NTP Synchronisation Monitoring

Accurate time synchronisation is crucial for server operations, affecting everything from log correlation to certificate validation. Server Scout's NTP synchronisation monitoring helps you ensure your servers maintain precise time across your infrastructure.

Why Time Synchronisation Matters

Proper time synchronisation is essential for several critical server functions:

  • Log correlation: Accurately timestamped logs across multiple servers enable effective troubleshooting and security analysis
  • Certificate validation: SSL/TLS certificates rely on accurate system time for validity checks
  • Distributed systems: Microservices, databases, and clustering solutions require synchronised clocks
  • Cron job accuracy: Scheduled tasks depend on correct system time for proper execution
  • Authentication protocols: Kerberos and other time-sensitive authentication mechanisms

Enabling NTP Sync Monitoring

To monitor NTP synchronisation status in Server Scout, enable the ntp_sync metric in your agent configuration:

  1. Edit your Server Scout agent configuration file (typically /opt/scout-agent/agent.conf)
  1. Add or uncomment the NTP sync metric:

`` metrics=cpu,memory,disk,network,ntp_sync ``

  1. Restart the Server Scout agent:

``bash sudo systemctl restart scout-agent ``

The agent will begin reporting synchronisation status within the next monitoring cycle.

How Server Scout Checks Sync Status

Server Scout's agent intelligently detects your system's time synchronisation method and uses the appropriate command:

Modern Systems (systemd-timesyncd)

On systems using systemd-timesyncd, the agent executes:

timedatectl status

The agent parses the output to determine if "NTP synchronized" shows "yes" and checks the "System clock synchronized" status.

Chrony-based Systems

For servers running chronyd, the agent uses:

chronyc tracking

This command provides detailed synchronisation information, including reference time, system time accuracy, and sync status.

The agent automatically detects which time service is active and uses the appropriate checking method, ensuring compatibility across different Linux distributions and configurations.

Viewing Sync Status

Once enabled, NTP synchronisation status appears prominently on your server's detail page in the Server Scout dashboard. The display shows:

  • Sync status: Clear indication of whether time synchronisation is working
  • Time source: The NTP server or time source currently in use
  • Last sync: When synchronisation last occurred
  • Offset: Current time offset from the reference source

A green indicator shows successful synchronisation, whilst red alerts you to synchronisation failures requiring attention.

Troubleshooting Common NTP Issues

Firewall Blocking UDP Port 123

NTP communication occurs over UDP port 123. If synchronisation fails, check firewall rules:

# Check if port 123 is blocked
sudo iptables -L | grep 123

# Allow NTP traffic (iptables)
sudo iptables -A OUTPUT -p udp --dport 123 -j ACCEPT

# For firewalld systems
sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --reload

Misconfigured Time Servers

Verify your NTP server configuration:

For systemd-timesyncd, check /etc/systemd/timesyncd.conf:

sudo nano /etc/systemd/timesyncd.conf

Ensure reliable NTP servers are configured:

[Time]
NTP=0.pool.ntp.org 1.pool.ntp.org

For chrony, examine /etc/chrony/chrony.conf:

sudo nano /etc/chrony/chrony.conf

Choosing Between Chrony and systemd-timesyncd

systemd-timesyncd is suitable for most standard servers with stable network connections. It's lightweight and integrated with systemd.

Chrony offers superior performance for:

  • Servers with intermittent network connectivity
  • Systems requiring high precision time synchronisation
  • Environments with strict timing requirements

To switch from systemd-timesyncd to chrony:

sudo systemctl disable systemd-timesyncd
sudo apt install chrony
sudo systemctl enable chronyd
sudo systemctl start chronyd

Regular monitoring of NTP synchronisation through Server Scout ensures your infrastructure maintains accurate time, preventing the cascading issues that clock drift can cause across your server environment.

Frequently Asked Questions

How do I enable NTP synchronisation monitoring in ServerScout?

To enable NTP sync monitoring, edit your ServerScout agent configuration file (typically `/opt/scout-agent/agent.conf`), add `ntp_sync` to the metrics line like `metrics=cpu,memory,disk,network,ntp_sync`, then restart the agent with `sudo systemctl restart scout-agent`. The agent will begin reporting synchronisation status within the next monitoring cycle.

How does ServerScout check NTP synchronisation status?

ServerScout automatically detects your system's time synchronisation method and uses the appropriate command. For systemd-timesyncd systems, it runs `timedatectl status` to check if NTP synchronized shows 'yes'. For chrony-based systems, it uses `chronyc tracking` to get detailed synchronisation information including reference time and sync status.

What NTP synchronisation information does ServerScout display?

ServerScout shows sync status with clear indicators (green for successful sync, red for failures), the time source or NTP server currently in use, when synchronisation last occurred, and the current time offset from the reference source. All this information appears prominently on your server's detail page in the dashboard.

Why is NTP synchronisation important for servers?

NTP synchronisation is crucial for log correlation across multiple servers, SSL/TLS certificate validation, distributed systems like microservices and databases, accurate cron job execution, and time-sensitive authentication protocols like Kerberos. Without proper time sync, these critical server functions can fail or behave unpredictably.

How do I fix NTP synchronisation when firewall is blocking it?

NTP uses UDP port 123, so check if your firewall is blocking it with `iptables -L | grep 123`. For iptables, allow traffic with `sudo iptables -A OUTPUT -p udp --dport 123 -j ACCEPT`. For firewalld systems, use `sudo firewall-cmd --add-service=ntp --permanent` followed by `sudo firewall-cmd --reload`.

Should I use chrony or systemd-timesyncd for NTP synchronisation?

systemd-timesyncd is suitable for most standard servers with stable network connections as it's lightweight and systemd-integrated. Chrony offers superior performance for servers with intermittent connectivity, systems requiring high precision synchronisation, or environments with strict timing requirements. ServerScout monitors both automatically.

How do I configure NTP servers for time synchronisation?

For systemd-timesyncd, edit `/etc/systemd/timesyncd.conf` and add reliable NTP servers like `NTP=0.pool.ntp.org 1.pool.ntp.org` under the [Time] section. For chrony, configure servers in `/etc/chrony/chrony.conf`. Always use multiple reliable NTP pool servers for redundancy.

Was this article helpful?

Related Articles