1CHRONYC(1) User manual CHRONYC(1)
2
6 chronyc - command-line interface for chrony daemon
7
9 chronyc [OPTION]... [COMMAND]...
10
12 chronyc is a command-line interface program which can be used to
13 monitor chronyd's performance and to change various operating
14 parameters whilst it is running.
15 If no commands are specified on the command line, chronyc will expect
17 input from the user. The prompt chronyc> will be displayed when it is
18 being run from a terminal. If chronyc's input or output are redirected
19 from or to a file, the prompt will not be shown.
20 There are two ways chronyc can access chronyd. One is the Internet
22 Protocol (IPv4 or IPv6) and the other is a Unix domain socket, which is
23 accessible locally by the root or chrony user. By default, chronyc
24 first tries to connect to the Unix domain socket. The compiled-in
25 default path is /run/chrony/chronyd.sock. If that fails (e.g. because
26 chronyc is running under a non-root user), it will try to connect to
27 127.0.0.1 and then ::1.
28 Only the following monitoring commands, which do not affect the
30 behaviour of chronyd, are allowed from the network: activity, manual
31 list, rtcdata, smoothing, sourcename, sources, sourcestats, tracking,
32 waitsync. The set of hosts from which chronyd will accept these
33 commands can be configured with the cmdallow directive in the chronyd's
34 configuration file or the cmdallow command in chronyc. By default, the
35 commands are accepted only from localhost (127.0.0.1 or ::1).
36 All other commands are allowed only through the Unix domain socket.
38 When sent over the network, chronyd will respond with a ‘Not
39 authorised’ error, even if it is from localhost.
40 Having full access to chronyd via chronyc is more or less equivalent to
42 being able to modify the chronyd's configuration file and restart it.
43
45 -4
46 With this option hostnames will be resolved only to IPv4 addresses.
47 -6
49 With this option hostnames will be resolved only to IPv6 addresses.
50 -n
52 This option disables resolving of IP addresses to hostnames, e.g.
53 to avoid slow DNS lookups. Long addresses will not be truncated to
54 fit into the column.
55 -N
57 This option enables printing of original hostnames or IP addresses
58 of NTP sources that were specified in the configuration file, or
59 chronyc commands. Without the -n and -N option, the printed
60 hostnames are obtained from reverse DNS lookups and can be
61 different from the specified hostnames.
62 -c
64 This option enables printing of reports in a comma-separated values
65 (CSV) format. Reverse DNS lookups will be disabled, time will be
66 printed as number of seconds since the epoch, and values in seconds
67 will not be converted to other units.
68 -e
70 With this option each chronyc response will end with a line
71 containing a single dot.
72 -d
74 This option enables printing of debugging messages if chronyc was
75 compiled with debugging support.
76 -m
78 Normally, all arguments on the command line are interpreted as one
79 command. With this option multiple commands can be specified. Each
80 argument will be interpreted as a whole command.
81 -h host
83 This option specifies the host to be contacted by chronyc. It can
84 be specified with a hostname, IP address, or path to the local Unix
85 domain socket. Multiple values can be specified as a
86 comma-separated list to provide a fallback.
87 The default value is /run/chrony/chronyd.sock,127.0.0.1,::1, i.e.
89 the host where chronyc is being run. First, it tries to connect to
90 the Unix domain socket and if that fails (e.g. due to running under
91 a non-root user), it will try to connect to 127.0.0.1 and then ::1.
92 -p port
94 This option allows the user to specify the UDP port number which
95 the target chronyd is using for its monitoring connections. This
96 defaults to 323; there would rarely be a need to change this.
97 -f file
99 This option is ignored and is provided only for compatibility.
100 -a
102 This option is ignored and is provided only for compatibility.
103 -v, --version
105 With this option chronyc displays its version number on the
106 terminal and exits.
107 --help
109 With this option chronyc displays a help message on the terminal
110 and exits.
111
113 This section describes each of the commands available within the
114 chronyc program.
115 System clock
117 tracking
118 The tracking command displays parameters about the system’s clock
119 performance. An example of the output is shown below.
120 Reference ID : CB00710F (ntp1.example.net)
122 Stratum : 3
123 Ref time (UTC) : Fri Jan 27 09:49:17 2017
124 System time : 0.000006523 seconds slow of NTP time
125 Last offset : -0.000006747 seconds
126 RMS offset : 0.000035822 seconds
127 Frequency : 3.225 ppm slow
128 Residual freq : -0.000 ppm
129 Skew : 0.129 ppm
130 Root delay : 0.013639022 seconds
131 Root dispersion : 0.001100737 seconds
132 Update interval : 64.2 seconds
133 Leap status : Normal
134 The fields are explained as follows:
136 Reference ID
138 This is the reference ID and name (or IP address) of the server
139 to which the computer is currently synchronised. For IPv4
140 addresses, the reference ID is equal to the address and for
141 IPv6 addresses it is the first 32 bits of the MD5 sum of the
142 address.
143 If the reference ID is 7F7F0101 and there is no name or IP
145 address, it means the computer is not synchronised to any
146 external source and that you have the local mode operating (via
147 the local command in chronyc, or the local directive in the
148 configuration file).
149 The reference ID is printed as a hexadecimal number. Note that
151 in older versions it used to be printed in quad-dotted notation
152 and could be confused with an IPv4 address.
153 Stratum
155 The stratum indicates how many hops away from a computer with
156 an attached reference clock we are. Such a computer is a
157 stratum-1 computer, so the computer in the example is two hops
158 away (i.e. ntp1.example.net is a stratum-2 and is synchronised
159 from a stratum-1).
160 Ref time
162 This is the time (UTC) at which the last measurement from the
163 reference source was processed.
164 System time
166 This is the current offset between the NTP clock and system
167 clock. The NTP clock is a software (virtual) clock maintained
168 by chronyd, which is synchronised to the configured time
169 sources and provides time to NTP clients. The system clock is
170 synchronised to the NTP clock. To avoid steps in the system
171 time, which might have adverse consequences for certain
172 applications, the system clock is normally corrected only by
173 speeding up or slowing down (up to the rate configured by the
174 maxslewrate directive). If the offset is too large, this
175 correction will take a very long time. A step can be forced by
176 the makestep command, or the makestep directive in the
177 configuration file.
178 Note that all other offsets reported by chronyc and most
180 offsets in the log files are relative to the NTP clock, not the
181 system clock.
182 Last offset
184 This is the estimated local offset on the last clock update. A
185 positive value indicates the local time (as previously
186 estimated true time) was ahead of the time sources.
187 RMS offset
189 This is a long-term average of the offset value.
190 Frequency
192 The ‘frequency’ is the rate by which the system’s clock would
193 be wrong if chronyd was not correcting it. It is expressed in
194 ppm (parts per million). For example, a value of 1 ppm would
195 mean that when the system’s clock thinks it has advanced 1
196 second, it has actually advanced by 1.000001 seconds relative
197 to true time.
198 Residual freq
200 This shows the ‘residual frequency’ for the currently selected
201 reference source. This reflects any difference between what the
202 measurements from the reference source indicate the frequency
203 should be and the frequency currently being used.
204 The reason this is not always zero is that a smoothing
206 procedure is applied to the frequency. Each time a measurement
207 from the reference source is obtained and a new residual
208 frequency computed, the estimated accuracy of this residual is
209 compared with the estimated accuracy (see ‘skew’ next) of the
210 existing frequency value. A weighted average is computed for
211 the new frequency, with weights depending on these accuracies.
212 If the measurements from the reference source follow a
213 consistent trend, the residual will be driven to zero over
214 time.
215 Skew
217 This is the estimated error bound on the frequency.
218 Root delay
220 This is the total of the network path delays to the stratum-1
221 computer from which the computer is ultimately synchronised.
222 Root dispersion
224 This is the total dispersion accumulated through all the
225 computers back to the stratum-1 computer from which the
226 computer is ultimately synchronised. Dispersion is due to
227 system clock resolution, statistical measurement variations,
228 etc.
229 An absolute bound on the computer’s clock accuracy (assuming
231 the stratum-1 computer is correct) is given by:
232 clock_error <= |system_time_offset| + root_dispersion + (0.5 * root_delay)
234 Update interval
236 This is the interval between the last two clock updates.
237 Leap status
239 This is the leap status, which can be Normal, Insert second,
240 Delete second or Not synchronised.
241 makestep, makestep threshold limit
243 Normally chronyd will cause the system to gradually correct any
244 time offset, by slowing down or speeding up the clock as required.
245 In certain situations, the system clock might be so far adrift that
246 this slewing process would take a very long time to correct the
247 system clock.
248 The makestep command can be used in this situation. There are two
250 forms of the command. The first form has no parameters. It tells
251 chronyd to cancel any remaining correction that was being slewed
252 and jump the system clock by the equivalent amount, making it
253 correct immediately.
254 The second form configures the automatic stepping, similarly to the
256 makestep directive. It has two parameters, stepping threshold (in
257 seconds) and number of future clock updates for which the threshold
258 will be active. This can be used with the burst command to quickly
259 make a new measurement and correct the clock by stepping if needed,
260 without waiting for chronyd to complete the measurement and update
261 the clock.
262 makestep 0.1 1
264 burst 1/2
265 BE WARNED: Certain software will be seriously affected by such
267 jumps in the system time. (That is the reason why chronyd uses
268 slewing normally.)
269 maxupdateskew skew-in-ppm
271 This command has the same effect as the maxupdateskew directive in
272 the configuration file.
273 waitsync [max-tries [max-correction [max-skew [interval]]]]
275 The waitsync command waits for chronyd to synchronise.
276 Up to four optional arguments can be specified. The first is the
278 maximum number of tries before giving up and returning a non-zero
279 error code. When 0 is specified, or there are no arguments, the
280 number of tries will not be limited.
281 The second and third arguments are the maximum allowed remaining
283 correction of the system clock and the maximum allowed skew (in
284 ppm) as reported by the tracking command in the System time and
285 Skew fields. If not specified or zero, the value will not be
286 checked.
287 The fourth argument is the interval specified in seconds in which
289 the check is repeated. The interval is 10 seconds by default.
290 An example is:
292 waitsync 60 0.01
294 which will wait up to about 10 minutes (60 times 10 seconds) for
296 chronyd to synchronise to a source and the remaining correction to
297 be less than 10 milliseconds.
298 Time sources
300 sources [-a] [-v]
301 This command displays information about the current time sources
302 that chronyd is accessing.
303 If the -a option is specified, all sources are displayed, including
305 those that do not have a known address yet. Such sources have an
306 identifier in the format ID#XXXXXXXXXX, which can be used in other
307 commands expecting a source address.
308 The -v option enables a verbose output. In this case, extra caption
310 lines are shown as a reminder of the meanings of the columns.
311 MS Name/IP address Stratum Poll Reach LastRx Last sample
313 ===============================================================================
314 #* GPS0 0 4 377 11 -479ns[ -621ns] +/- 134ns
315 ^? ntp1.example.net 2 6 377 23 -923us[ -924us] +/- 43ms
316 ^+ ntp2.example.net 1 6 377 21 -2629us[-2619us] +/- 86ms
317 The columns are as follows:
319 M
321 This indicates the mode of the source. ^ means a server, =
322 means a peer and # indicates a locally connected reference
323 clock.
324 S
326 This column indicates the selection state of the source.
327 • * indicates the best source which is currently selected for
329 synchronisation.
330 • + indicates other sources selected for synchronisation,
332 which are combined with the best source.
333 • - indicates a source which is considered to be selectable
335 for synchronisation, but not currently selected.
336 • x indicates a source which chronyd thinks is a falseticker
338 (i.e. its time is inconsistent with a majority of other
339 sources, or sources specified with the trust option).
340 • ~ indicates a source whose time appears to have too much
342 variability.
343 • ? indicates a source which is not considered to be
345 selectable for synchronisation for other reasons (e.g.
346 unreachable, not synchronised, or does not have enough
347 measurements).
348 The selectdata command can be used to get more details about
351 the selection state.
352 Name/IP address
354 This shows the name or the IP address of the source, or
355 reference ID for reference clocks.
356 Stratum
358 This shows the stratum of the source, as reported in its most
359 recently received sample. Stratum 1 indicates a computer with a
360 locally attached reference clock. A computer that is
361 synchronised to a stratum 1 computer is at stratum 2. A
362 computer that is synchronised to a stratum 2 computer is at
363 stratum 3, and so on.
364 Poll
366 This shows the rate at which the source is being polled, as a
367 base-2 logarithm of the interval in seconds. Thus, a value of 6
368 would indicate that a measurement is being made every 64
369 seconds. chronyd automatically varies the polling rate in
370 response to prevailing conditions.
371 Reach
373 This shows the source’s reachability register printed as an
374 octal number. The register has 8 bits and is updated on every
375 received or missed packet from the source. A value of 377
376 indicates that a valid reply was received for all from the last
377 eight transmissions.
378 LastRx
380 This column shows how long ago the last good sample (which is
381 shown in the next column) was received from the source.
382 Measurements that failed some tests are ignored. This is
383 normally in seconds. The letters m, h, d or y indicate minutes,
384 hours, days, or years.
385 Last sample
387 This column shows the offset between the local clock and the
388 source at the last measurement. The number in the square
389 brackets shows the actual measured offset. This can be suffixed
390 by ns (indicating nanoseconds), us (indicating microseconds),
391 ms (indicating milliseconds), or s (indicating seconds). The
392 number to the left of the square brackets shows the original
393 measurement, adjusted to allow for any slews applied to the
394 local clock since. Positive offsets indicate that the local
395 clock is ahead of the source. The number following the +/-
396 indicator shows the margin of error in the measurement (NTP
397 root distance).
398 sourcestats [-a] [-v]
400 The sourcestats command displays information about the drift rate
401 and offset estimation process for each of the sources currently
402 being examined by chronyd.
403 If the -a option is specified, all sources are displayed, including
405 those that do not have a known address yet. Such sources have an
406 identifier in the format ID#XXXXXXXXXX, which can be used in other
407 commands expecting a source address.
408 The -v option enables a verbose output. In this case, extra caption
410 lines are shown as a reminder of the meanings of the columns.
411 An example report is:
413 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
415 ===============================================================================
416 ntp1.example.net 11 5 46m -0.001 0.045 1us 25us
417 The columns are as follows:
419 Name/IP Address
421 This is the name or IP address of the NTP server (or peer) or
422 reference ID of the reference clock to which the rest of the
423 line relates.
424 NP
426 This is the number of sample points currently being retained
427 for the server. The drift rate and current offset are estimated
428 by performing a linear regression through these points.
429 NR
431 This is the number of runs of residuals having the same sign
432 following the last regression. If this number starts to become
433 too small relative to the number of samples, it indicates that
434 a straight line is no longer a good fit to the data. If the
435 number of runs is too low, chronyd discards older samples and
436 re-runs the regression until the number of runs becomes
437 acceptable.
438 Span
440 This is the interval between the oldest and newest samples. If
441 no unit is shown the value is in seconds. In the example, the
442 interval is 46 minutes.
443 Frequency
445 This is the estimated residual frequency for the server, in
446 parts per million. In this case, the computer’s clock is
447 estimated to be running 1 part in 10^9 slow relative to the
448 server.
449 Freq Skew
451 This is the estimated error bounds on Freq (again in parts per
452 million).
453 Offset
455 This is the estimated offset of the source.
456 Std Dev
458 This is the estimated sample standard deviation.
459 selectdata [-a] [-v]
461 The selectdata command displays information specific to the
462 selection of time sources. If the -a option is specified, all
463 sources are displayed, including those that do not have a known
464 address yet. With the -v option, extra caption lines are shown as a
465 reminder of the meanings of the columns.
466 An example of the output is shown below.
468 S Name/IP Address Auth COpts EOpts Last Score Interval Leap
470 =======================================================================
471 D ntp1.example.net Y ----- --TR- 4 1.0 -61ms +62ms N
472 * ntp2.example.net N ----- ----- 0 1.0 -6846us +7305us N
473 + ntp3.example.net N ----- ----- 10 1.0 -7381us +7355us N
474 The columns are as follows:
476 S
478 This column indicates the state of the source after the last
479 source selection. It is similar to the state reported by the
480 sources command, but more states are reported.
481 The following states indicate the source is not considered
484 selectable for synchronisation:
485 • N - has the noselect option.
487 • s - is not synchronised.
489 • M - does not have enough measurements.
491 • d - has a root distance larger than the maximum distance
493 (configured by the maxdistance directive).
494 • ~ - has a jitter larger than the maximum jitter (configured
496 by the maxjitter directive).
497 • w - waits for other sources to get out of the M state.
499 • S - has older measurements than other sources.
501 • O - has a stratum equal or larger than the orphan stratum
503 (configured by the local directive).
504 • T - does not fully agree with sources that have the trust
506 option.
507 • x - does not agree with other sources (falseticker).
509 The following states indicate the source is considered
512 selectable, but it is not currently used for synchronisation:
513 • W - waits for other sources to be selectable (required by
515 the minsources directive, or the require option of another
516 source).
517 • P - another selectable source is preferred due to the
519 prefer option.
520 • U - waits for a new measurement (after selecting a
522 different best source).
523 • D - has, or recently had, a root distance which is too
525 large to be combined with other sources (configured by the
526 combinelimit directive).
527 The following states indicate the source is used for
530 synchronisation of the local clock:
531 • + - combined with the best source.
533 • * - selected as the best source to update the reference
535 data (e.g. root delay, root dispersion).
536 Name/IP address
538 This column shows the name or IP address of the source if it is
539 an NTP server, or the reference ID if it is a reference clock.
540 Auth
542 This column indicites whether an authentication mechanism is
543 enabled for the source. Y means yes and N means no.
544 COpts
546 This column displays the configured selection options of the
547 source.
548 • N indicates the noselect option.
550 • P indicates the prefer option.
552 • T indicates the trust option.
554 • R indicates the require option.
556 EOpts
558 This column displays the current effective selection options of
559 the source, which can be different from the configured options
560 due to the authentication selection mode (configured by the
561 authselectmode directive). The symbols are the same as in the
562 COpts column.
563 Last
565 This column displays how long ago was the last measurement of
566 the source made when the selection was performed.
567 Score
569 This column displays the current score against the source in
570 the * state. The scoring system avoids frequent reselection
571 when multiple sources have a similar root distance. A value
572 larger than 1 indicates this source was better than the *
573 source in recent selections. If the score reaches 10, the best
574 source will be reselected and the scores will be reset to 1.
575 Interval
577 This column displays the lower and upper endpoint of the
578 interval which was expected to contain the true offset of the
579 local clock considering the root distance at the time of the
580 selection.
581 Leap
583 This column displays the current leap status of the source.
584 • N indicates the normal status (no leap second).
586 • + indicates that a leap second will be inserted at the end
588 of the month.
589 • - indicates that a leap second will be deleted at the end
591 of the month.
592 • ? indicates the unknown status (i.e. no valid measurement
594 was made).
595 selectopts address|refid [+|-option]...
597 The selectopts command modifies the configured selection options of
598 an NTP source specified by IP address (or the ID#XXXXXXXXXX
599 identifier used for unknown addresses), or a reference clock
600 specified by reference ID as a string.
601 The selection options can be added with the + symbol or removed
603 with the - symbol. The selectdata command can be used to verify the
604 configuration. The modified options will be applied in the next
605 source selection, e.g. when a new measurement is made, or the
606 reselect command is executed.
607 An example of using this command is shown below.
609 selectopts 1.2.3.4 -noselect +prefer
611 selectopts GPS +trust
612 reselect
614 To avoid excessive switching between sources, chronyd can stay
615 synchronised to a source even when it is not currently the best one
616 among the available sources.
617 The reselect command can be used to force chronyd to reselect the
619 best synchronisation source.
620 reselectdist distance
622 The reselectdist command sets the reselection distance. It is
623 equivalent to the reselectdist directive in the configuration file.
624 NTP sources
626 activity
627 This command reports the number of servers and peers that are
628 online and offline. If the auto_offline option is used in
629 specifying some of the servers or peers, the activity command can
630 be useful for detecting when all of them have entered the offline
631 state after the network link has been disconnected.
632 The report shows the number of servers and peers in 5 states:
634 online
636 the server or peer is currently online (i.e. assumed by chronyd
637 to be reachable)
638 offline
640 the server or peer is currently offline (i.e. assumed by
641 chronyd to be unreachable, and no measurements from it will be
642 attempted.)
643 burst_online
645 a burst command has been initiated for the server or peer and
646 is being performed; after the burst is complete, the server or
647 peer will be returned to the online state.
648 burst_offline
650 a burst command has been initiated for the server or peer and
651 is being performed; after the burst is complete, the server or
652 peer will be returned to the offline state.
653 unresolved
655 the name of the server or peer was not resolved to an address
656 yet; this source is not visible in the sources and sourcestats
657 reports.
658 authdata [-a]
660 The authdata command displays information specific to
661 authentication of NTP sources. If the -a option is specified, all
662 sources are displayed, including those that do not have a known
663 address yet. An example of the output is shown below.
664 Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen
666 =========================================================================
667 ntp1.example.net NTS 1 15 256 135m 0 0 8 100
668 ntp2.example.net SK 30 13 128 - 0 0 0 0
669 ntp3.example.net - 0 0 0 - 0 0 0 0
670 The columns are as follows:
672 Name/IP address
674 This column shows the name or the IP address of the source.
675 Mode
677 This column shows which mechanism authenticates NTP packets
678 received from the source. NTS means Network Time Security, SK
679 means a symmetric key, and - means authentication is disabled.
680 KeyID
682 This column shows an identifier of the key used for
683 authentication. With a symmetric key, it is the ID from the key
684 file. With NTS, it is a number starting at zero and incremented
685 by one with each successful key establishment using the NTS-KE
686 protocol, i.e. it shows how many times the key establishment
687 was performed with this source.
688 Type
690 This columns shows an identifier of the algorithm used for
691 authentication. With a symmetric key, it is the hash function
692 or cipher specified in the key file. With NTS, it is an
693 authenticated encryption with associated data (AEAD) algorithm,
694 which is negotiated in the NTS-KE protocol. The following
695 values can be reported:
696 • 1: MD5
698 • 2: SHA1
700 • 3: SHA256
702 • 4: SHA384
704 • 5: SHA512
706 • 6: SHA3-224
708 • 7: SHA3-256
710 • 8: SHA3-384
712 • 9: SHA3-512
714 • 10: TIGER
716 • 11: WHIRLPOOL
718 • 13: AES128
720 • 14: AES256
722 • 15: AEAD-AES-SIV-CMAC-256
724 • 30: AEAD-AES-128-GCM-SIV
726 KLen
728 This column shows the length of the key in bits.
729 Last
731 This column shows how long ago the last successful key
732 establishment was performed. It is in seconds, or letters m, h,
733 d or y indicate minutes, hours, days, or years.
734 Atmp
736 This column shows the number of attempts to perform the key
737 establishment since the last successful key establishment. A
738 number larger than 1 indicates a problem with the network or
739 server.
740 NAK
742 This column shows whether an NTS NAK was received since the
743 last request. A NAK indicates that authentication failed on the
744 server side due to chronyd using a cookie which is no longer
745 valid and that it needs to perform the key establishment again
746 in order to get new cookies.
747 Cook
749 This column shows the number of NTS cookies that chronyd
750 currently has. If the key establishment was successful, a
751 number smaller than 8 indicates a problem with the network or
752 server.
753 CLen
755 This column shows the length in bytes of the NTS cookie which
756 will be used in the next request.
757 ntpdata [address]
759 The ntpdata command displays the last valid measurement and other
760 NTP-specific information about the specified NTP source, or all NTP
761 sources (with a known address) if no address was specified. An
762 example of the output is shown below.
763 Remote address : 203.0.113.15 (CB00710F)
765 Remote port : 123
766 Local address : 203.0.113.74 (CB00714A)
767 Leap status : Normal
768 Version : 4
769 Mode : Server
770 Stratum : 1
771 Poll interval : 10 (1024 seconds)
772 Precision : -24 (0.000000060 seconds)
773 Root delay : 0.000015 seconds
774 Root dispersion : 0.000015 seconds
775 Reference ID : 47505300 (GPS)
776 Reference time : Fri Nov 25 15:22:12 2016
777 Offset : -0.000060878 seconds
778 Peer delay : 0.000175634 seconds
779 Peer dispersion : 0.000000681 seconds
780 Response time : 0.000053050 seconds
781 Jitter asymmetry: +0.00
782 NTP tests : 111 111 1111
783 Interleaved : No
784 Authenticated : No
785 TX timestamping : Kernel
786 RX timestamping : Kernel
787 Total TX : 24
788 Total RX : 24
789 Total valid RX : 24
790 Total good RX : 22
791 The fields are explained as follows:
793 Remote address
795 The IP address of the NTP server or peer, and the corresponding
796 reference ID.
797 Remote port
799 The UDP port number to which the request was sent. The standard
800 NTP port is 123.
801 Local address
803 The local IP address which received the response, and the
804 corresponding reference ID.
805 Leap status, Version, Mode, Stratum, Poll interval, Precision, Root
807 delay, Root dispersion, Reference ID, Reference time
808 The NTP values from the last valid response.
809 Offset, Peer delay, Peer dispersion
811 The measured values.
812 Response time
814 The time the server or peer spent in processing of the request
815 and waiting before sending the response.
816 Jitter asymmetry
818 The estimated asymmetry of network jitter on the path to the
819 source. The asymmetry can be between -0.5 and 0.5. A negative
820 value means the delay of packets sent to the source is more
821 variable than the delay of packets sent from the source back.
822 NTP tests
824 Results of RFC 5905 tests 1 through 3, 5 through 7, and tests
825 for maximum delay, delay ratio, delay dev ratio (or delay
826 quantile), and synchronisation loop.
827 Interleaved
829 This shows if the response was in the interleaved mode.
830 Authenticated
832 This shows if the response was authenticated.
833 TX timestamping
835 The source of the local transmit timestamp. Valid values are
836 Daemon, Kernel, and Hardware.
837 RX timestamping
839 The source of the local receive timestamp.
840 Total TX
842 The number of packets sent to the source.
843 Total RX
845 The number of all packets received from the source.
846 Total valid RX
848 The number of packets which passed the first two groups of NTP
849 tests.
850 Total good RX
852 The number of packets which passed all three groups of NTP
853 tests, i.e. the NTP measurement was accepted.
854 add peer name [option]...
856 The add peer command allows a new NTP peer to be added whilst
857 chronyd is running.
858 Following the words add peer, the syntax of the following
860 parameters and options is identical to that for the peer directive
861 in the configuration file.
862 An example of using this command is shown below.
864 add peer ntp1.example.net minpoll 6 maxpoll 10 key 25
866 add pool name [option]...
868 The add pool command allows a pool of NTP servers to be added
869 whilst chronyd is running.
870 Following the words add pool, the syntax of the following
872 parameters and options is identical to that for the pool directive
873 in the configuration file.
874 An example of using this command is shown below:
876 add pool ntp1.example.net maxsources 3 iburst
878 add server name [option]...
880 The add server command allows a new NTP server to be added whilst
881 chronyd is running.
882 Following the words add server, the syntax of the following
884 parameters and options is identical to that for the server
885 directive in the configuration file.
886 An example of using this command is shown below:
888 add server ntp1.example.net minpoll 6 maxpoll 10 key 25
890 delete address
892 The delete command allows an NTP server or peer to be removed from
893 the current set of sources.
894 burst good/max [mask/masked-address], burst good/max
896 [masked-address/masked-bits], burst good/max [address]
897 The burst command tells chronyd to make a set of measurements to
898 each of its NTP sources over a short duration (rather than the
899 usual periodic measurements that it makes). After such a burst,
900 chronyd will revert to the previous state for each source. This
901 might be either online, if the source was being periodically
902 measured in the normal way, or offline, if the source had been
903 indicated as being offline. (A source can be switched between the
904 online and offline states with the online and offline commands.)
905 The mask and masked-address arguments are optional, in which case
907 chronyd will initiate a burst for all of its currently defined
908 sources.
909 The arguments have the following meaning and format:
911 good
913 This defines the number of good measurements that chronyd will
914 want to obtain from each source. A measurement is good if it
915 passes certain tests, for example, the round trip time to the
916 source must be acceptable. (This allows chronyd to reject
917 measurements that are likely to be bogus.)
918 max
920 This defines the maximum number of measurements that chronyd
921 will attempt to make, even if the required number of good
922 measurements has not been obtained.
923 mask
925 This is an IP address with which the IP address of each of
926 chronyd's sources is to be masked.
927 masked-address
929 This is an IP address. If the masked IP address of a source
930 matches this value then the burst command is applied to that
931 source.
932 masked-bits
934 This can be used with masked-address for CIDR notation, which
935 is a shorter alternative to the form with mask.
936 address
938 This is an IP address or a hostname. The burst command is
939 applied only to that source.
940 If no mask or masked-address arguments are provided, every source
944 will be matched.
945 An example of the two-argument form of the command is:
947 burst 2/10
949 This will cause chronyd to attempt to get two good measurements
951 from each source, stopping after two have been obtained, but in no
952 event will it try more than ten probes to the source.
953 Examples of the four-argument form of the command are:
955 burst 2/10 255.255.0.0/1.2.0.0
957 burst 2/10 2001:db8:789a::/48
958 In the first case, the two out of ten sampling will only be applied
960 to sources whose IPv4 addresses are of the form 1.2.x.y, where x
961 and y are arbitrary. In the second case, the sampling will be
962 applied to sources whose IPv6 addresses have first 48 bits equal to
963 2001:db8:789a.
964 Example of the three-argument form of the command is:
966 burst 2/10 ntp1.example.net
968 maxdelay address delay
970 This allows the maxdelay option for one of the sources to be
971 modified, in the same way as specifying the maxdelay option for the
972 server directive in the configuration file.
973 maxdelaydevratio address ratio
975 This allows the maxdelaydevratio option for one of the sources to
976 be modified, in the same way as specifying the maxdelaydevratio
977 option for the server directive in the configuration file.
978 maxdelayratio address ratio
980 This allows the maxdelayratio option for one of the sources to be
981 modified, in the same way as specifying the maxdelayratio option
982 for the server directive in the configuration file.
983 maxpoll address maxpoll
985 The maxpoll command is used to modify the maximum polling interval
986 for one of the current set of sources. It is equivalent to the
987 maxpoll option in the server directive in the configuration file.
988 Note that the new maximum polling interval only takes effect after
990 the next measurement has been made.
991 minpoll address minpoll
993 The minpoll command is used to modify the minimum polling interval
994 for one of the current set of sources. It is equivalent to the
995 minpoll option in the server directive in the configuration file.
996 Note that the new minimum polling interval only takes effect after
998 the next measurement has been made.
999 minstratum address minstratum
1001 The minstratum command is used to modify the minimum stratum for
1002 one of the current set of sources. It is equivalent to the
1003 minstratum option in the server directive in the configuration
1004 file.
1005 offline [address], offline [masked-address/masked-bits], offline
1007 [mask/masked-address]
1008 The offline command is used to warn chronyd that the network
1009 connection to a particular host or hosts is about to be lost, e.g.
1010 on computers with intermittent connection to their time sources.
1011 Another case where offline could be used is where a computer serves
1013 time to a local group of computers, and has a permanent connection
1014 to true time servers outside the organisation. However, the
1015 external connection is heavily loaded at certain times of the day
1016 and the measurements obtained are less reliable at those times. In
1017 this case, it is probably most useful to determine the gain or loss
1018 rate during the quiet periods and let the whole network coast
1019 through the loaded periods. The offline and online commands can be
1020 used to achieve this.
1021 There are four forms of the offline command. The first form is a
1023 wildcard, meaning all sources (including sources that do not have a
1024 known address yet). The second form allows an IP address mask and a
1025 masked address to be specified. The third form uses CIDR notation.
1026 The fourth form uses an IP address or a hostname. These forms are
1027 illustrated below.
1028 offline
1030 offline 255.255.255.0/1.2.3.0
1031 offline 2001:db8:789a::/48
1032 offline ntp1.example.net
1033 The second form means that the offline command is to be applied to
1035 any source whose IPv4 address is in the 1.2.3 subnet. (The host’s
1036 address is logically and-ed with the mask, and if the result
1037 matches the masked-address the host is processed.) The third form
1038 means that the command is to be applied to all sources whose IPv6
1039 addresses have their first 48 bits equal to 2001:db8:789a. The
1040 fourth form means that the command is to be applied only to that
1041 one source.
1042 The wildcard form of the address is equivalent to:
1044 offline 0.0.0.0/0.0.0.0
1046 offline ::/0
1047 online [address], online [masked-address/masked-bits], online
1049 [mask/masked-address]
1050 The online command is opposite in function to the offline command.
1051 It is used to advise chronyd that network connectivity to a
1052 particular source or sources has been restored.
1053 The syntax is identical to that of the offline command.
1055 onoffline
1057 The onoffline command tells chronyd to switch all sources that have
1058 a known address to the online or offline status according to the
1059 current network configuration. A source is considered online if it
1060 is possible to send requests to it, i.e. a network route to the
1061 source is present.
1062 polltarget address polltarget
1064 The polltarget command is used to modify the poll target for one of
1065 the current set of sources. It is equivalent to the polltarget
1066 option in the server directive in the configuration file.
1067 refresh
1069 The refresh command can be used to force chronyd to resolve the
1070 names of configured NTP sources to IP addresses again and replace
1071 any addresses missing in the list of resolved addresses.
1072 Sources that stop responding are replaced with newly resolved
1074 addresses automatically after 8 polling intervals. This command can
1075 be used to replace them immediately, e.g. after suspending and
1076 resuming the machine in a different network.
1077 Note that with pools which have more than 16 addresses, or not all
1079 IPv4 or IPv6 addresses are included in a single DNS response (e.g.
1080 pool.ntp.org), this command might replace the addresses even if
1081 they are still in the pool.
1082 reload sources
1084 The reload sources command causes chronyd to re-read all *.sources
1085 files from the directories specified by the sourcedir directive.
1086 Note that modified sources (e.g. specified with a new option) are
1088 not modified in memory. They are removed and added again, which
1089 causes them to lose old measurements and reset the selection state.
1090 sourcename address
1092 The sourcename command prints the original hostname or address that
1093 was specified for an NTP source in the configuration file, or the
1094 add command. This command is an alternative to the -N option, which
1095 can be useful in scripts.
1096 Note that different NTP sources can share the same name, e.g.
1098 servers from a pool.
1099 Manual time input
1101 manual on, manual off, manual delete index, manual list, manual reset
1102 The manual command enables and disables use of the settime command,
1103 and is used to modify the behaviour of the manual clock driver.
1104 The on form of the command enables use of the settime command.
1106 The off form of the command disables use of the settime command.
1108 The list form of the command lists all the samples currently stored
1110 in chronyd. The output is illustrated below.
1111 210 n_samples = 1
1113 # Date Time(UTC) Slewed Original Residual
1114 ====================================================
1115 0 27Jan99 22:09:20 0.00 0.97 0.00
1116 The columns are as as follows:
1118 1. The sample index (used for the manual delete command).
1120 2. The date and time of the sample.
1122 3. The system clock error when the timestamp was entered, adjusted
1124 to allow for changes made to the system clock since.
1125 4. The system clock error when the timestamp was entered, as it
1127 originally was (without allowing for changes to the system
1128 clock since).
1129 5. The regression residual at this point, in seconds. This allows
1131 ‘outliers’ to be easily spotted, so that they can be deleted
1132 using the manual delete command.
1133 The delete form of the command deletes a single sample. The
1137 parameter is the index of the sample, as shown in the first column
1138 of the output from manual list. Following deletion of the data
1139 point, the current error and drift rate are re-estimated from the
1140 remaining data points and the system clock trimmed if necessary.
1141 This option is intended to allow ‘outliers’ to be discarded, i.e.
1142 samples where the administrator realises they have entered a very
1143 poor timestamp.
1144 The reset form of the command deletes all samples at once. The
1146 system clock is left running as it was before the command was
1147 entered.
1148 settime time
1150 The settime command allows the current time to be entered manually,
1151 if this option has been configured into chronyd. (It can be
1152 configured either with the manual directive in the configuration
1153 file, or with the manual command of chronyc.)
1154 It should be noted that the computer’s sense of time will only be
1156 as accurate as the reference you use for providing this input (e.g.
1157 your watch), as well as how well you can time the press of the
1158 return key.
1159 Providing your computer’s time zone is set up properly, you will be
1161 able to enter a local time (rather than UTC).
1162 The response to a successful settime command indicates the amount
1164 that the computer’s clock was wrong. It should be apparent from
1165 this if you have entered the time wrongly, e.g. with the wrong time
1166 zone.
1167 The rate of drift of the system clock is estimated by a regression
1169 process using the entered measurement and all previous measurements
1170 entered during the present run of chronyd. However, the entered
1171 measurement is used for adjusting the current clock offset (rather
1172 than the estimated intercept from the regression, which is
1173 ignored). Contrast what happens with the manual delete command,
1174 where the intercept is used to set the current offset (since there
1175 is no measurement that has just been entered in that case).
1176 The time is parsed by the public domain getdate algorithm.
1178 Consequently, you can only specify time to the nearest second.
1179 Examples of inputs that are valid are shown below:
1181 settime 16:30
1183 settime 16:30:05
1184 settime Nov 21, 2015 16:30:05
1185 For a full description of getdate, see the getdate documentation
1187 (bundled, for example, with the source for GNU tar).
1188 NTP access
1190 accheck address
1191 This command allows you to check whether client NTP access is
1192 allowed from a particular host.
1193 Examples of use, showing a named host and a numeric IP address, are
1195 as follows:
1196 accheck ntp1.example.net
1198 accheck 1.2.3.4
1199 accheck 2001:db8::1
1200 This command can be used to examine the effect of a series of
1202 allow, allow all, deny, and deny all commands specified either via
1203 chronyc, or in chronyd's configuration file.
1204 clients [-p packets] [-k] [-r]
1206 This command shows a list of clients that have accessed the server,
1207 through the NTP, command, or NTS-KE port. It does not include
1208 accesses over the Unix domain command socket.
1209 The -p option specifies the minimum number of received NTP or
1211 command packets, or accepted NTS-KE connections, needed to include
1212 a client in the list. The default value is 0, i.e. all clients are
1213 reported. With the -k option the last four columns will show the
1214 NTS-KE accesses instead of command accesses. If the -r option is
1215 specified, chronyd will reset the counters of received and dropped
1216 packets or connections after reporting the current values.
1217 An example of the output is:
1219 Hostname NTP Drop Int IntL Last Cmd Drop Int Last
1221 ===============================================================================
1222 localhost 2 0 2 - 133 15 0 -1 7
1223 ntp1.example.net 12 0 6 - 23 0 0 - -
1224 Each row shows the data for a single host. Only hosts that have
1226 passed the host access checks (set with the allow, deny, cmdallow
1227 and cmddeny commands or configuration file directives) are logged.
1228 The intervals are displayed as a power of 2 in seconds.
1229 The columns are as follows:
1231 1. The hostname of the client.
1233 2. The number of NTP packets received from the client.
1235 3. The number of NTP packets dropped to limit the response rate.
1237 4. The average interval between NTP packets.
1239 5. The average interval between NTP packets after limiting the
1241 response rate.
1242 6. Time since the last NTP packet was received
1244 7. The number of command packets or NTS-KE connections
1246 received/accepted from the client.
1247 8. The number of command packets or NTS-KE connections dropped to
1249 limit the response rate.
1250 9. The average interval between command packets or NTS-KE
1252 connections.
1253 10. Time since the last command packet or NTS-KE connection was
1255 received/accepted.
1256 serverstats
1258 The serverstats command displays NTP and command server statistics.
1259 An example of the output is shown below.
1261 NTP packets received : 1598
1263 NTP packets dropped : 8
1264 Command packets received : 19
1265 Command packets dropped : 0
1266 Client log records dropped : 0
1267 NTS-KE connections accepted: 3
1268 NTS-KE connections dropped : 0
1269 Authenticated NTP packets : 189
1270 Interleaved NTP packets : 43
1271 NTP timestamps held : 44
1272 NTP timestamp span : 120
1273 NTP daemon RX timestamps : 0
1274 NTP daemon TX timestamps : 1537
1275 NTP kernel RX timestamps : 1590
1276 NTP kernel TX timestamps : 43
1277 NTP hardware RX timestamps : 0
1278 NTP hardware TX timestamps : 0
1279 The fields have the following meaning:
1281 NTP packets received
1283 The number of valid NTP requests received by the server.
1284 NTP packets dropped
1286 The number of NTP requests dropped by the server due to rate
1287 limiting (configured by the ratelimit directive).
1288 Command packets received
1290 The number of command requests received by the server.
1291 Command packets dropped
1293 The number of command requests dropped by the server due to
1294 rate limiting (configured by the cmdratelimit directive).
1295 Client log records dropped
1297 The number of client log records dropped by the server to limit
1298 the memory use (configured by the clientloglimit directive).
1299 NTS-KE connections accepted
1301 The number of NTS-KE connections accepted by the server.
1302 NTS-KE connections dropped
1304 The number of NTS-KE connections dropped by the server due to
1305 rate limiting (configured by the ntsratelimit directive).
1306 Authenticated NTP packets
1308 The number of received NTP requests that were authenticated
1309 (with a symmetric key or NTS).
1310 Interleaved NTP packets
1312 The number of received NTP requests that were detected to be in
1313 the interleaved mode.
1314 NTP timestamps held
1316 The number of pairs of receive and transmit timestamps that the
1317 server is currently holding in memory for clients using the
1318 interleaved mode.
1319 NTP timestamp span
1321 The interval (in seconds) covered by the currently held NTP
1322 timestamps.
1323 NTP daemon RX timestamps
1325 The number of NTP responses which included a receive timestamp
1326 captured by the daemon.
1327 NTP daemon TX timestamps
1329 The number of NTP responses which included a transmit timestamp
1330 captured by the daemon.
1331 NTP kernel RX timestamps
1333 The number of NTP responses which included a receive timestamp
1334 captured by the kernel.
1335 NTP kernel TX timestamps
1337 The number of NTP responses (in the interleaved mode) which
1338 included a transmit timestamp captured by the kernel.
1339 NTP hardware RX timestamps
1341 The number of NTP responses which included a receive timestamp
1342 captured by the NIC.
1343 NTP hardware TX timestamps
1345 The number of NTP responses (in the interleaved mode) which
1346 included a transmit timestamp captured by the NIC.
1347 allow [all] [subnet]
1349 The effect of the allow command is identical to the allow directive
1350 in the configuration file.
1351 The syntax is illustrated in the following examples:
1353 allow 1.2.3.4
1355 allow all 3.4.5.0/24
1356 allow 2001:db8:789a::/48
1357 allow 0/0
1358 allow ::/0
1359 allow
1360 allow all
1361 deny [all] [subnet]
1363 The effect of the allow command is identical to the deny directive
1364 in the configuration file.
1365 The syntax is illustrated in the following examples:
1367 deny 1.2.3.4
1369 deny all 3.4.5.0/24
1370 deny 2001:db8:789a::/48
1371 deny 0/0
1372 deny ::/0
1373 deny
1374 deny all
1375 local [option]..., local off
1377 The local command allows chronyd to be told that it is to appear as
1378 a reference source, even if it is not itself properly synchronised
1379 to an external source. This can be used on isolated networks, to
1380 allow a computer to be the primary time server for other computers.
1381 The first form enables the local reference mode on the host. The
1383 syntax is identical to the local directive in the configuration
1384 file.
1385 The second form disables the local reference mode.
1387 smoothing
1389 The smoothing command displays the current state of the NTP server
1390 time smoothing, which can be enabled with the smoothtime directive.
1391 An example of the output is shown below.
1392 Active : Yes
1394 Offset : +1.000268817 seconds
1395 Frequency : -0.142859 ppm
1396 Wander : -0.010000 ppm per second
1397 Last update : 17.8 seconds ago
1398 Remaining time : 19988.4 seconds
1399 The fields are explained as follows:
1401 Active
1403 This shows if the server time smoothing is currently active.
1404 Possible values are Yes and No. If the leaponly option is
1405 included in the smoothtime directive, (leap second only) will
1406 be shown on the line.
1407 Offset
1409 This is the current offset applied to the time sent to NTP
1410 clients. Positive value means the clients are getting time
1411 that’s ahead of true time.
1412 Frequency
1414 The current frequency offset of the served time. Negative value
1415 means the time observed by clients is running slower than true
1416 time.
1417 Wander
1419 The current frequency wander of the served time. Negative value
1420 means the time observed by clients is slowing down.
1421 Last update
1423 This field shows how long ago the time smoothing process was
1424 updated, e.g. chronyd accumulated a new measurement.
1425 Remaining time
1427 The time it would take for the smoothing process to get to zero
1428 offset and frequency if there were no more updates.
1429 smoothtime activate, smoothtime reset
1431 The smoothtime command can be used to activate or reset the server
1432 time smoothing process if it is configured with the smoothtime
1433 directive.
1434 Monitoring access
1436 cmdaccheck address
1437 This command is similar to the accheck command, except that it is
1438 used to check whether monitoring access is permitted from a named
1439 host.
1440 Examples of use are as follows:
1442 cmdaccheck ntp1.example.net
1444 cmdaccheck 1.2.3.4
1445 cmdaccheck 2001:db8::1
1446 cmdallow [all] [subnet]
1448 This is similar to the allow command, except that it is used to
1449 allow particular hosts or subnets to use chronyc to monitor with
1450 chronyd on the current host.
1451 cmddeny [all] [subnet]
1453 This is similar to the deny command, except that it is used to
1454 allow particular hosts or subnets to use chronyc to monitor chronyd
1455 on the current host.
1456 Real-time clock (RTC)
1458 rtcdata
1459 The rtcdata command displays the current RTC parameters.
1460 An example output is shown below.
1462 RTC ref time (GMT) : Sat May 30 07:25:56 2015
1464 Number of samples : 10
1465 Number of runs : 5
1466 Sample span period : 549
1467 RTC is fast by : -1.632736 seconds
1468 RTC gains time at : -107.623 ppm
1469 The fields have the following meaning:
1471 RTC ref time (GMT)
1473 This is the RTC reading the last time its error was measured.
1474 Number of samples
1476 This is the number of previous measurements being used to
1477 determine the RTC gain or loss rate.
1478 Number of runs
1480 This is the number of runs of residuals of the same sign
1481 following the regression fit for (RTC error) versus (RTC time).
1482 A value which is small indicates that the measurements are not
1483 well approximated by a linear model, and that the algorithm
1484 will tend to delete the older measurements to improve the fit.
1485 Sample span period
1487 This is the period that the measurements span (from the oldest
1488 to the newest). Without a unit the value is in seconds;
1489 suffixes m for minutes, h for hours, d for days or y for years
1490 can be used.
1491 RTC is fast by
1493 This is the estimate of how many seconds fast the RTC when it
1494 thought the time was at the reference time (above). If this
1495 value is large, you might (or might not) want to use the
1496 trimrtc command to bring the RTC into line with the system
1497 clock. (Note, a large error will not affect chronyd's
1498 operation, unless it becomes so big as to start causing
1499 rounding errors.)
1500 RTC gains time at
1502 This is the amount of time gained (positive) or lost (negative)
1503 by the real time clock for each second that it ticks. It is
1504 measured in parts per million. So if the value shown was +1,
1505 suppose the RTC was exactly right when it crosses a particular
1506 second boundary. Then it would be 1 microsecond fast when it
1507 crosses its next second boundary.
1508 trimrtc
1510 The trimrtc command is used to correct the system’s real-time clock
1511 (RTC) to the main system clock. It has no effect if the error
1512 between the two clocks is currently estimated at less than a
1513 second.
1514 The command takes no arguments. It performs the following steps (if
1516 the RTC is more than 1 second away from the system clock):
1517 1. Remember the currently estimated gain or loss rate of the RTC
1519 and flush the previous measurements.
1520 2. Step the real-time clock to bring it within a second of the
1522 system clock.
1523 3. Make several measurements to accurately determine the new
1525 offset between the RTC and the system clock (i.e. the remaining
1526 fraction of a second error).
1527 4. Save the RTC parameters to the RTC file (specified with the
1529 rtcfile directive in the configuration file).
1530 The last step is done as a precaution against the computer
1534 suffering a power failure before either the daemon exits or the
1535 writertc command is issued.
1536 chronyd will still work perfectly well both whilst operating and
1538 across machine reboots even if the trimrtc command is never used
1539 (and the RTC is allowed to drift away from true time). The trimrtc
1540 command is provided as a method by which it can be corrected, in a
1541 manner compatible with chronyd using it to maintain accurate time
1542 across machine reboots.
1543 The trimrtc command can be executed automatically by chronyd with
1545 the rtcautotrim directive in the configuration file.
1546 writertc
1548 The writertc command writes the currently estimated error and gain
1549 or loss rate parameters for the RTC to the RTC file (specified with
1550 the rtcfile directive). This information is also written
1551 automatically when chronyd is killed (by the SIGHUP, SIGINT,
1552 SIGQUIT or SIGTERM signals) or when the trimrtc command is issued.
1553 Other daemon commands
1555 cyclelogs
1556 The cyclelogs command causes all of chronyd's open log files to be
1557 closed and re-opened. This allows them to be renamed so that they
1558 can be periodically purged. An example of how to do this is shown
1559 below.
1560 # mv /var/log/chrony/measurements.log /var/log/chrony/measurements1.log
1562 # chronyc cyclelogs
1563 # rm /var/log/chrony/measurements1.log
1564 dump
1566 The dump command causes chronyd to write its current history of
1567 measurements for each of its sources to dump files in the directory
1568 specified in the configuration file by the dumpdir directive and
1569 also write server NTS keys and client NTS cookies to the directory
1570 specified by the ntsdumpdir directive. Note that chronyd does this
1571 automatically when it exits. This command is mainly useful for
1572 inspection whilst chronyd is running.
1573 rekey
1575 The rekey command causes chronyd to re-read the key file specified
1576 in the configuration file by the keyfile directive. It also
1577 re-reads the server NTS keys if ntsdumpdir is specified and
1578 automatic rotation is disabled in the configuration file.
1579 reset sources
1581 The reset sources command causes chronyd to drop all measurements
1582 and switch to the unsynchronised state. This command can help
1583 chronyd with recovery when the measurements are known to be no
1584 longer valid or accurate, e.g. due to moving the computer to a
1585 different network, or resuming the computer from a low-power state
1586 (which resets the system clock). chronyd will drop the measurements
1587 automatically when it detects the clock has made an unexpected
1588 jump, but the detection is not completely reliable.
1589 shutdown
1591 The shutdown command causes chronyd to exit. This is equivalent to
1592 sending the process the SIGTERM signal.
1593 Client commands
1595 dns option
1596 The dns command configures how hostnames and IP addresses are
1597 resolved in chronyc. IP addresses can be resolved to hostnames when
1598 printing results of sources, sourcestats, tracking and clients
1599 commands. Hostnames are resolved in commands that take an address
1600 as argument.
1601 There are five options:
1603 dns -n
1605 Disables resolving IP addresses to hostnames. Raw IP addresses
1606 will be displayed.
1607 dns +n
1609 Enables resolving IP addresses to hostnames. This is the
1610 default unless chronyc was started with -n option.
1611 dns -4
1613 Resolves hostnames only to IPv4 addresses.
1614 dns -6
1616 Resolves hostnames only to IPv6 addresses.
1617 dns -46
1619 Resolves hostnames to both address families. This is the
1620 default behaviour unless chronyc was started with the -4 or -6
1621 option.
1622 timeout timeout
1624 The timeout command sets the initial timeout for chronyc requests
1625 in milliseconds. If no response is received from chronyd, the
1626 timeout is doubled and the request is resent. The maximum number of
1627 retries is configured with the retries command.
1628 By default, the timeout is 1000 milliseconds.
1630 retries retries
1632 The retries command sets the maximum number of retries for chronyc
1633 requests before giving up. The response timeout is controlled by
1634 the timeout command.
1635 The default is 2.
1637 keygen [id [type [bits]]]
1639 The keygen command generates a key that can be added to the key
1640 file (specified with the keyfile directive) to allow NTP
1641 authentication between server and client, or peers. The key is
1642 generated from the /dev/urandom device and it is printed to
1643 standard output.
1644 The command has three optional arguments. The first argument is the
1646 key number (by default 1), which will be specified with the key
1647 option of the server or peer directives in the configuration file.
1648 The second argument is the name of the hash function or cipher (by
1649 default SHA1, or MD5 if SHA1 is not available). The third argument
1650 is the length of the key in bits if a hash function was selected,
1651 between 80 and 4096 bits (by default 160 bits).
1652 An example is:
1654 keygen 73 SHA1 256
1656 which generates a 256-bit SHA1 key with number 73. The printed line
1658 should then be securely transferred and added to the key files on
1659 both server and client, or peers. A different key should be
1660 generated for each client or peer.
1661 An example using the AES128 cipher is:
1663 keygen 151 AES128
1665 exit, quit
1667 The exit and quit commands exit from chronyc and return the user to
1668 the shell.
1669 help
1671 The help command displays a summary of the commands and their
1672 arguments.
1673
1675 chrony.conf(5), chronyd(8)
1676
1678 For instructions on how to report bugs, please visit
1679 https://chrony-project.org/.
1680
1682 chrony was written by Richard Curnow, Miroslav Lichvar, and others.
1683chrony 4.5 2023-12-05 CHRONYC(1)