced by the RSA message igest 5 (MD5) algorithm by using a private key, commonly called keyed-MD5. Either algorithm computes a message digest, or one-way hash, which can be used to verify that the server has the correct private key and key identifier.
NTPv4 retains the NTPv3 scheme, properly described as symmetric key cryptography, and, in addition, provides a new Autokey scheme based on public key cryptography. Public key cryptography is considered more secure than symmetric key cryptography, since the security is based on a private value that is generated by each host and never revealed. Except for the group key described later, all key distribution and management functions involve only public values that considerably simplify key distribution and storage. Public key management is based on X.509 certificates that can be provided by commercial services or produced by utility programs in the OpenSSL software library or the NTPv4 distribution.
Commands | Description |
---|---|
autokey [logsec] | Specifies the interval between regenerations of the session key list that is used with the Autokey protocol. Size of the key list for each association depends on this interval and the current poll interval. The default value is 12 (4096 s or about 1.1 hours). For poll intervals more than the specified interval, a session key list with a single entry is regenerated for every message sent. |
controlkey key | Specifies the key identifier to use with the ntpq utility, which uses the
standard protocol that is defined in RFC-1305. The key argument is the key identifier for a trusted
key, where the value can be in the range 1 to 65,534, inclusive. |
crypto [cert file] [leap file] [randfile file] [host file] [sign file] [ident scheme] [iffpar file] [gqpar file] [mvpar file] [pw password] | This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature encryption scheme and loads the required private and public values that are described earlier. If one or more files are left unspecified, the default names are used as described earlier. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the keysdir command or default /usr/local/etc directory. |
Following are the sub commands.
Sub commands | Description |
---|---|
cert file | Specifies the location of the required host public certificate file. This sub command
overrides the link ntpkey_cert_hostname in the keys directory. |
gqpar file | Specifies the location of the client GQ parameters file. This sub command overrides the link
ntpkey_gq_hostname in the keys directory. |
host file | Specifies the location of the required host key file. This sub command overrides the link
ntpkey_key_hostname in the keys directory. |
ident scheme | Requests the server identity scheme, which can be IFF, GQ or MV. This sub command is used when the host is not a server for a dependent client. |
iffpar file | Specifies the location of the optional IFF parameters file. This sub command
overrides the link ntpkey_iff_hostname in the keys directory. |
leap file | Specifies the location of the client leapsecond file.
This sub command overrides the link ntpkey_leap in the keys directory. |
mv | Requests the MV server identity scheme. |
mvpar file | Specifies the location of the client MV parameters file. This sub command
overrides the link ntpkey_mv_hostname in the keys directory. |
pw password | Specifies the password to decrypt files that contain private keys and identity parameters. It is required only if these files are encrypted. |
randfile file | Specifies the location of the random seed file that is used by the OpenSSL library. The defaults are described in the main text earlier. |
sign file | Specifies the location of the optional sign key file. This sub command
overrides the link ntpkey_sign_hostname in the keys directory. If this file is not
found, the host key is also the sign key. |
keys keyfile | Specifies the complete path and location of the MD5 key file that contains the
keys and key identifiers that are used by ntpd , ntpq , and
ntpdc when operating with symmetric key cryptography. This subcommand has the same
operation as the -k command line option. |
keysdir path | This command specifies the default directory path for cryptographic keys, parameters, and certificates. The default is /usr/local/etc/ directory. |
requestkey key | Specifies the key identifier to use with the ntpdc utility
program, which uses a proprietary protocol specific to this implementation of ntpd .
The key argument is a key identifier for the trusted key, where the value can be in the range 1 to
65,534, inclusive. |
revoke [logsec] | Specifies the interval between rerandomization of certain cryptographic values that are used by the Autokey scheme, as a power of 2 in seconds. These values need to be updated frequently to deflect brute-force attacks on the algorithms of the scheme; however, updating some values is a relatively expensive operation. The default interval is 16 (65,536 s or about 18 hours). For poll intervals more than the specified interval, the values are updated for every message sent. |
trustedkey key [...] | Specifies the key identifiers that are trusted for the purposes of
authenticating peers with symmetric key cryptography and also for keys that are used by the
ntpq and ntpdc programs. The authentication procedures require
that both the local and remote servers share the same key and key identifier for this purpose,
although different keys can be used with different servers. The key arguments are 32-bit unsigned
integers with values from 1 to 65,534. |
Configuration monitoring options
ntpd
includes a comprehensive monitoring facility suitable for continuous
long-term recording of server and client timekeeping performance. See the
statistics command explained later for a listing and example of each type of
statistics currently supported. Statistic files are managed by using file generation sets and
scripts in the ./scripts directory of this distribution. Using these facilities
and UNIX cron jobs, the data can be automatically summarized
and archived for retrospective analysis.
Commands | Description |
---|---|
statistics name [...] | Enables writing of statistics records. Currently, six kinds of namestatistics are supported. |
clockstats | Enables recording of clock driver statistics information. Each update that is received from a
clock driver appends a line of the following form to the file generation set named clockstats:
The first two fields show the
date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field shows
the clock address in dotted-quad notation. The final field shows the last timecode that is received
from the clock in decoded ASCII format, where meaningful. In some clock drivers, a good deal of
additional information can be gathered and displayed as well. See information specific to each clock
for further details. |
cryptostats | This option requires the OpenSSL cryptographic software library. It enables recording of
cryptographic public key protocol information. Each message that is received by the protocol module
appends a line of the following form to the file generation set named cryptostats:
The first two fields show the date
(Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field shows the
peer address in dotted-quad notation. The final message field includes the message type and certain
ancillary information. For more information, see the Authentication Options
page. |
loopstats | Enables recording of loop filter statistics information. Each update of the
local clock outputs a line of the following form to the file generation set named loopstats:
The first two
fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The
next five fields show time offset (seconds), frequency offset (parts per million - PPM), RMS jitter
(seconds), Allan deviation (PPM), and clock discipline time constant. |
peerstats | Enables recording of peer statistics information. It includes statistics
records of all peers of an NTP server and of special signals, where present and configured. Each
valid update appends a line of the following form to the current element of a file generation set
named peerstats:
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC
midnight). The next two fields show the peer address in dotted quad notation and status. The status
field is encoded in hex in the format that is described in Appendix B of the NTP specification RFC
1305. The final four fields show the offset, delay, dispersion and RMS jitter, all in
seconds. |
rawstats | Enables recording of raw-timestamp statistics information. It includes
statistics records of all peers of an NTP server and of special signals, where present and
configured. Each NTP message that is received from a peer or clock driver appends a line of the
following form to the file generation set named rawstats:
The first two fields
show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two
fields show the remote peer or clock address followed by the local address in dotted-quad notation.
The final four fields show the originate, receive, transmit, and final NTP timestamps in order. The
timestamp values are as received and before processing by the various data smoothing and mitigation
algorithms. |
sysstats | Enables recording of ntpd statistics counters on a periodic basis. Each hour a
line of the following form is appended to the file generation set named sysstats:
The first two
fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The
remaining ten fields show the statistics counter values that are accumulated since the last
generated line.
|
timingstats | Only available when the deamon is compiled with process time debugging support
(--enable-debug-timing - costs performance). Enables recording of ntpd processing time information
for various selected code paths:
The first two
fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The
next field is a potential peer address, or REFCLOCK depending on the associated io source. Then an
event count for the number of processed events in the code path follows. The fifth field is the
total time spend for the events. The rest of the line denotes the code path description
statsdir directory_path . |
statsdir directory_path | Indicates the full path of a directory where statistics files must be created. This keyword allows the (otherwise constant) filegen file name prefix to be modified for file generation sets, which is useful for handling statistics logs. |
filegen
name [file
filename] [type
typename] [link | nolink ] [enable |
disable ] |
Configures setting of generation file set name. Generation file sets provide a
means for handling files that are continuously growing during the lifetime of a server. Server
statistics are a typical example for such files. Generation file sets provide access to a set of
files that are used to store the actual data. At any time, at most one element of the set is being
written to. The type that is given specifies when and how data is directed to a new element of the
set. This way, information that is stored in elements that are unused of a fileset is available for
administrative operations without the risk of disturbing the operation of ntpd. They can be removed
to free space for new data produced. Note: This command can be sent from the ntpdc program that runs
at a remote location.
|
Commands | Description |
---|---|
filegen
name [file
filename] [type
typename] [link | nolink ] [enable |
disable ] |
|
Miscellaneous configuration options
Commands | Options |
---|---|
broadcastdelay seconds | The broadcast and multicast modes require a special calibration to determine the network delay between the local and remote servers. Ordinarily, it is done automatically by the initial protocol exchanges between the client and server. Sometimes, the calibration procedure might fail due to network or server access controls, for example. This command specifies the default delay to be used under these circumstances. Typically (for Ethernet), a number between 0.003 and 0.007 seconds is appropriate. The default when this command is not used is 0.004 seconds. |
calldelay delay | This option controls the delay in seconds between the first and second packets that are sent in burst or iburst mode to allow more time for a modem or ISDN call to complete. |
driftfile
driftfile
[ minutes [ tolerance ]] |
This command specifies the complete path and name of the file that is used to record the
frequency of the local clock oscillator. This command has the same operation as the
-f command link e option. If the file exists, it is read
at startup to set the initial frequency and then updated once per hour with the current frequency
computed by the daemon. If the file name is specified, but the file itself does not exist, it starts
with an initial frequency of zero and creates the file when writing it for the first time. If this
command is not given, the daemon starts with an initial frequency of zero. The file format consists of a single line that contains a single floating point number, which records the frequency offset measured in parts-per-million (PPM). The file is updated by first writing the current drift value into a temporary file and then renaming this file to replace the old version. It implies that ntpd must have write permission for the directory the drift file is located in, and that file system links, symbolic or otherwise, must be avoided. The two optional values determine how often the file is written, and are useful when is it desirable to avoid spinning up the disk unnecessarily. The parameter minutes is how often the file is written. If omitted or less than 1, the interval is 60 minutes (one hour). The parameter tolerance is the threshold to skip writing the new value. If the new value is within tolerance percent of the last value written (compared out to 3 decimal places), the write is skipped. The default is 0.0, which means that the write occurs unless the current and previous values are the same. A tolerance of 0.1 equates roughly to a difference in the 2nd decimal place. |
enable [ auth | bclient | calibrate | kernel |
monitor | ntp | pps | stats ] and disable [ auth | bclient |
calibrate | kernel | monitor | ntp | pps | stats ] |
Provides a way to enable or disable various system options. Flags not
mentioned are unaffected. All of these flags can be controlled remotely by using the
ntpdc utility program.
|
includefile includefile | This command allows more configuration commands to be included from a separate file. The includefiles command can be nested to a depth of five. Upon reaching the end of any includefile command, processing resumes in the previous configuration file. This option is useful for sites that run ntpd on multiple hosts, with (mostly) common options (for example, a restriction list). |
logconfig configkeyword | This command controls the amount and type of output that is written to the
system syslog facility or the alternative log file. All configkeyword keywords can
be prefixed with =, + and -, where = sets the syslogmask , + adds and - removes
messages. The syslog messages can be controlled in four classes (clock,
peer, sys and sync ). Within these classes, four types of messages that can be controlled
are informational messages (info ), event messages (events ),
statistics messages (statistics ), and status messages (status ).
Configuration keywords are formed by concatenating the message class with the event class. The all
prefix can be used instead of a message class. A message class might also be followed by the
all keyword to enable or disable all messages of the respective message class. By
default, logconfig output is set to allsync. Thus, a minimal log configuration might look like this:
This would list the synchronizations state
of ntpd and the major system events. For a simple reference server, the following minimum message
configuration might be useful: This
configuration lists all clock information and synchronization information. All other events and
messages about peers, system events, and so on, is suppressed. |
logfile logfile | This command specifies the location of an alternative log file to be used instead of the default system syslog facility. This command has the same operation as the -l command line option. |
phone dial1 dial2 ... | This command is used with the ACTS modem driver (type 18). The arguments consist of a maximum of 10 telephone numbers that are used to dial USNO, NIST, or European time services. The Hayes command ATDT is normally added as a prefix to the number, which can contain other modem control codes as well. |
setvar
variable [default ] |
This command creates a new system variable. These variables can be used to
distribute additional information such as the access policy. If the variable of the form name =
value is followed by the default keyword, the variable is listed as part of the default system
variables (ntpq rv command). These additional variables serve informational purposes only. They are
not related to the protocol other that they can be listed. The known protocol variable overrides any
variables that are defined by using the setvar mechanism. The names of all the
variables in one group are contained in three unique variables. The sys_var_list
holds the names of all system variables. The peer_var_list holds the names of all
peer variables and the clock_var_list holds the names of the reference clock
variables. |
tinker [ allan allan | dispersion dispersion | freq freq | huffpuff huffpuff | panic panic | step step | stepout stepout ] | This command can be used to alter several system variables in exceptional
circumstances. It must occur in the configuration file before any other configuration options. The
default values of these variables are carefully optimized for a wide range of network speeds and
reliability expectations. In general, they interact in intricate ways that are hard to predict and
some combinations can result in some nasty behavior. The default values needs to be changed rarely.
Following are the options that can be used with the tinker command:
|
trap host_address [port port_number] [interface interface_address] | This command configures a trap receiver at the host address that is provided and port number for sending messages with the specified local interface address. If the port number is unspecified, a value of 18447 is used. If the interface address is not specified, the message is sent with a source address of the local interface the message is sent through. On a multihomed host the interface that is used might vary from time to time with routing changes. The trap receiver generally logs event messages and other information from the server in a log file. While such monitor programs might also request their own trap dynamically, configuring a trap receiver ensures that no messages are lost when the server is started. |
ttl hop ... | This command specifies a list of TTL values in increasing order. up to 8 values can be specified. In manycast mode, these values are used in turn in an expanding-ring search. The default is eight multiples of 32 starting at 31. |
Files
- /etc/ntp.conf
- Specifies the path to the file.