1CHRONYC(1)                        User manual                       CHRONYC(1)
2
3
4

NAME

6       chronyc - command-line interface for chrony daemon
7

SYNOPSIS

9       chronyc [OPTION]... [COMMAND]...
10

DESCRIPTION

12       chronyc is a command-line interface program which can be used to
13       monitor chronyd's performance and to change various operating
14       parameters whilst it is running.
15
16       If no commands are specified on the command line, chronyc will expect
17       input from the user. The prompt chronyc> will be displayed when it is
18       being run from a terminal. If chronyc's input or output are redirected
19       from or to a file, the prompt will not be shown.
20
21       There are two ways chronyc can access chronyd. One is the Internet
22       Protocol (IPv4 or IPv6) and the other is a Unix domain socket, which is
23       accessible locally by the root or chrony user. By default, chronyc
24       first tries to connect to the Unix domain socket. The compiled-in
25       default path is /run/chrony/chronyd.sock. If that fails (e.g. because
26       chronyc is running under a non-root user), it will try to connect to
27       127.0.0.1 and then ::1.
28
29       Only the following monitoring commands, which do not affect the
30       behaviour of chronyd, are allowed from the network: activity, manual
31       list, rtcdata, smoothing, sourcename, sources, sourcestats, tracking,
32       waitsync. The set of hosts from which chronyd will accept these
33       commands can be configured with the cmdallow directive in the chronyd's
34       configuration file or the cmdallow command in chronyc. By default, the
35       commands are accepted only from localhost (127.0.0.1 or ::1).
36
37       All other commands are allowed only through the Unix domain socket.
38       When sent over the network, chronyd will respond with a ‘Not
39       authorised’ error, even if it is from localhost.
40
41       Having full access to chronyd via chronyc is more or less equivalent to
42       being able to modify the chronyd's configuration file and restart it.
43

OPTIONS

45       -4
46           With this option hostnames will be resolved only to IPv4 addresses.
47
48       -6
49           With this option hostnames will be resolved only to IPv6 addresses.
50
51       -n
52           This option disables resolving of IP addresses to hostnames, e.g.
53           to avoid slow DNS lookups. Long addresses will not be truncated to
54           fit into the column.
55
56       -N
57           This option enables printing of original hostnames or IP addresses
58           of NTP sources that were specified in the configuration file, or
59           chronyc commands. Without the -n and -N option, the printed
60           hostnames are obtained from reverse DNS lookups and can be
61           different from the specified hostnames.
62
63       -c
64           This option enables printing of reports in a comma-separated values
65           (CSV) format. Reverse DNS lookups will be disabled, time will be
66           printed as number of seconds since the epoch, and values in seconds
67           will not be converted to other units.
68
69       -d
70           This option enables printing of debugging messages if chronyc was
71           compiled with debugging support.
72
73       -m
74           Normally, all arguments on the command line are interpreted as one
75           command. With this option multiple commands can be specified. Each
76           argument will be interpreted as a whole command.
77
78       -h host
79           This option specifies the host to be contacted by chronyc. It can
80           be specified with a hostname, IP address, or path to the local Unix
81           domain socket. Multiple values can be specified as a
82           comma-separated list to provide a fallback.
83
84           The default value is /run/chrony/chronyd.sock,127.0.0.1,::1, i.e.
85           the host where chronyc is being run. First, it tries to connect to
86           the Unix domain socket and if that fails (e.g. due to running under
87           a non-root user), it will try to connect to 127.0.0.1 and then ::1.
88
89       -p port
90           This option allows the user to specify the UDP port number which
91           the target chronyd is using for its monitoring connections. This
92           defaults to 323; there would rarely be a need to change this.
93
94       -f file
95           This option is ignored and is provided only for compatibility.
96
97       -a
98           This option is ignored and is provided only for compatibility.
99
100       -v, --version
101           With this option chronyc displays its version number on the
102           terminal and exits.
103
104       --help
105           With this option chronyc displays a help message on the terminal
106           and exits.
107

COMMANDS

109       This section describes each of the commands available within the
110       chronyc program.
111
112   System clock
113       tracking
114           The tracking command displays parameters about the system’s clock
115           performance. An example of the output is shown below.
116
117               Reference ID    : CB00710F (foo.example.net)
118               Stratum         : 3
119               Ref time (UTC)  : Fri Jan 27 09:49:17 2017
120               System time     : 0.000006523 seconds slow of NTP time
121               Last offset     : -0.000006747 seconds
122               RMS offset      : 0.000035822 seconds
123               Frequency       : 3.225 ppm slow
124               Residual freq   : -0.000 ppm
125               Skew            : 0.129 ppm
126               Root delay      : 0.013639022 seconds
127               Root dispersion : 0.001100737 seconds
128               Update interval : 64.2 seconds
129               Leap status     : Normal
130
131           The fields are explained as follows:
132
133           Reference ID
134               This is the reference ID and name (or IP address) of the server
135               to which the computer is currently synchronised. For IPv4
136               addresses, the reference ID is equal to the address and for
137               IPv6 addresses it is the first 32 bits of the MD5 sum of the
138               address.
139
140               If the reference ID is 7F7F0101 and there is no name or IP
141               address, it means the computer is not synchronised to any
142               external source and that you have the local mode operating (via
143               the local command in chronyc, or the local directive in the
144               configuration file).
145
146               The reference ID is printed as a hexadecimal number. Note that
147               in older versions it used to be printed in quad-dotted notation
148               and could be confused with an IPv4 address.
149
150           Stratum
151               The stratum indicates how many hops away from a computer with
152               an attached reference clock we are. Such a computer is a
153               stratum-1 computer, so the computer in the example is two hops
154               away (i.e. foo.example.net is a stratum-2 and is synchronised
155               from a stratum-1).
156
157           Ref time
158               This is the time (UTC) at which the last measurement from the
159               reference source was processed.
160
161           System time
162               This is the current offset between the NTP clock and system
163               clock. The NTP clock is a software (virtual) clock maintained
164               by chronyd, which is synchronised to the configured time
165               sources and provides time to NTP clients. The system clock is
166               synchronised to the NTP clock. To avoid steps in the system
167               time, which might have adverse consequences for certain
168               applications, the system clock is normally corrected only by
169               speeding up or slowing down (up to the rate configured by the
170               maxslewrate directive). If the offset is too large, this
171               correction will take a very long time. A step can be forced by
172               the makestep command, or the makestep directive in the
173               configuration file.
174
175               Note that all other offsets reported by chronyc and most
176               offsets in the log files are relative to the NTP clock, not the
177               system clock.
178
179           Last offset
180               This is the estimated local offset on the last clock update. A
181               positive value indicates the local time (as previously
182               estimated true time) was ahead of the time sources.
183
184           RMS offset
185               This is a long-term average of the offset value.
186
187           Frequency
188               The ‘frequency’ is the rate by which the system’s clock would
189               be wrong if chronyd was not correcting it. It is expressed in
190               ppm (parts per million). For example, a value of 1 ppm would
191               mean that when the system’s clock thinks it has advanced 1
192               second, it has actually advanced by 1.000001 seconds relative
193               to true time.
194
195           Residual freq
196               This shows the ‘residual frequency’ for the currently selected
197               reference source. This reflects any difference between what the
198               measurements from the reference source indicate the frequency
199               should be and the frequency currently being used.
200
201               The reason this is not always zero is that a smoothing
202               procedure is applied to the frequency. Each time a measurement
203               from the reference source is obtained and a new residual
204               frequency computed, the estimated accuracy of this residual is
205               compared with the estimated accuracy (see ‘skew’ next) of the
206               existing frequency value. A weighted average is computed for
207               the new frequency, with weights depending on these accuracies.
208               If the measurements from the reference source follow a
209               consistent trend, the residual will be driven to zero over
210               time.
211
212           Skew
213               This is the estimated error bound on the frequency.
214
215           Root delay
216               This is the total of the network path delays to the stratum-1
217               computer from which the computer is ultimately synchronised.
218
219           Root dispersion
220               This is the total dispersion accumulated through all the
221               computers back to the stratum-1 computer from which the
222               computer is ultimately synchronised. Dispersion is due to
223               system clock resolution, statistical measurement variations,
224               etc.
225
226               An absolute bound on the computer’s clock accuracy (assuming
227               the stratum-1 computer is correct) is given by:
228
229                   clock_error <= |system_time_offset| + root_dispersion + (0.5 * root_delay)
230
231           Update interval
232               This is the interval between the last two clock updates.
233
234           Leap status
235               This is the leap status, which can be Normal, Insert second,
236               Delete second or Not synchronised.
237
238       makestep, makestep threshold limit
239           Normally chronyd will cause the system to gradually correct any
240           time offset, by slowing down or speeding up the clock as required.
241           In certain situations, the system clock might be so far adrift that
242           this slewing process would take a very long time to correct the
243           system clock.
244
245           The makestep command can be used in this situation. There are two
246           forms of the command. The first form has no parameters. It tells
247           chronyd to cancel any remaining correction that was being slewed
248           and jump the system clock by the equivalent amount, making it
249           correct immediately.
250
251           The second form configures the automatic stepping, similarly to the
252           makestep directive. It has two parameters, stepping threshold (in
253           seconds) and number of future clock updates for which the threshold
254           will be active. This can be used with the burst command to quickly
255           make a new measurement and correct the clock by stepping if needed,
256           without waiting for chronyd to complete the measurement and update
257           the clock.
258
259               makestep 0.1 1
260               burst 1/2
261
262           BE WARNED: Certain software will be seriously affected by such
263           jumps in the system time. (That is the reason why chronyd uses
264           slewing normally.)
265
266       maxupdateskew skew-in-ppm
267           This command has the same effect as the maxupdateskew directive in
268           the configuration file.
269
270       waitsync [max-tries [max-correction [max-skew [interval]]]]
271           The waitsync command waits for chronyd to synchronise.
272
273           Up to four optional arguments can be specified. The first is the
274           maximum number of tries before giving up and returning a non-zero
275           error code. When 0 is specified, or there are no arguments, the
276           number of tries will not be limited.
277
278           The second and third arguments are the maximum allowed remaining
279           correction of the system clock and the maximum allowed skew (in
280           ppm) as reported by the tracking command in the System time and
281           Skew fields. If not specified or zero, the value will not be
282           checked.
283
284           The fourth argument is the interval specified in seconds in which
285           the check is repeated. The interval is 10 seconds by default.
286
287           An example is:
288
289               waitsync 60 0.01
290
291           which will wait up to about 10 minutes (60 times 10 seconds) for
292           chronyd to synchronise to a source and the remaining correction to
293           be less than 10 milliseconds.
294
295   Time sources
296       sources [-a] [-v]
297           This command displays information about the current time sources
298           that chronyd is accessing.
299
300           If the -a option is specified, all sources are displayed, including
301           those that do not have a known address yet. Such sources have an
302           identifier in the format ID#XXXXXXXXXX, which can be used in other
303           commands expecting a source address.
304
305           The -v option enables a verbose output. In this case, extra caption
306           lines are shown as a reminder of the meanings of the columns.
307
308               MS Name/IP address         Stratum Poll Reach LastRx Last sample
309               ===============================================================================
310               #* GPS0                          0   4   377    11   -479ns[ -621ns] +/-  134ns
311               ^? foo.example.net               2   6   377    23   -923us[ -924us] +/-   43ms
312               ^+ bar.example.net               1   6   377    21  -2629us[-2619us] +/-   86ms
313
314           The columns are as follows:
315
316           M
317               This indicates the mode of the source. ^ means a server, =
318               means a peer and # indicates a locally connected reference
319               clock.
320
321           S
322               This column indicates the selection state of the source.
323
324* indicates the best source which is currently selected for
325                   synchronisation.
326
327+ indicates other sources selected for synchronisation,
328                   which are combined with the best source.
329
330- indicates a source which is considered to be selectable
331                   for synchronisation, but not currently selected.
332
333x indicates a source which chronyd thinks is a falseticker
334                   (i.e. its time is inconsistent with a majority of other
335                   sources, or sources specified with the trust option).
336
337~ indicates a source whose time appears to have too much
338                   variability.
339
340? indicates a source which is not considered to be
341                   selectable for synchronisation for other reasons (e.g.
342                   unreachable, not synchronised, or does not have enough
343                   measurements).
344
345
346               The selectdata command can be used to get more details about
347               the selection state.
348
349           Name/IP address
350               This shows the name or the IP address of the source, or
351               reference ID for reference clocks.
352
353           Stratum
354               This shows the stratum of the source, as reported in its most
355               recently received sample. Stratum 1 indicates a computer with a
356               locally attached reference clock. A computer that is
357               synchronised to a stratum 1 computer is at stratum 2. A
358               computer that is synchronised to a stratum 2 computer is at
359               stratum 3, and so on.
360
361           Poll
362               This shows the rate at which the source is being polled, as a
363               base-2 logarithm of the interval in seconds. Thus, a value of 6
364               would indicate that a measurement is being made every 64
365               seconds. chronyd automatically varies the polling rate in
366               response to prevailing conditions.
367
368           Reach
369               This shows the source’s reachability register printed as an
370               octal number. The register has 8 bits and is updated on every
371               received or missed packet from the source. A value of 377
372               indicates that a valid reply was received for all from the last
373               eight transmissions.
374
375           LastRx
376               This column shows how long ago the last good sample (which is
377               shown in the next column) was received from the source.
378               Measurements that failed some tests are ignored. This is
379               normally in seconds. The letters m, h, d or y indicate minutes,
380               hours, days, or years.
381
382           Last sample
383               This column shows the offset between the local clock and the
384               source at the last measurement. The number in the square
385               brackets shows the actual measured offset. This can be suffixed
386               by ns (indicating nanoseconds), us (indicating microseconds),
387               ms (indicating milliseconds), or s (indicating seconds). The
388               number to the left of the square brackets shows the original
389               measurement, adjusted to allow for any slews applied to the
390               local clock since. The number following the +/- indicator shows
391               the margin of error in the measurement. Positive offsets
392               indicate that the local clock is ahead of the source.
393
394       sourcestats [-a] [-v]
395           The sourcestats command displays information about the drift rate
396           and offset estimation process for each of the sources currently
397           being examined by chronyd.
398
399           If the -a option is specified, all sources are displayed, including
400           those that do not have a known address yet. Such sources have an
401           identifier in the format ID#XXXXXXXXXX, which can be used in other
402           commands expecting a source address.
403
404           The -v option enables a verbose output. In this case, extra caption
405           lines are shown as a reminder of the meanings of the columns.
406
407           An example report is:
408
409               Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
410               ===============================================================================
411               foo.example.net            11   5   46m     -0.001      0.045      1us    25us
412
413           The columns are as follows:
414
415           Name/IP Address
416               This is the name or IP address of the NTP server (or peer) or
417               reference ID of the reference clock to which the rest of the
418               line relates.
419
420           NP
421               This is the number of sample points currently being retained
422               for the server. The drift rate and current offset are estimated
423               by performing a linear regression through these points.
424
425           NR
426               This is the number of runs of residuals having the same sign
427               following the last regression. If this number starts to become
428               too small relative to the number of samples, it indicates that
429               a straight line is no longer a good fit to the data. If the
430               number of runs is too low, chronyd discards older samples and
431               re-runs the regression until the number of runs becomes
432               acceptable.
433
434           Span
435               This is the interval between the oldest and newest samples. If
436               no unit is shown the value is in seconds. In the example, the
437               interval is 46 minutes.
438
439           Frequency
440               This is the estimated residual frequency for the server, in
441               parts per million. In this case, the computer’s clock is
442               estimated to be running 1 part in 10^9 slow relative to the
443               server.
444
445           Freq Skew
446               This is the estimated error bounds on Freq (again in parts per
447               million).
448
449           Offset
450               This is the estimated offset of the source.
451
452           Std Dev
453               This is the estimated sample standard deviation.
454
455       selectdata [-a] [-v]
456           The selectdata command displays information specific to the
457           selection of time sources. If the -a option is specified, all
458           sources are displayed, including those that do not have a known
459           address yet. With the -v option, extra caption lines are shown as a
460           reminder of the meanings of the columns.
461
462           An example of the output is shown below.
463
464               S Name/IP Address        Auth COpts EOpts Last Score     Interval  Leap
465               =======================================================================
466               D foo.example.net           Y ----- --TR-    4   1.0   -61ms   +62ms  N
467               * bar.example.net           N ----- -----    0   1.0 -6846us +7305us  N
468               + baz.example.net           N ----- -----   10   1.0 -7381us +7355us  N
469
470           The columns are as follows:
471
472           S
473               This column indicates the state of the source after the last
474               source selection. It is similar to the state reported by the
475               sources command, but more states are reported.
476
477
478               The following states indicate the source is not considered
479               selectable for synchronisation:
480
481N - has the noselect option.
482
483s - is not synchronised.
484
485M - does not have enough measurements.
486
487d - has a root distance larger than the maximum distance
488                   (configured by the maxdistance directive).
489
490~ - has a jitter larger than the maximum jitter (configured
491                   by the maxjitter directive).
492
493w - waits for other sources to get out of the M state.
494
495S - has older measurements than other sources.
496
497O - has a stratum equal or larger than the orphan stratum
498                   (configured by the local directive).
499
500T - does not fully agree with sources that have the trust
501                   option.
502
503x - does not agree with other sources (falseticker).
504
505
506               The following states indicate the source is considered
507               selectable, but it is not currently used for synchronisation:
508
509W - waits for other sources to be selectable (required by
510                   the minsources directive, or the require option of another
511                   source).
512
513P - another selectable source is preferred due to the
514                   prefer option.
515
516U - waits for a new measurement (after selecting a
517                   different best source).
518
519D - has, or recently had, a root distance which is too
520                   large to be combined with other sources (configured by the
521                   combinelimit directive).
522
523
524               The following states indicate the source is used for
525               synchronisation of the local clock:
526
527+ - combined with the best source.
528
529* - selected as the best source to update the reference
530                   data (e.g. root delay, root dispersion).
531
532           Name/IP address
533               This column shows the name or IP address of the source if it is
534               an NTP server, or the reference ID if it is a reference clock.
535
536           Auth
537               This column indicites whether an authentication mechanism is
538               enabled for the source. Y means yes and N means no.
539
540           COpts
541               This column displays the configured selection options of the
542               source.
543
544N indicates the noselect option.
545
546P indicates the prefer option.
547
548T indicates the trust option.
549
550R indicates the require option.
551
552           EOpts
553               This column displays the current effective selection options of
554               the source, which can be different from the configured options
555               due to the authentication selection mode (configured by the
556               authselmode directive). The symbols are the same as in the
557               COpts column.
558
559           Last
560               This column displays how long ago was the last measurement of
561               the source made when the selection was performed.
562
563           Score
564               This column displays the current score against the source in
565               the * state. The scoring system avoids frequent reselection
566               when multiple sources have a similar root distance. A value
567               larger than 1 indicates this source was better than the *
568               source in recent selections. If the score reaches 10, the best
569               source will be reselected and the scores will be reset to 1.
570
571           Interval
572               This column displays the lower and upper endpoint of the
573               interval which was expected to contain the true offset of the
574               local clock considering the root distance at the time of the
575               selection.
576
577           Leap
578               This column displays the current leap status of the source.
579
580N indicates the normal status (no leap second).
581
582+ indicates that a leap second will be inserted at the end
583                   of the month.
584
585- indicates that a leap second will be deleted at the end
586                   of the month.
587
588? indicates the unknown status (i.e. no valid measurement
589                   was made).
590
591       reselect
592           To avoid excessive switching between sources, chronyd can stay
593           synchronised to a source even when it is not currently the best one
594           among the available sources.
595
596           The reselect command can be used to force chronyd to reselect the
597           best synchronisation source.
598
599       reselectdist distance
600           The reselectdist command sets the reselection distance. It is
601           equivalent to the reselectdist directive in the configuration file.
602
603   NTP sources
604       activity
605           This command reports the number of servers and peers that are
606           online and offline. If the auto_offline option is used in
607           specifying some of the servers or peers, the activity command can
608           be useful for detecting when all of them have entered the offline
609           state after the network link has been disconnected.
610
611           The report shows the number of servers and peers in 5 states:
612
613           online
614               the server or peer is currently online (i.e. assumed by chronyd
615               to be reachable)
616
617           offline
618               the server or peer is currently offline (i.e. assumed by
619               chronyd to be unreachable, and no measurements from it will be
620               attempted.)
621
622           burst_online
623               a burst command has been initiated for the server or peer and
624               is being performed; after the burst is complete, the server or
625               peer will be returned to the online state.
626
627           burst_offline
628               a burst command has been initiated for the server or peer and
629               is being performed; after the burst is complete, the server or
630               peer will be returned to the offline state.
631
632           unresolved
633               the name of the server or peer was not resolved to an address
634               yet; this source is not visible in the sources and sourcestats
635               reports.
636
637       authdata [-a]
638           The authdata command displays information specific to
639           authentication of NTP sources. If the -a option is specified, all
640           sources are displayed, including those that do not have a known
641           address yet. An example of the output is shown below.
642
643               Name/IP address             Mode KeyID Type KLen Last Atmp  NAK Cook CLen
644               =========================================================================
645               foo.example.net              NTS     1   15  256 135m    0    0    8  100
646               bar.example.net               SK    30   13  128    -    0    0    0    0
647               baz.example.net                -     0    0    0    -    0    0    0    0
648
649           The columns are as follows:
650
651           Name/IP address
652               This column shows the name or the IP address of the source.
653
654           Mode
655               This column shows which mechanism authenticates NTP packets
656               received from the source. NTS means Network Time Security, SK
657               means a symmetric key, and - means authentication is disabled.
658
659           KeyID
660               This column shows an identifier of the key used for
661               authentication. With a symmetric key, it is the ID from the key
662               file. With NTS, it is a number starting at zero and incremented
663               by one with each successful key establishment using the NTS-KE
664               protocol, i.e. it shows how many times the key establishment
665               was performed with this source.
666
667           Type
668               This columns shows an identifier of the algorithm used for
669               authentication. With a symmetric key, it is the hash function
670               or cipher specified in the key file. With NTS, it is an
671               authenticated encryption with associated data (AEAD) algorithm,
672               which is negotiated in the NTS-KE protocol. The following
673               values can be reported:
674
675               •   1: MD5
676
677               •   2: SHA1
678
679               •   3: SHA256
680
681               •   4: SHA384
682
683               •   5: SHA512
684
685               •   6: SHA3-224
686
687               •   7: SHA3-256
688
689               •   8: SHA3-384
690
691               •   9: SHA3-512
692
693               •   10: TIGER
694
695               •   11: WHIRLPOOL
696
697               •   13: AES128
698
699               •   14: AES256
700
701               •   15: AEAD-AES-SIV-CMAC-256
702
703           KLen
704               This column shows the length of the key in bits.
705
706           Last
707               This column shows how long ago the last successful key
708               establishment was performed. It is in seconds, or letters m, h,
709               d or y indicate minutes, hours, days, or years.
710
711           Atmp
712               This column shows the number of attempts to perform the key
713               establishment since the last successful key establishment. A
714               number larger than 1 indicates a problem with the network or
715               server.
716
717           NAK
718               This column shows whether an NTS NAK was received since the
719               last request. A NAK indicates that authentication failed on the
720               server side due to chronyd using a cookie which is no longer
721               valid and that it needs to perform the key establishment again
722               in order to get new cookies.
723
724           Cook
725               This column shows the number of NTS cookies that chronyd
726               currently has. If the key establishment was successful, a
727               number smaller than 8 indicates a problem with the network or
728               server.
729
730           CLen
731               This column shows the length in bytes of the NTS cookie which
732               will be used in the next request.
733
734       ntpdata [address]
735           The ntpdata command displays the last valid measurement and other
736           NTP-specific information about the specified NTP source, or all NTP
737           sources (with a known address) if no address was specified. An
738           example of the output is shown below.
739
740               Remote address  : 203.0.113.15 (CB00710F)
741               Remote port     : 123
742               Local address   : 203.0.113.74 (CB00714A)
743               Leap status     : Normal
744               Version         : 4
745               Mode            : Server
746               Stratum         : 1
747               Poll interval   : 10 (1024 seconds)
748               Precision       : -24 (0.000000060 seconds)
749               Root delay      : 0.000015 seconds
750               Root dispersion : 0.000015 seconds
751               Reference ID    : 47505300 (GPS)
752               Reference time  : Fri Nov 25 15:22:12 2016
753               Offset          : -0.000060878 seconds
754               Peer delay      : 0.000175634 seconds
755               Peer dispersion : 0.000000681 seconds
756               Response time   : 0.000053050 seconds
757               Jitter asymmetry: +0.00
758               NTP tests       : 111 111 1111
759               Interleaved     : No
760               Authenticated   : No
761               TX timestamping : Kernel
762               RX timestamping : Kernel
763               Total TX        : 24
764               Total RX        : 24
765               Total valid RX  : 24
766               Total good RX   : 22
767
768           The fields are explained as follows:
769
770           Remote address
771               The IP address of the NTP server or peer, and the corresponding
772               reference ID.
773
774           Remote port
775               The UDP port number to which the request was sent. The standard
776               NTP port is 123.
777
778           Local address
779               The local IP address which received the response, and the
780               corresponding reference ID.
781
782           Leap status, Version, Mode, Stratum, Poll interval, Precision, Root
783           delay, Root dispersion, Reference ID, Reference time
784               The NTP values from the last valid response.
785
786           Offset, Peer delay, Peer dispersion
787               The measured values.
788
789           Response time
790               The time the server or peer spent in processing of the request
791               and waiting before sending the response.
792
793           Jitter asymmetry
794               The estimated asymmetry of network jitter on the path to the
795               source. The asymmetry can be between -0.5 and 0.5. A negative
796               value means the delay of packets sent to the source is more
797               variable than the delay of packets sent from the source back.
798
799           NTP tests
800               Results of RFC 5905 tests 1 through 3, 5 through 7, and tests
801               for maximum delay, delay ratio, delay dev ratio (or delay
802               quantile), and synchronisation loop.
803
804           Interleaved
805               This shows if the response was in the interleaved mode.
806
807           Authenticated
808               This shows if the response was authenticated.
809
810           TX timestamping
811               The source of the local transmit timestamp. Valid values are
812               Daemon, Kernel, and Hardware.
813
814           RX timestamping
815               The source of the local receive timestamp.
816
817           Total TX
818               The number of packets sent to the source.
819
820           Total RX
821               The number of all packets received from the source.
822
823           Total valid RX
824               The number of packets which passed the first two groups of NTP
825               tests.
826
827           Total good RX
828               The number of packets which passed all three groups of NTP
829               tests, i.e. the NTP measurement was accepted.
830
831       add peer name [option]...
832           The add peer command allows a new NTP peer to be added whilst
833           chronyd is running.
834
835           Following the words add peer, the syntax of the following
836           parameters and options is identical to that for the peer directive
837           in the configuration file.
838
839           An example of using this command is shown below.
840
841               add peer foo.example.net minpoll 6 maxpoll 10 key 25
842
843       add pool name [option]...
844           The add pool command allows a pool of NTP servers to be added
845           whilst chronyd is running.
846
847           Following the words add pool, the syntax of the following
848           parameters and options is identical to that for the pool directive
849           in the configuration file.
850
851           An example of using this command is shown below:
852
853               add pool foo.example.net maxsources 3 iburst
854
855       add server name [option]...
856           The add server command allows a new NTP server to be added whilst
857           chronyd is running.
858
859           Following the words add server, the syntax of the following
860           parameters and options is identical to that for the server
861           directive in the configuration file.
862
863           An example of using this command is shown below:
864
865               add server foo.example.net minpoll 6 maxpoll 10 key 25
866
867       delete address
868           The delete command allows an NTP server or peer to be removed from
869           the current set of sources.
870
871       burst good/max [mask/masked-address], burst good/max
872       [masked-address/masked-bits], burst good/max [address]
873           The burst command tells chronyd to make a set of measurements to
874           each of its NTP sources over a short duration (rather than the
875           usual periodic measurements that it makes). After such a burst,
876           chronyd will revert to the previous state for each source. This
877           might be either online, if the source was being periodically
878           measured in the normal way, or offline, if the source had been
879           indicated as being offline. (A source can be switched between the
880           online and offline states with the online and offline commands.)
881
882           The mask and masked-address arguments are optional, in which case
883           chronyd will initiate a burst for all of its currently defined
884           sources.
885
886           The arguments have the following meaning and format:
887
888           good
889               This defines the number of good measurements that chronyd will
890               want to obtain from each source. A measurement is good if it
891               passes certain tests, for example, the round trip time to the
892               source must be acceptable. (This allows chronyd to reject
893               measurements that are likely to be bogus.)
894
895           max
896               This defines the maximum number of measurements that chronyd
897               will attempt to make, even if the required number of good
898               measurements has not been obtained.
899
900           mask
901               This is an IP address with which the IP address of each of
902               chronyd's sources is to be masked.
903
904           masked-address
905               This is an IP address. If the masked IP address of a source
906               matches this value then the burst command is applied to that
907               source.
908
909           masked-bits
910               This can be used with masked-address for CIDR notation, which
911               is a shorter alternative to the form with mask.
912
913           address
914               This is an IP address or a hostname. The burst command is
915               applied only to that source.
916
917
918
919           If no mask or masked-address arguments are provided, every source
920           will be matched.
921
922           An example of the two-argument form of the command is:
923
924               burst 2/10
925
926           This will cause chronyd to attempt to get two good measurements
927           from each source, stopping after two have been obtained, but in no
928           event will it try more than ten probes to the source.
929
930           Examples of the four-argument form of the command are:
931
932               burst 2/10 255.255.0.0/1.2.0.0
933               burst 2/10 2001:db8:789a::/48
934
935           In the first case, the two out of ten sampling will only be applied
936           to sources whose IPv4 addresses are of the form 1.2.x.y, where x
937           and y are arbitrary. In the second case, the sampling will be
938           applied to sources whose IPv6 addresses have first 48 bits equal to
939           2001:db8:789a.
940
941           Example of the three-argument form of the command is:
942
943               burst 2/10 foo.example.net
944
945       maxdelay address delay
946           This allows the maxdelay option for one of the sources to be
947           modified, in the same way as specifying the maxdelay option for the
948           server directive in the configuration file.
949
950       maxdelaydevratio address ratio
951           This allows the maxdelaydevratio option for one of the sources to
952           be modified, in the same way as specifying the maxdelaydevratio
953           option for the server directive in the configuration file.
954
955       maxdelayratio address ratio
956           This allows the maxdelayratio option for one of the sources to be
957           modified, in the same way as specifying the maxdelayratio option
958           for the server directive in the configuration file.
959
960       maxpoll address maxpoll
961           The maxpoll command is used to modify the maximum polling interval
962           for one of the current set of sources. It is equivalent to the
963           maxpoll option in the server directive in the configuration file.
964
965           Note that the new maximum polling interval only takes effect after
966           the next measurement has been made.
967
968       minpoll address minpoll
969           The minpoll command is used to modify the minimum polling interval
970           for one of the current set of sources. It is equivalent to the
971           minpoll option in the server directive in the configuration file.
972
973           Note that the new minimum polling interval only takes effect after
974           the next measurement has been made.
975
976       minstratum address minstratum
977           The minstratum command is used to modify the minimum stratum for
978           one of the current set of sources. It is equivalent to the
979           minstratum option in the server directive in the configuration
980           file.
981
982       offline [address], offline [masked-address/masked-bits], offline
983       [mask/masked-address]
984           The offline command is used to warn chronyd that the network
985           connection to a particular host or hosts is about to be lost, e.g.
986           on computers with intermittent connection to their time sources.
987
988           Another case where offline could be used is where a computer serves
989           time to a local group of computers, and has a permanent connection
990           to true time servers outside the organisation. However, the
991           external connection is heavily loaded at certain times of the day
992           and the measurements obtained are less reliable at those times. In
993           this case, it is probably most useful to determine the gain or loss
994           rate during the quiet periods and let the whole network coast
995           through the loaded periods. The offline and online commands can be
996           used to achieve this.
997
998           There are four forms of the offline command. The first form is a
999           wildcard, meaning all sources (including sources that do not have a
1000           known address yet). The second form allows an IP address mask and a
1001           masked address to be specified. The third form uses CIDR notation.
1002           The fourth form uses an IP address or a hostname. These forms are
1003           illustrated below.
1004
1005               offline
1006               offline 255.255.255.0/1.2.3.0
1007               offline 2001:db8:789a::/48
1008               offline foo.example.net
1009
1010           The second form means that the offline command is to be applied to
1011           any source whose IPv4 address is in the 1.2.3 subnet. (The host’s
1012           address is logically and-ed with the mask, and if the result
1013           matches the masked-address the host is processed.) The third form
1014           means that the command is to be applied to all sources whose IPv6
1015           addresses have their first 48 bits equal to 2001:db8:789a. The
1016           fourth form means that the command is to be applied only to that
1017           one source.
1018
1019           The wildcard form of the address is equivalent to:
1020
1021               offline 0.0.0.0/0.0.0.0
1022               offline ::/0
1023
1024       online [address], online [masked-address/masked-bits], online
1025       [mask/masked-address]
1026           The online command is opposite in function to the offline command.
1027           It is used to advise chronyd that network connectivity to a
1028           particular source or sources has been restored.
1029
1030           The syntax is identical to that of the offline command.
1031
1032       onoffline
1033           The onoffline command tells chronyd to switch all sources that have
1034           a known address to the online or offline status according to the
1035           current network configuration. A source is considered online if it
1036           is possible to send requests to it, i.e. a network route to the
1037           source is present.
1038
1039       polltarget address polltarget
1040           The polltarget command is used to modify the poll target for one of
1041           the current set of sources. It is equivalent to the polltarget
1042           option in the server directive in the configuration file.
1043
1044       refresh
1045           The refresh command can be used to force chronyd to resolve the
1046           names of configured sources to IP addresses again, e.g. after
1047           suspending and resuming the machine in a different network.
1048
1049           Sources that stop responding will be replaced with newly resolved
1050           addresses automatically after 8 polling intervals, but this command
1051           can still be useful to replace them immediately and not wait until
1052           they are marked as unreachable.
1053
1054       reload sources
1055           The reload sources command causes chronyd to re-read all *.sources
1056           files from the directories specified by the sourcedir directive.
1057
1058       sourcename address
1059           The sourcename command prints the original hostname or address that
1060           was specified for an NTP source in the configuration file, or the
1061           add command. This command is an alternative to the -N option, which
1062           can be useful in scripts.
1063
1064           Note that different NTP sources can share the same name, e.g.
1065           servers from a pool.
1066
1067   Manual time input
1068       manual on, manual off, manual delete index, manual list, manual reset
1069           The manual command enables and disables use of the settime command,
1070           and is used to modify the behaviour of the manual clock driver.
1071
1072           The on form of the command enables use of the settime command.
1073
1074           The off form of the command disables use of the settime command.
1075
1076           The list form of the command lists all the samples currently stored
1077           in chronyd. The output is illustrated below.
1078
1079               210 n_samples = 1
1080               #    Date  Time(UTC)    Slewed   Original   Residual
1081               ====================================================
1082                0 27Jan99 22:09:20       0.00       0.97       0.00
1083
1084           The columns are as as follows:
1085
1086            1. The sample index (used for the manual delete command).
1087
1088            2. The date and time of the sample.
1089
1090            3. The system clock error when the timestamp was entered, adjusted
1091               to allow for changes made to the system clock since.
1092
1093            4. The system clock error when the timestamp was entered, as it
1094               originally was (without allowing for changes to the system
1095               clock since).
1096
1097            5. The regression residual at this point, in seconds. This allows
1098               ‘outliers’ to be easily spotted, so that they can be deleted
1099               using the manual delete command.
1100
1101
1102
1103           The delete form of the command deletes a single sample. The
1104           parameter is the index of the sample, as shown in the first column
1105           of the output from manual list. Following deletion of the data
1106           point, the current error and drift rate are re-estimated from the
1107           remaining data points and the system clock trimmed if necessary.
1108           This option is intended to allow ‘outliers’ to be discarded, i.e.
1109           samples where the administrator realises they have entered a very
1110           poor timestamp.
1111
1112           The reset form of the command deletes all samples at once. The
1113           system clock is left running as it was before the command was
1114           entered.
1115
1116       settime time
1117           The settime command allows the current time to be entered manually,
1118           if this option has been configured into chronyd. (It can be
1119           configured either with the manual directive in the configuration
1120           file, or with the manual command of chronyc.)
1121
1122           It should be noted that the computer’s sense of time will only be
1123           as accurate as the reference you use for providing this input (e.g.
1124           your watch), as well as how well you can time the press of the
1125           return key.
1126
1127           Providing your computer’s time zone is set up properly, you will be
1128           able to enter a local time (rather than UTC).
1129
1130           The response to a successful settime command indicates the amount
1131           that the computer’s clock was wrong. It should be apparent from
1132           this if you have entered the time wrongly, e.g. with the wrong time
1133           zone.
1134
1135           The rate of drift of the system clock is estimated by a regression
1136           process using the entered measurement and all previous measurements
1137           entered during the present run of chronyd. However, the entered
1138           measurement is used for adjusting the current clock offset (rather
1139           than the estimated intercept from the regression, which is
1140           ignored). Contrast what happens with the manual delete command,
1141           where the intercept is used to set the current offset (since there
1142           is no measurement that has just been entered in that case).
1143
1144           The time is parsed by the public domain getdate algorithm.
1145           Consequently, you can only specify time to the nearest second.
1146
1147           Examples of inputs that are valid are shown below:
1148
1149               settime 16:30
1150               settime 16:30:05
1151               settime Nov 21, 2015 16:30:05
1152
1153           For a full description of getdate, see the getdate documentation
1154           (bundled, for example, with the source for GNU tar).
1155
1156   NTP access
1157       accheck address
1158           This command allows you to check whether client NTP access is
1159           allowed from a particular host.
1160
1161           Examples of use, showing a named host and a numeric IP address, are
1162           as follows:
1163
1164               accheck foo.example.net
1165               accheck 1.2.3.4
1166               accheck 2001:db8::1
1167
1168           This command can be used to examine the effect of a series of
1169           allow, allow all, deny, and deny all commands specified either via
1170           chronyc, or in chronyd's configuration file.
1171
1172       clients [-p packets] [-k] [-r]
1173           This command shows a list of clients that have accessed the server,
1174           through the NTP, command, or NTS-KE port. It does not include
1175           accesses over the Unix domain command socket.
1176
1177           The -p option specifies the minimum number of received NTP or
1178           command packets, or accepted NTS-KE connections, needed to include
1179           a client in the list. The default value is 0, i.e. all clients are
1180           reported. With the -k option the last four columns will show the
1181           NTS-KE accesses instead of command accesses. If the -r option is
1182           specified, chronyd will reset the counters of received and dropped
1183           packets or connections after reporting the current values.
1184
1185           An example of the output is:
1186
1187               Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
1188               ===============================================================================
1189               localhost                       2      0   2   -   133      15      0  -1     7
1190               foo.example.net                12      0   6   -    23       0      0   -     -
1191
1192           Each row shows the data for a single host. Only hosts that have
1193           passed the host access checks (set with the allow, deny, cmdallow
1194           and cmddeny commands or configuration file directives) are logged.
1195           The intervals are displayed as a power of 2 in seconds.
1196
1197           The columns are as follows:
1198
1199            1. The hostname of the client.
1200
1201            2. The number of NTP packets received from the client.
1202
1203            3. The number of NTP packets dropped to limit the response rate.
1204
1205            4. The average interval between NTP packets.
1206
1207            5. The average interval between NTP packets after limiting the
1208               response rate.
1209
1210            6. Time since the last NTP packet was received
1211
1212            7. The number of command packets or NTS-KE connections
1213               received/accepted from the client.
1214
1215            8. The number of command packets or NTS-KE connections dropped to
1216               limit the response rate.
1217
1218            9. The average interval between command packets or NTS-KE
1219               connections.
1220
1221            10. Time since the last command packet or NTS-KE connection was
1222               received/accepted.
1223
1224       serverstats
1225           The serverstats command displays NTP and command server statistics.
1226
1227           An example of the output is shown below.
1228
1229               NTP packets received       : 1598
1230               NTP packets dropped        : 8
1231               Command packets received   : 19
1232               Command packets dropped    : 0
1233               Client log records dropped : 0
1234               NTS-KE connections accepted: 3
1235               NTS-KE connections dropped : 0
1236               Authenticated NTP packets  : 189
1237               Interleaved NTP packets    : 43
1238               NTP timestamps held        : 44
1239               NTP timestamp span         : 120
1240
1241           The fields have the following meaning:
1242
1243           NTP packets received
1244               The number of valid NTP requests received by the server.
1245
1246           NTP packets dropped
1247               The number of NTP requests dropped by the server due to rate
1248               limiting (configured by the ratelimit directive).
1249
1250           Command packets received
1251               The number of command requests received by the server.
1252
1253           Command packets dropped
1254               The number of command requests dropped by the server due to
1255               rate limiting (configured by the cmdratelimit directive).
1256
1257           Client log records dropped
1258               The number of client log records dropped by the server to limit
1259               the memory use (configured by the clientloglimit directive).
1260
1261           NTS-KE connections accepted
1262               The number of NTS-KE connections accepted by the server.
1263
1264           NTS-KE connections dropped
1265               The number of NTS-KE connections dropped by the server due to
1266               rate limiting (configured by the ntsratelimit directive).
1267
1268           Authenticated NTP packets
1269               The number of received NTP requests that were authenticated
1270               (with a symmetric key or NTS).
1271
1272           Interleaved NTP packets
1273               The number of received NTP requests that were detected to be in
1274               the interleaved mode.
1275
1276           NTP timestamps held
1277               The number of pairs of receive and transmit timestamps that the
1278               server is currently holding in memory for clients using the
1279               interleaved mode.
1280
1281           NTP timestamp span
1282               The interval (in seconds) covered by the currently held NTP
1283               timestamps.
1284
1285
1286
1287           Note that the numbers reported by this overflow to zero after
1288           4294967295 (32-bit values).
1289
1290       allow [all] [subnet]
1291           The effect of the allow command is identical to the allow directive
1292           in the configuration file.
1293
1294           The syntax is illustrated in the following examples:
1295
1296               allow 1.2.3.4
1297               allow all 3.4.5.0/24
1298               allow 2001:db8:789a::/48
1299               allow 0/0
1300               allow ::/0
1301               allow
1302               allow all
1303
1304       deny [all] [subnet]
1305           The effect of the allow command is identical to the deny directive
1306           in the configuration file.
1307
1308           The syntax is illustrated in the following examples:
1309
1310               deny 1.2.3.4
1311               deny all 3.4.5.0/24
1312               deny 2001:db8:789a::/48
1313               deny 0/0
1314               deny ::/0
1315               deny
1316               deny all
1317
1318       local [option]..., local off
1319           The local command allows chronyd to be told that it is to appear as
1320           a reference source, even if it is not itself properly synchronised
1321           to an external source. (This can be used on isolated networks, to
1322           allow one computer to be a master time server with the other
1323           computers slaving to it.)
1324
1325           The first form enables the local reference mode on the host. The
1326           syntax is identical to the local directive in the configuration
1327           file.
1328
1329           The second form disables the local reference mode.
1330
1331       smoothing
1332           The smoothing command displays the current state of the NTP server
1333           time smoothing, which can be enabled with the smoothtime directive.
1334           An example of the output is shown below.
1335
1336               Active         : Yes
1337               Offset         : +1.000268817 seconds
1338               Frequency      : -0.142859 ppm
1339               Wander         : -0.010000 ppm per second
1340               Last update    : 17.8 seconds ago
1341               Remaining time : 19988.4 seconds
1342
1343           The fields are explained as follows:
1344
1345           Active
1346               This shows if the server time smoothing is currently active.
1347               Possible values are Yes and No. If the leaponly option is
1348               included in the smoothtime directive, (leap second only) will
1349               be shown on the line.
1350
1351           Offset
1352               This is the current offset applied to the time sent to NTP
1353               clients. Positive value means the clients are getting time
1354               that’s ahead of true time.
1355
1356           Frequency
1357               The current frequency offset of the served time. Negative value
1358               means the time observed by clients is running slower than true
1359               time.
1360
1361           Wander
1362               The current frequency wander of the served time. Negative value
1363               means the time observed by clients is slowing down.
1364
1365           Last update
1366               This field shows how long ago the time smoothing process was
1367               updated, e.g. chronyd accumulated a new measurement.
1368
1369           Remaining time
1370               The time it would take for the smoothing process to get to zero
1371               offset and frequency if there were no more updates.
1372
1373       smoothtime activate, smoothtime reset
1374           The smoothtime command can be used to activate or reset the server
1375           time smoothing process if it is configured with the smoothtime
1376           directive.
1377
1378   Monitoring access
1379       cmdaccheck address
1380           This command is similar to the accheck command, except that it is
1381           used to check whether monitoring access is permitted from a named
1382           host.
1383
1384           Examples of use are as follows:
1385
1386               cmdaccheck foo.example.net
1387               cmdaccheck 1.2.3.4
1388               cmdaccheck 2001:db8::1
1389
1390       cmdallow [all] [subnet]
1391           This is similar to the allow command, except that it is used to
1392           allow particular hosts or subnets to use chronyc to monitor with
1393           chronyd on the current host.
1394
1395       cmddeny [all] [subnet]
1396           This is similar to the deny command, except that it is used to
1397           allow particular hosts or subnets to use chronyc to monitor chronyd
1398           on the current host.
1399
1400   Real-time clock (RTC)
1401       rtcdata
1402           The rtcdata command displays the current RTC parameters.
1403
1404           An example output is shown below.
1405
1406               RTC ref time (GMT) : Sat May 30 07:25:56 2015
1407               Number of samples  : 10
1408               Number of runs     : 5
1409               Sample span period :  549
1410               RTC is fast by     :    -1.632736 seconds
1411               RTC gains time at  :  -107.623 ppm
1412
1413           The fields have the following meaning:
1414
1415           RTC ref time (GMT)
1416               This is the RTC reading the last time its error was measured.
1417
1418           Number of samples
1419               This is the number of previous measurements being used to
1420               determine the RTC gain or loss rate.
1421
1422           Number of runs
1423               This is the number of runs of residuals of the same sign
1424               following the regression fit for (RTC error) versus (RTC time).
1425               A value which is small indicates that the measurements are not
1426               well approximated by a linear model, and that the algorithm
1427               will tend to delete the older measurements to improve the fit.
1428
1429           Sample span period
1430               This is the period that the measurements span (from the oldest
1431               to the newest). Without a unit the value is in seconds;
1432               suffixes m for minutes, h for hours, d for days or y for years
1433               can be used.
1434
1435           RTC is fast by
1436               This is the estimate of how many seconds fast the RTC when it
1437               thought the time was at the reference time (above). If this
1438               value is large, you might (or might not) want to use the
1439               trimrtc command to bring the RTC into line with the system
1440               clock. (Note, a large error will not affect chronyd's
1441               operation, unless it becomes so big as to start causing
1442               rounding errors.)
1443
1444           RTC gains time at
1445               This is the amount of time gained (positive) or lost (negative)
1446               by the real time clock for each second that it ticks. It is
1447               measured in parts per million. So if the value shown was +1,
1448               suppose the RTC was exactly right when it crosses a particular
1449               second boundary. Then it would be 1 microsecond fast when it
1450               crosses its next second boundary.
1451
1452       trimrtc
1453           The trimrtc command is used to correct the system’s real-time clock
1454           (RTC) to the main system clock. It has no effect if the error
1455           between the two clocks is currently estimated at less than a
1456           second.
1457
1458           The command takes no arguments. It performs the following steps (if
1459           the RTC is more than 1 second away from the system clock):
1460
1461            1. Remember the currently estimated gain or loss rate of the RTC
1462               and flush the previous measurements.
1463
1464            2. Step the real-time clock to bring it within a second of the
1465               system clock.
1466
1467            3. Make several measurements to accurately determine the new
1468               offset between the RTC and the system clock (i.e. the remaining
1469               fraction of a second error).
1470
1471            4. Save the RTC parameters to the RTC file (specified with the
1472               rtcfile directive in the configuration file).
1473
1474
1475
1476           The last step is done as a precaution against the computer
1477           suffering a power failure before either the daemon exits or the
1478           writertc command is issued.
1479
1480           chronyd will still work perfectly well both whilst operating and
1481           across machine reboots even if the trimrtc command is never used
1482           (and the RTC is allowed to drift away from true time). The trimrtc
1483           command is provided as a method by which it can be corrected, in a
1484           manner compatible with chronyd using it to maintain accurate time
1485           across machine reboots.
1486
1487           The trimrtc command can be executed automatically by chronyd with
1488           the rtcautotrim directive in the configuration file.
1489
1490       writertc
1491           The writertc command writes the currently estimated error and gain
1492           or loss rate parameters for the RTC to the RTC file (specified with
1493           the rtcfile directive). This information is also written
1494           automatically when chronyd is killed (by the SIGHUP, SIGINT,
1495           SIGQUIT or SIGTERM signals) or when the trimrtc command is issued.
1496
1497   Other daemon commands
1498       cyclelogs
1499           The cyclelogs command causes all of chronyd's open log files to be
1500           closed and re-opened. This allows them to be renamed so that they
1501           can be periodically purged. An example of how to do this is shown
1502           below.
1503
1504               # mv /var/log/chrony/measurements.log /var/log/chrony/measurements1.log
1505               # chronyc cyclelogs
1506               # rm /var/log/chrony/measurements1.log
1507
1508       dump
1509           The dump command causes chronyd to write its current history of
1510           measurements for each of its sources to dump files in the directory
1511           specified in the configuration file by the dumpdir directive and
1512           also write server NTS keys and client NTS cookies to the directory
1513           specified by the ntsdumpdir directive. Note that chronyd does this
1514           automatically when it exits. This command is mainly useful for
1515           inspection whilst chronyd is running.
1516
1517       rekey
1518           The rekey command causes chronyd to re-read the key file specified
1519           in the configuration file by the keyfile directive. It also
1520           re-reads the server NTS keys if ntsdumpdir is specified and
1521           automatic rotation is disabled in the configuration file.
1522
1523       reset sources
1524           The reset sources command causes chronyd to drop all measurements
1525           and switch to the unsynchronised state. This command can help
1526           chronyd with recovery when the measurements are known to be no
1527           longer valid or accurate, e.g. due to moving the computer to a
1528           different network, or resuming the computer from a low-power state
1529           (which resets the system clock). chronyd will drop the measurements
1530           automatically when it detects the clock has made an unexpected
1531           jump, but the detection is not completely reliable.
1532
1533       shutdown
1534           The shutdown command causes chronyd to exit. This is equivalent to
1535           sending the process the SIGTERM signal.
1536
1537   Client commands
1538       dns option
1539           The dns command configures how hostnames and IP addresses are
1540           resolved in chronyc. IP addresses can be resolved to hostnames when
1541           printing results of sources, sourcestats, tracking and clients
1542           commands. Hostnames are resolved in commands that take an address
1543           as argument.
1544
1545           There are five options:
1546
1547           dns -n
1548               Disables resolving IP addresses to hostnames. Raw IP addresses
1549               will be displayed.
1550
1551           dns +n
1552               Enables resolving IP addresses to hostnames. This is the
1553               default unless chronyc was started with -n option.
1554
1555           dns -4
1556               Resolves hostnames only to IPv4 addresses.
1557
1558           dns -6
1559               Resolves hostnames only to IPv6 addresses.
1560
1561           dns -46
1562               Resolves hostnames to both address families. This is the
1563               default behaviour unless chronyc was started with the -4 or -6
1564               option.
1565
1566       timeout timeout
1567           The timeout command sets the initial timeout for chronyc requests
1568           in milliseconds. If no response is received from chronyd, the
1569           timeout is doubled and the request is resent. The maximum number of
1570           retries is configured with the retries command.
1571
1572           By default, the timeout is 1000 milliseconds.
1573
1574       retries retries
1575           The retries command sets the maximum number of retries for chronyc
1576           requests before giving up. The response timeout is controlled by
1577           the timeout command.
1578
1579           The default is 2.
1580
1581       keygen [id [type [bits]]]
1582           The keygen command generates a key that can be added to the key
1583           file (specified with the keyfile directive) to allow NTP
1584           authentication between server and client, or peers. The key is
1585           generated from the /dev/urandom device and it is printed to
1586           standard output.
1587
1588           The command has three optional arguments. The first argument is the
1589           key number (by default 1), which will be specified with the key
1590           option of the server or peer directives in the configuration file.
1591           The second argument is the name of the hash function or cipher (by
1592           default SHA1, or MD5 if SHA1 is not available). The third argument
1593           is the length of the key in bits if a hash function was selected,
1594           between 80 and 4096 bits (by default 160 bits).
1595
1596           An example is:
1597
1598               keygen 73 SHA1 256
1599
1600           which generates a 256-bit SHA1 key with number 73. The printed line
1601           should then be securely transferred and added to the key files on
1602           both server and client, or peers. A different key should be
1603           generated for each client or peer.
1604
1605           An example using the AES128 cipher is:
1606
1607               keygen 151 AES128
1608
1609       exit, quit
1610           The exit and quit commands exit from chronyc and return the user to
1611           the shell.
1612
1613       help
1614           The help command displays a summary of the commands and their
1615           arguments.
1616

SEE ALSO

1618       chrony.conf(5), chronyd(8)
1619

BUGS

1621       For instructions on how to report bugs, please visit
1622       https://chrony.tuxfamily.org/.
1623

AUTHORS

1625       chrony was written by Richard Curnow, Miroslav Lichvar, and others.
1626
1627
1628
1629chrony 4.3                        2022-08-29                        CHRONYC(1)
Impressum