I just want to preface by saying that I am still learning linux and don't have too much experience with it.
My job requires me to monitor an alert system for our clients hosts that are running our product.
I just received an alert regarding NTP that confused me a bit so I was hoping someone here can help me clarify it.
The alert was for the NTP offset of a particular host. That's fine, just go and resync to the NTP server. However, turns out that there is no NTP server defined in the config file and is not even running when I go to stop it:
"ntpd: unrecognised service"
However, this check has been running for a while and only alerted today.
So my question is, if there is no NTP server defined for that host and NTP is not even running, what triggered the alert? I mean, if the alert is only supposed to go off when the offset is large, how can there be an offset if there is no server defined to be compared to?
The alert even specifies an exact time in seconds, and it's updating. So It's comparing itself to something, right?
I've tried to look online for an answer but nothing is clicking with me. Any help would be great.
Best Answer
But, before we continue, let's check the state of the ntp daemon synchronization. On that host, run:
Does this returns anything?
If it does, it looks to me that you had executed this command to stop the service:
And you've received the following message:
Well, in that case, you might try to stop the
ntpservice (no "d" on the end), like this:If that doesn't work, list what ntp* services you have on the initd dir:
If you don't have any ntp, ntpd or ntpdate service, than you have to install it.
The
servicecommand is only valid for CentOS. For other linux flavours, replace it with/etc/init.d/ntpd stopand/etc/init.d/ntp stop.