ntp check expansion thoughts

Tracy Di Marco White gendalia at iastate.edu
Tue Jan 24 17:15:46 CET 2006


We're a kerberos based shop, which means everything authenticating 
to kerberos needs to be within 5 minutes of our kerberos server's
clock.  We recently had problems with a few important servers having
severe time keeping problems, as well as two of our time servers not
keeping sync because of multiprocessor issues.  For a lot of our
servers it'd be nice to warn if time is more than a minute or two
out from our reference clock on the kerberos servers, and go red at
four or five minutes out.  But it'd also be nice to have a warning
if our central time servers are having problems keeping sync, or
having other problems (I'm not intimately familiar with ntp, so I'm
not sure what problems those could be).

I think the ntp check right now only checks that ntp is running.
It would be nice to check that there's a valid sys.peer, and maybe
some number of acceptable candidates, maybe that the offset and
jitter are within some reasonable parameters for the peers/servers.

I'm mostly just thinking about implementing something like this
at the moment, maybe someone already has this, or maybe there's
a better way to think about this, so I'd appreciate input on it.

Tracy J. Di Marco White
Information Technology Services
Iowa State University



More information about the Xymon mailing list