A typical NTP monitoring packet |
1. Manual Pages
2. Table of Contents
3. Synopsis
ntpq
[-46adhinpkwWu
] [-c
command] [host] […]
4. Description
The ntpq
utility program is used to monitor NTP daemon ntpd
operations and determine performance. It uses the standard NTP mode 6
control message formats defined in Appendix B of the NTPv3 specification
RFC 1305. The same formats are used in NTPv4, although some of the
variable names have changed, and new ones added. The description on this
page is for the NTPv4 variables.
The program can be run either in interactive mode or controlled using command line arguments. Requests to read and write arbitrary variables can be assembled, with raw and pretty-printed output options being available. It can also obtain and print a list of peers in a common format by sending multiple queries to the server.
If one or more request options are included on the command line when
ntpq
is executed, each of the requests will be sent to the NTP servers
running on each of the hosts given as command line arguments, or on
localhost by default. If no request options are given, ntpq
will
attempt to read commands from the standard input and execute these on
the NTP server running on the first host given on the command line,
again defaulting to localhost when no other host is specified. ntpq
will prompt for commands if the standard input is a terminal device.
ntpq
uses NTP mode 6 packets to communicate with the NTP server, and
hence can be used to query any compatible server on the network which
permits it. Note that since NTP is a UDP protocol this communication
will be somewhat unreliable, especially over large distances in terms of
network topology. ntpq
makes one attempt to retransmit requests and
will time requests out if the remote host is not heard from within a
suitable timeout time.
Note that in contexts where a host name is expected, a -4
qualifier
preceding the host name forces DNS resolution to the IPv4 namespace,
while a -6
qualifier forces DNS resolution to the IPv6 namespace.
For examples and usage, see the NTP Debugging Techniques page.
For a simpler near-real-time monitor, see ntpmon(1).
5. Options
Command line options are described following. Specifying the command line
options -c
or -p
will cause the specified query (queries) to be sent
to the indicated host(s) immediately. Otherwise, ntpq
will attempt to
read interactive format commands from the standard input.
-4
,--ipv4
-
Force DNS resolution of following host names on the command line to the IPv4 namespace.
-6
,--ipv6
-
Force DNS resolution of following host names on the command line to the IPv6 namespace.
-a
num,--authentication
=num-
Enable authentication with the numbered key.
-c
cmd,--command
=cmd-
The following argument is interpreted as an interactive format command and is added to the list of commands to be executed on the specified host(s). Multiple
-c
options may be given. -d
,--debug
-
Increase debugging level by 1.
-D
num,--set-debug-level
=num-
The debug level is set to the following integer argument.
-l
filename,--logfile
=filename-
Log debugging output to the specified file.
-h
,--help
-
Print a usage message summarizing options end exit.
-n
,--numeric
-
Output all host addresses in numeric format rather than converting to the canonical host names. You may get hostnames anyway for peers in the initialization phase before DNS has resolved the peer name.
-s
,--srcname
-
Output host addresses by: Names passed to ntpd, then names reverse resolved from addresses and finally, IP addresses themselves
-S
,--srcnumber
-
Output host addresses by: Names passed to ntpd, then IP addresses themselves
-p
,--peers
-
Print a list of the peers known to the server as well as a summary of their state; this is equivalent to the
peers
interactive command. The refid field is as described under "Event Messages and Status Words" in the NTP documentation on the Web. -k
filename,--keyfile
=filename-
Specify a keyfile. ntpq will look in this file for the key specified with -a.
-V
,--version
-
Print the version string and exit.
-w
,--wide
-
Wide mode: if the host name or IP Address doesn’t fit, write the full name/address and indent the next line, so columns line up. The default truncates the name or address.
-W
num,--width
=num-
Force the terminal width. Only relevant for composition of the peers display.
-u
,--units
-
Display timing information with units.
6. Internal Commands
Interactive format commands consist of a keyword followed by zero to
four arguments. Only enough characters of the full keyword to uniquely
identify the command need be typed. The output of a command is normally
sent to the standard output, but optionally the output of individual
commands may be sent to a file by appending a >
, followed by a file
name, to the command line. Some interactive format commands are
executed entirely within the ntpq
program itself and do not result in
NTP mode 6 requests being sent to a server. These are described
as following.
?
[command_keyword]help
[command_keyword]-
A
?
by itself will print a list of all the command keywords known tontpq
. A?
followed by a command keyword will print function and usage information about the command. addvars
name [ = value] […];rmvars
name […];clearvars
-
The arguments to this command consist of a list of items of the form
name = value
, where the= value
is ignored and can be omitted in read requests.ntpq
maintains an internal list in which data to be included in control messages can be assembled and sent using thereadlist
andwritelist
commands described below. Theaddvars
command allows variables and optional values to be added to the list. If more than one variable is to be added, the list should be comma-separated and not contain white space. Thermvars
command can be used to remove individual variables from the list, while theclearlist
command removes all variables from the list. authenticate
[yes | no]-
Normally
ntpq
does not authenticate requests unless they are write requests. The commandauthenticate yes
causesntpq
to send authentication with all requests it makes. Authenticated requests causes some servers to handle requests slightly differently. The commandauthenticate
without arguments causesntpq
to display whether or notntpq
is currently authenticating requests. cooked
-
Display server messages in prettyprint format.
debug more | less | off
-
Turns internal query program debugging on and off.
noflake
- +doflake probability
-
Disables or enables the dropping of control packets by ntpq for testing. Probabilities 0 and 1 should be certainly accepted and discarded respectively. No default, but 0.1 should be a one in ten loss rate.
logfile <stderr> | filename
-
Displays or sets the file for debug logging. <stderr> will send logs to standard error.
delay
milliseconds-
Specify a time interval to be added to timestamps included in requests which require authentication; this is used to enable (unreliable) server reconfiguration over long delay network paths or between machines whose clocks are unsynchronized. The server does not now require timestamps in authenticated requests so that this command may be obsolete.
exit
-
Exit
ntpq
. host
name-
Set the host to which future queries will be sent. The name may be either a DNS name or a numeric address.
hostnames [yes | no]
-
If
yes
is specified, host names are printed in information displays. Ifno
is specified, numeric addresses are printed instead. The default isyes
unless modified using the command line-n
switch. keyid
keyid-
This command specifies the key number to be used to authenticate configuration requests; this must correspond to a key ID configured with the
controlkey
command in the server’sntp.conf
keytype
-
Specify the digest algorithm to use for authenticated requests, with default
MD5
. The keytype must match what the server is expecting for the specified key ID. ntpversion 1 | 2 | 3 | 4
-
Sets the NTP version number which
ntpq
claims in packets. Defaults to 2, Note that mode 6 control messages (and modes, for that matter) didn’t exist in NTP version 1. passwd
-
This command prompts for a password to authenticate requests. The password must match what the server is expecting. Passwords longer than 20 bytes are assumed to be hex encoding.
quit
-
Exit
ntpq
. raw
-
Display server messages as received and without reformatting. The only formatting/interpretation done on the data is to transform non-ASCII data into a printable (but barely understandable) form.
timeout
milliseconds-
Specify a timeout period for responses to server queries. The default is about 5000 milliseconds. Note that since
ntpq
retries each query once after a timeout, the total waiting time for a timeout will be twice the timeout value set. units
-
Toggle whether times in the peers display are shown with units.
version
-
Print the version of the
ntpq
program.
7. Control Message Commands
Association IDs are used to identify system, peer and clock variables.
System variables are assigned an association ID of zero and system name
space, while each association is assigned a nonzero association ID and
peer namespace. Most control commands send a single mode 6 message to
the server and expect a single response message. The exceptions are the
peers
command, which sends a series of messages, and the mreadlist
and mreadvar
commands, which iterate over a range of associations.
associations
-
Display a list of mobilized associations in the form
ind assid status conf reach auth condition last_event cnt
Variable
Description
ind
index on this list
assid
association ID
status
conf
yes
: persistent,no
: ephemeralreach
yes
: reachable,no
: unreachableauth
ok
,yes
,bad
andnone
condition
selection status (see the
select
field of the peer status word)last_event
event report (see the
event
field of the peer status word)cnt
event count (see the
count
field of the peer status word) authinfo
-
Display the authentication statistics.
clockvar
assocID [name [ = value […] ][…]cv
assocID [name [ = value […] ][…]-
Display a list of clock variables for those associations supporting a reference clock.
:config […]
-
Send the remainder of the command line, including whitespace, to the server as a run-time configuration command in the same format as the configuration file. This command is experimental until further notice and clarification. Authentication is of course required.
config-from-file
filename-
Send each line of filename to the server as run-time configuration commands in the same format as the configuration file. This command is experimental until further notice and clarification. Authentication is required.
ifstats
-
Display statistics for each local network address. Authentication is required.
iostats
-
Display network and reference clock I/O statistics.
kerninfo
-
Display kernel loop and PPS statistics. As with other ntpq output, times are in milliseconds. The precision value displayed is in milliseconds as well, unlike the precision system variable.
lassociations
-
Perform the same function as the associations command, except display mobilized and unmobilized associations.
lpeers
[-4
|-6
]-
Print a peer spreadsheet for the appropriate IP version(s). dstadr (associated with any given IP version).
monstats
-
Display monitor facility statistics.
direct
-
Normally, the mrulist command retrieves an entire MRU report (possibly consisting of more than one MRU span), sorts it, and presents the result. But attempting to fetch an entire MRU report may fail on a server so loaded that none of its MRU entries age out before they are shipped. With this option, each segment is reported as it arrives.
mrulist
[limited
|kod
|mincount=
count |mindrop=
drop |minscore=
score |maxlstint=
seconds |minlstint=
seconds |laddr=
localaddr |sort=
sortorder |resany=
hexmask |resall=
hexmask |limit=
limit |addr.
num=
address]-
Obtain and print traffic counts collected and maintained by the monitor facility. This is useful for tracking who uses or abuses your server.
Except for
sort=
sortorder, the options filter the list returned byntpd
. Thelimited
andkod
options return only entries representing client addresses from which the last packet received triggered either discarding or a KoD response. theaddr.
num=
option adds specific addresses to retrieve whenlimit=
1. Values of 0 to 15 are supported for num. Also, used internally withlast.
num=
hextime to select the starting point for retrieving continued response. thefrags=
frags option limits the number of datagrams (fragments) in response. Used by newer ntpq versions instead of limit= when retrieving multiple entries. Thelimit=
option limits the MRU entries returned per response. limit=1 is a special case: Instead of fetching beginning with the supplied starting points (provided by a last.x and addr.x where 0 ⇐ x ⇐ 15, default the beginning of time) newer neighbor, fetch the supplied entries. This enables fetching multiple entries from given IP addresses (provided by addr.x= entries where 0 ⇐ x ⇐ 15). When limit is not one and frags= is provided, the fragment limit controls. NOTE: a single mrulist command may cause many query/response rounds allowing limits as low as 3 to potentially retrieve thousands of entries in responses. Themincount=
count option filters out entries that have received less than count packets. Themindrop=
drop option filters out entries that have dropped less than drop packets. Theminscore=
score option filters out entries with a score less than score. Themaxlstint=
seconds option filters out entries where no packets have arrived within seconds. Theminlstint=
seconds option filters out entries with a packet has arrived within seconds. Theladdr=
localaddr option filters out entries for packets received on any local address other than localaddr.resany=
hexmask andresall=
hexmask filter entries containing none or less than all, respectively, of the bits in hexmask, which must begin with0x
.The sortorder defaults to
lstint
and may be any ofaddr
,count
,avgint
,lstint
,score
,drop
or any of those preceded by a minus sign (hyphen) to reverse the sort order. The output columns are:
Column |
Description |
|
Interval in s between the receipt of the most recent packet from this
address and the completion of the retrieval of the MRU list by |
|
Average interval in s between packets from this address. |
|
Restriction flags associated with this address. Most are copied
unchanged from the matching |
|
Rate control indicator, either a period, |
|
Packet mode. |
|
Packet version number. |
|
Packets received from this address. |
|
Packets per second (averaged with exponential decay). |
|
Packets dropped (or KoDed) from this address. |
|
Source port of last packet from this address. |
|
DNS name, numeric address, or address followed by claimed DNS name which could not be verified in parentheses. |
mreadvar
assocID assocID [ variable_name [ = value[ … ]mrv
assocID assocID [ variable_name [ = value[ … ]-
Perform the same function as the
readvar
command, except for a range of association IDs. This range is determined from the association list cached by the most recentassociations
command. opeers
-
Obtain and print the old-style list of all peers and clients showing dstadr (associated with any given IP version), rather than the refid.
passociations
-
Perform the same function as the
associations command
, except that it uses previously stored data rather than making a new query. peers
-
Display a list of peers in the form
tally remote refid st t when pool reach delay offset jitter
Variable |
Description |
|
single-character code indicating current value of the |
|
host name (or IP number) of peer |
|
association ID or kiss code |
|
stratum |
|
|
|
sec/min/hr since last received packet |
|
poll interval (log2 s) |
|
reach shift register (octal) |
|
roundtrip delay |
|
offset of server relative to this host |
|
jitter |
The tally code is one of the following:
Code |
Description |
discarded as not valid |
|
|
discarded by intersection algorithm |
|
discarded by table overflow (not used) |
|
discarded by the cluster algorithm |
|
included by the combine algorithm |
|
backup (more than |
|
system peer |
|
PPS peer (when the prefer peer is valid) |
apeers
-
Display a list of peers in the form:
[tally]remote refid assid st t when pool reach delay offset jitter
where the output is just like the
peers
command except that therefid
is displayed in hex format and the association number is also displayed. rpeers
-
Display a list of peers in the form
st t when pool reach delay offset jitter refid tally remote
pstats
assocID-
Show the statistics for the peer with the given assocID.
readvar
assocID [ name ] [,…]rv
assocID [ name ] [,…]-
Display the specified variables. If
assocID
is zero, the variables are from the system variables name space, otherwise they are from the peer variables name space. TheassocID
is required, as the same name can occur in both spaces. If noname
is included, all operative variables in the name space are displayed. In this case only, if theassocID
is omitted, it is assumed zero. Multiple names are specified with comma separators and without whitespace. Note that time values are represented in milliseconds and frequency values in parts-per-million (PPM). Some NTP timestamps are represented in the format YYYYMMDDTTTT, where YYYY is the year, MM the month of the year, DD the day of the month and TTTT the time of day. reslist
-
Show the access control (restrict) list for
ntpq
. timerstats
-
Display interval timer counters.
writelist
assocID-
Write the system or peer variables included in the variable list.
writevar
assocID name = value [,…]-
Write the specified variables. If the
assocID
is zero, the variables are from the system variables name space, otherwise they are from the peer variables name space. TheassocID
is required, as the same name can occur in both spaces. sysinfo
-
Display operational summary.
sysstats
-
Print statistics counters maintained in the protocol module. Note that the relationships among these counters can look unlikely because packets can get flagged for inclusion in exception statistics in more than one way, for example by having both a bad length and an old version.
ntsinfo
-
Display a summary of the NTS state, including both the the NTS client and NTS server components. Note that the format of the output text may change as this feature is developed. This command is experimental until further notice and clarification.
8. Authentication
Four commands require authentication to the server: config-from-file, config, ifstats, and reslist. An authkey file must be in place and a control key declared in ntp.conf for these commands to work.
If you are running as root or otherwise have read access to the authkey and ntp.conf file, ntpq will mine the required credentials for you. Otherwise, you will be prompted to enter a key ID and password.
Credentials once entered, are retained and used for the duration of your ntpq session.
9. Status Words and Kiss Codes
The current state of the operating program is shown in a set of status
words maintained by the system and each association separately. These
words are displayed in the rv
and as
commands both in hexadecimal
and decoded short tip strings. The codes, tips, and short explanations
are on the Event Messages and Status Words page. The
page also includes a list of system and peer messages, the code for the
latest of which is included in the status word.
Information resulting from protocol machine state transitions is displayed using an informal set of ASCII strings called kiss codes. The original purpose was for kiss-o'-death (KoD) packets sent by the server to advise the client of an unusual condition. They are now displayed, when appropriate, in the reference identifier field in various billboards.
10. System Variables
The following system variables appear in the rv
billboard. Not all
variables are displayed in some configurations.
Variable |
Description |
|
|
|
NTP software version and build time |
|
hardware platform and version |
|
operating system and version |
|
leap warning indicator (0-3) |
|
stratum (1-15) |
|
precision (log2 s) |
|
total roundtrip delay to the primary reference clock |
|
total dispersion to the primary reference clock |
|
system peer association ID |
|
time constant and poll exponent (log2 s) (3-17) |
|
minimum time constant (log2 s) (3-10) |
|
date and time of day |
|
reference ID or kiss code |
|
reference time |
|
combined offset of server relative to this host |
|
combined system jitter |
|
frequency offset (PPM) relative to hardware clock |
|
clock frequency wander (PPM) |
|
clock jitter |
|
TAI-UTC offset (s) |
|
NTP seconds when the next leap second is/was inserted |
|
NTP seconds when the NIST leapseconds file expires |
The jitter and wander statistics are exponentially-weighted RMS averages. The system jitter is defined in the NTPv4 specification; the clock jitter statistic is computed by the clock discipline module.
11. Peer Variables
The following peer variables appear in the rv
billboard for each
association. Not all variables are displayed in some configurations.
Variable |
Description |
|
association ID |
|
|
|
source (remote) IP address and port |
|
destination (local) IP address and port |
|
leap indicator (0-3) |
|
stratum (0-15) |
|
precision (log2 s) |
|
total roundtrip delay to the primary reference clock |
|
total root dispersion to the primary reference clock |
|
reference ID or kiss code |
|
reference time |
|
reach register (octal) |
|
unreach counter |
|
host mode (1-6) |
|
peer mode (1-5) |
|
host poll exponent (log2 s) (3-17) |
|
peer poll exponent (log2 s) (3-17) |
|
headway (see Rate Management and the Kiss-o'-Death Packet) |
|
|
|
filter offset |
|
filter delay |
|
filter dispersion |
|
filter jitter |
|
fudge for asymmetric links/paths |
12. Clock Variables
The following clock variables appear in the cv
billboard for each
association with a reference clock. Not all variables are displayed in
some configurations.
Variable |
Description |
|
association ID |
|
|
|
device description |
|
ASCII time code string (specific to device) |
|
poll messages sent |
|
no reply |
|
bad format |
|
bad date or time |
|
fudge time 1 |
|
fudge time 2 |
|
driver stratum |
|
driver reference ID |
|
driver flags |
13. Compatibility
When listing refids, addresses of the form 127.127.x.x are no longer
automatically interpreted as local refclocks as in older versions of
ntpq
. Instead, a clock-format display is requested by the NTPsec
daemon when appropriate (by setting the srcaddr peer variable). This
means that when used to query legacy versions of ntpd, which do not
know how to request this, this program will do a slightly wrong thing.
In older versions, the type variable associated with a reference clock was a numeric driver type index. It has been replaced by name, a shortname for the driver type.
In older versions, no count of control packets was listed under sysstats.
The -O
(--old-rv
) option of legacy versions has been retired.
14. Known Limitations
It is possible for a ":config unpeer" command to fail silently, yielding "Config Succeeded", if it is given a peer identifier that looks like a driver type name or a hostname not present in the peer list. The error will, however, be reported in the system log.
The config command cannot be used to change a server’s default restrictions.
Under some circumstances python 2 cannot emit unicode. When true, the display of units is downgraded to non-unicode alternatives. One place a user is likely to encounter this is when diverting output through a pipe. Attempts have been made to force the use of UTF-8, all of which break the command history feature.
When using the -u option, very old xterms may fail to render μ correctly. If this happens, be sure your xterm is started with the -u8 option, or the utf8 resource', and that your console font contains the UTF-8 μ character. Also confirm your LANG environment variable is set to a UTF-8 language, like this: "export LANG=en_US.utf8".
Timestamp interpretation in this program is likely to fail in flaky ways if the local system clock has not already been approximately synchronized to UTC. Querying a server based in a different NTP era than the current one is especially likely to fail.
This program will behave in apparently buggy and only semi-predictable ways when fetching MRU lists from any server with sufficiently high traffic.
The problem is fundamental. The Mode 6 protocol can’t ship (and your client cannot accept) MRU records as fast as the daemon accepts incoming traffic. Under these circumstances, the daemon will repeatedly fail to ship an entire report, leading to long hangs as your client repeatedly re-sends the request. Eventually the Mode 6 client library will throw an error indicating that a maximum number of restarts has been exceeded.
To avoid this problem, avoid monitoring over links that don’t have enough capacity to handle the monitored server’s entire NTP load.
You may be able to retrieve partial data in very high-traffic conditions by using the direct option.