frustration with NTP logging [SOLVED]

Dean S. Messing deanm at sharplabs.com
Thu Dec 27 08:54:31 UTC 2007 

Cameron Simpson writes:
: On 26Dec2007 22:45, Dean S. Messing <deanm at sharplabs.com> wrote:
: | When I start `ntpd' (service ntpd start)
: | messages like the following are inserted in /var/log/messages:

<snip>

: | Instead, I would like to get these to go into "/var/log/ntplog".  But
: | try as I might, I've failed miserably and am ready to go bang my head
: | against the wall.
: | 
: | What is the Magick Solution?!?
: | 
: | Here's what I've tried:
: | 
: | I changed 
: | 
: | *.info;mail.none;authpriv.none;cron.none     	/var/log/messages
: | to 
: | *.info;mail.none;authpriv.none;cron.none;ntpd.none  	/var/log/messages
: | 
: | and added
: | 
: | # Log all the ntpd messages in one place.
: | ntpd.*					/var/log/ntplog
: | 
: | in "/etc/syslog.conf" and restarted `syslogd' (making sure there that
: | "/var/log/ntplog" exists.)  Then I stopped and started `ntpd'.
: | 
: | Nada!  I now get no messages anywhere.
: | 
: | I then tried adding
: | 
: | logfile /var/log/ntplog
: | logconfig =all    # log all messages 
: | 
: | to "/etc/ntp.conf" and restarted ntpd.
: | 
: | I now get some _other_ diagnostic messages in "/var/log/ntplog",
: | messages like:

<snip>

: | But I don't get the "Listening" messages anywhere.  Finally, leaving
: | the above "logfile" lines in "/etc/ntp.conf" I tried putting
: | "syslog.conf" back the way it was to start with (no references to
: | `ntpd').
: | 
: | 
: | Now the "Listening" lines are going back into "/var/log/messages".
: 
: Two things.
: 
: 1: Your ntp.conf file changes merely ADDED file-based logging to ntpd.
: So ntpd is now logging some stuff to your file.
: In ADDITION, ntpd logs to the syslog.
: 
: 2: Syslog is very primitive.
: Those x.y fields are a "facility" and a "priority".
: Have a quick glance at the file /usr/include/sys/syslog.h for
: editification. In short, the facilities are predefine (kern, user, etc)
: and the priorities are predefined.
: Importantly, the facility is _not_ the program name.
: 
: So for ntpd you want to know what facility it uses, and what priority
: the various messages are. Then you can tune things somewhat.
: But "ntpd.none" does nothing (I'm surprised it doesn't get an error
: message) because "ntpd" is not a facility name.

Thanks Cameron.  Your remarks in (2) led me to a solution.
Shortly after I wrote the above, I noticed that `syslogd'
had stopped logging entirely.  Your remarks prompted me to
go read the syslog.conf man page regarding "facilities" and,
to run syslogd from the CLI with debugging turned on.  It was
throwing an error for the illegal facility!

Your comments in (1) are (I believe) slightly in error, at
least according to the ntpd docs.

From:
<file:///usr/share/doc/ntp-4.2.4p2/miscopt.html>

  logfile logfile

     This command specifies the location of an alternate log file to be
     used instead of the default system syslog facility. This is the
     same operation as the -l command line option.

The problem appears to be that ntpd wants to start writing messages
just as soon as its starts---even before it reads its config file.
These go through syslogd.  Then, as soon as it reads the config file
and hits the "logfile" directive, it _redirects_ any future messages
to the logfile.

For grins, I started `ntpd' by hand on the CLI with "-l /var/log/ntplog" and
voila!, all the "Listening" messages ended up in "/var/log/ntplog", as
desired.  Only two lines were put in "messages":

Dec 27 00:14:50 medulla ntpd[21152]: ntpd 4.2.4p2 at 1.1495-o Tue Aug 21 13:58:55 UTC 2007 (1)
Dec 27 00:14:50 medulla ntpd[21152]: logging to file /var/log/ntplog

According to the ntpd man page:

   -l logfile
         Specify the name and path of the log file. The default is
         the  system  log  file. This is the same operation as the
         logfile logfile configuration command.

This is evidently (slightly) in error since the configuration command
is not "the same operation" as the commandline flag.

An interesting aside:  
The messages in /var/log/ntplog begin with: ntpd[21153]

Note that the process number is one greater than the number in
"messages".  Not sure of the significance of this, but it was
happening before, as well.  (I checked.)  Apparently `ntpd' starts,
writes some stuff, then forks, and writes the rest of what it is going
to write.

I've gone into "/etc/sysconfig/ntpd" and modified the OPTIONS
line to include the new flag.  All is working now, accept for
those two lines in messages, which I can live with.

Thanks again.

Dean

More information about the users mailing list