Bad administrators don't pay attention to the date and time of servers until the have to correlate the logs due to some kind of incident and they realize there are differences between them.
If you don't want the forensics analysis to made you crazy, then you have to think about synchronizing the servers time using NTP (Network Time Protocol).
In this article, I'll show you how easy is this task with openntpd.
First of all, let's understand how it works: a client gets the time from a server using NTP, which works over UDP, and changes its time accordingly (just an small portion every time if the difference is too big).
Second, openntpd can be configured as a client, as a server or both. You can install it on all your servers (as clients by default) and they will synchronize with some time servers on Internet. However, I don't recommend you this configuration, for a lot of packets will go to Internet, taking some bandwidth and, in addition, this will depend on the port udp/123 to be opened, which may not work if there is a firewall or proxy.
Third, you may want to have a time server on your local network, so all the other servers will act as clients of this one, which in turn will act as the only client of the time servers on Internet.
SERVER CONFIGURATION
In my case, I'm using a Linux Debian 7.0 wheezy box.
Install the openntpd package:
apt-get install openntpd
Edit the configuration file /etc/openntpd/ntpd.conf and add the following line after all the other lines beginning with "listen on", which are commented (by default openntpd isn't executed as a server, thus you have to tell it to listen on some network interface):
listen on x.x.x.x
Substitute x.x.x.x for the IP address of the interface you want the daemon to listen on. I don't recommend you to use the wildcard * to listen on any interface, unless your server has got only one.
You'll see there many lines beginning with "servers". These tell the daemon where to connect to get the time to synchronize.
Now restart the service:
service openntpd restart
And look in the file /var/log/syslog for the line containing "listening on x.x.x.x" and many lines containing "adjusting local clock by" followed by an amount of seconds.
After a while, your server will be almost synchronized and then you can use it for your local network.
CLIENTS CONFIGURATION
For the clients I'm using a Linux Debian 6.0 squeeze box. In this case, the package openntpd is located in the backports repository, so I had to add it to the /etc/apt/sources.list before proceeding with the installation.
Once installed, open the configuration file /etc/openntpd/ntpd.conf and comment all the lines beginning with "server" or "servers". Then, add a line similar to this after the line "server ntp.example.org", which is commented:
server x.x.x.x
Substitute x.x.x.x for the IP address of the server you already configured.
Now restart the service and watch the syslog. You have to see a message like "ntp engine ready" and after it you may see a line containing "reply from x.x.x.x: not synced, next query" followed by a number of seconds. This means that your server is not still synchronized itself so it won't tell you the right time. After the number of seconds indicated, the client will retry.
Once your server is ready to accept requests, you'll see in the client's syslog a line containing "peer x.x.x.x now valid" and then "adjusting local clock by" from time to time.
Can you please help me?
ReplyDeleteI am have been trying to get NTP working on all my servers, but none of them ever syncronize with anything. So I tried your tutorial to install open ntpd. It does not appear to be working.
In my syslog, it says "ntp engine ready" but the time is still bad and there are a bunch of "bad peer from" lines in syslog too. I enabled 192.168.2.51 , 127.0.0.1 and ::1.
Hi there,
DeleteDid you change anything after installing it? If not, your servers will try to synchronize with default global servers on Internet, so first of all, check if they have access to them through the 123/udp port.
You might as well paste here the contents of your ntpd.conf file in /etc/openntpd.
Please add this information for further assistance.
Thanks,
Sergio