ntpq [-46adhinpkwWu] [-c command] [host] [...]
The ntpq utility program is used to monitor NTP daemon ntpd operations and determine performance. It uses the standard NTP mode 6 control message formats defined in Appendix B of the NTPv3 specification RFC 1305. The same formats are used in NTPv4, although some of the variable names have changed, and new ones added. The description on this page is for the NTPv4 variables.
The program can be run either in interactive mode or controlled using command line arguments. Requests to read and write arbitrary variables can be assembled, with raw and pretty-printed output options being available. It can also obtain and print a list of peers in a common format by sending multiple queries to the server.
If one or more request options are included on the command line when ntpq is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, ntpq will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. ntpq will prompt for commands if the standard input is a terminal device.
ntpq uses NTP mode 6 packets to communicate with the NTP server, and hence can be used to query any compatible server on the network which permits it. Note that since NTP is a UDP protocol this communication will be somewhat unreliable, especially over large distances in terms of network topology. ntpq makes one attempt to retransmit requests and will time requests out if the remote host is not heard from within a suitable timeout time.
Note that in contexts where a host name is expected, a -4 qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a -6 qualifier forces DNS resolution to the IPv6 namespace.
For examples and usage, see the NTP Debugging <debug.html> Techniques" page.
For a simpler near-real-time monitor, see ntpmon(1).
Command line options are described following. Specifying the command line options -c or -p will cause the specified query (queries) to be sent to the indicated host(s) immediately. Otherwise, ntpq will attempt to read interactive format commands from the standard input.
-4, --ipv4
-6, --ipv6
-a num, --authentication=num
-c cmd, --command=cmd
-d, --debug
-D num, --set-debug-level=num
-l filename, --logfile=filename
-h, --help
-n, --numeric
-s, --srcname
-S, --srcnumber
-p, --peers
-k filename, --keyfile=filename
-V, --version
-w, --wide
-W num, --width=num
-u, --units
Interactive format commands consist of a keyword followed by zero to four arguments. Only enough characters of the full keyword to uniquely identify the command need be typed. The output of a command is normally sent to the standard output, but optionally the output of individual commands may be sent to a file by appending a >, followed by a file name, to the command line. Some interactive format commands are executed entirely within the ntpq program itself and do not result in NTP mode 6 requests being sent to a server. These are described as following.
? [command_keyword], help [command_keyword]
addvars name [ = value] [...]; rmvars name [...]; clearvars
authenticate [yes | no]
cooked
debug more | less | off
noflake, +doflake probability
logfile <stderr> | filename
delay milliseconds
exit
host name
hostnames [yes | no]
keyid keyid
keytype
ntpversion 1 | 2 | 3 | 4
passwd
quit
raw
timeout milliseconds
units
version
Association IDs are used to identify system, peer and clock variables. System variables are assigned an association ID of zero and system name space, while each association is assigned a nonzero association ID and peer namespace. Most control commands send a single mode 6 message to the server and expect a single response message. The exceptions are the peers command, which sends a series of messages, and the mreadlist and mreadvar commands, which iterate over a range of associations.
associations
ind assid status conf reach auth condition last_event cnt
Variable |
Description
|
ind |
index on this list
|
assid |
association ID
|
status |
peer status word <decode.html#peer>
|
conf |
yes: persistent, no: ephemeral
|
reach |
yes: reachable, no: unreachable
|
auth |
ok, yes, bad and none
|
condition |
selection status (see the select field of the
peer status word <decode.html#peer>)
|
last_event |
event report (see the event field of the
peer <decode.html#peer>
status word" )
|
cnt |
event count (see the count field of the
peer <decode.html#peer>
status word" )
|
authinfo
clockvar assocID [name [ = value [...] ][...], cv assocID [name [ = value [...] ][...]
:config [...]
config-from-file filename
ifstats
iostats
kerninfo
lassociations
lpeers [-4 | -6]
monstats
direct
mrulist [limited | kod | mincount=count | mindrop=drop | minscore=score | maxlstint=seconds | minlstint=seconds | laddr=localaddr | sort=sortorder | resany=hexmask | resall=hexmask | limit=limit | addr.num=address]:: Obtain and print traffic counts collected and maintained by the monitor facility. This is useful for tracking who uses or abuses your server.
+ Except for sort=sortorder, the options filter the list returned by ntpd. The limited and kod options return only entries representing client addresses from which the last packet received triggered either discarding or a KoD response. the addr.num= option adds specific addresses to retrieve when limit=1. Values of 0 to 15 are supported for num. Also, used internally with last.num=hextime to select the starting point for retrieving continued response. the frags=frags option limits the number of datagrams (fragments) in response. Used by newer ntpq versions instead of limit= when retrieving multiple entries. The limit= option limits the MRU entries returned per response. limit=1 is a special case: Instead of fetching beginning with the supplied starting points (provided by a last.x and addr.x where 0 ⇐ x ⇐ 15, default the beginning of time) newer neighbor, fetch the supplied entries. This enables fetching multiple entries from given IP addresses (provided by addr.x= entries where 0 ⇐ x ⇐ 15). When limit is not one and frags= is provided, the fragment limit controls. NOTE: a single mrulist command may cause many query/response rounds allowing limits as low as 3 to potentially retrieve thousands of entries in responses. The mincount=count option filters out entries that have received less than count packets. The mindrop=drop option filters out entries that have dropped less than drop packets. The minscore=score option filters out entries with a score less than score. The maxlstint=seconds option filters out entries where no packets have arrived within seconds. The minlstint=seconds option filters out entries with a packet has arrived within seconds. The laddr=localaddr option filters out entries for packets received on any local address other than localaddr. resany=hexmask and resall=hexmask filter entries containing none or less than all, respectively, of the bits in hexmask, which must begin with 0x.
+ The sortorder defaults to lstint and may be any of addr, count, avgint, lstint, score, drop or any of those preceded by a minus sign (hyphen) to reverse the sort order. The output columns are:
+
Column |
Description
|
lstint |
Interval in s between the receipt of the most recent packet from this
address and the completion of the retrieval of the MRU list by ntpq.
|
avgint |
Average interval in s between packets from this address.
|
rstr |
Restriction flags associated with this address. Most are copied
unchanged from the matching restrict command, however 0x400 (kod)
and 0x20 (limited) flags are cleared unless the last packet from this
address triggered a rate control response.
|
r |
Rate control indicator, either a period, L or K for no rate
control response, rate limiting by discarding, or rate limiting with a
KoD response, respectively.
|
m |
Packet mode.
|
v |
Packet version number.
|
count |
Packets received from this address.
|
score |
Packets per second (averaged with exponential decay).
|
drop |
Packets dropped (or KoDed) from this address.
|
rport |
Source port of last packet from this address.
|
remote address |
DNS name, numeric address, or address followed by claimed DNS name
which could not be verified in parentheses.
|
mreadvar assocID assocID [ variable_name [ = value[ ... ], mrv assocID assocID [ variable_name [ = value[ ... ]
opeers
passociations
peers
tally remote refid st t when pool reach delay offset jitter
Variable |
Description
|
tally |
single-character code indicating current value of the select field
of the
peer status word <decode.html#peer>
|
remote |
host name (or IP number) of peer
|
refid |
association ID or
kiss code <decode.html#kiss>
|
st |
stratum
|
t |
u: unicast or manycast client,
l: local (reference clock), s: symmetric (peer), server, B:
broadcast server, 1-8 NTS unicast with this number of cookies stored.
|
when |
sec/min/hr since last received packet
|
poll |
poll interval (log2 s)
|
reach |
reach shift register (octal)
|
delay |
roundtrip delay
|
offset |
offset of server relative to this host
|
jitter |
jitter
|
The tally code is one of the following:
Code |
Description
|
|
discarded as not valid
|
x |
discarded by intersection algorithm
|
. |
discarded by table overflow (not used)
|
- |
discarded by the cluster algorithm
|
+ |
included by the combine algorithm
|
# |
backup (more than tos maxclock sources)
|
* |
system peer
|
o |
PPS peer (when the prefer peer is valid)
|
apeers
[tally]remote refid assid st t when pool reach delay offset jitter
where the output is just like the peers command except that the refid is displayed in hex format and the association number is also displayed.
pstats assocID
readvar assocID [ name ] [,...], rv assocID [ name ] [,...]
reslist
timerstats
writelist assocID
writevar assocID name = value [,...]
sysinfo
sysstats
ntsinfo
Four commands require authentication to the server: config-from-file, config, ifstats, and reslist. An authkey file must be in place and a control key declared in ntp.conf for these commands to work.
If you are running as root or otherwise have read access to the authkey and ntp.conf file, ntpq will mine the required credentials for you. Otherwise, you will be prompted to enter a key ID and password.
Credentials once entered, are retained and used for the duration of your ntpq session.
The current state of the operating program is shown in a set of status words maintained by the system and each association separately. These words are displayed in the rv and as commands both in hexadecimal and decoded short tip strings. The codes, tips, and short explanations are on the Event Messages and Status Words <decode.html> page. The page also includes a list of system and peer messages, the code for the latest of which is included in the status word.
Information resulting from protocol machine state transitions is displayed using an informal set of ASCII strings called kiss codes <decode.html#kiss>. The original purpose was for kiss-o'-death (KoD) packets sent by the server to advise the client of an unusual condition. They are now displayed, when appropriate, in the reference identifier field in various billboards.
The following system variables appear in the rv billboard. Not all variables are displayed in some configurations.
Variable |
Description
|
status |
system status word <decode.html#sys>
|
version |
NTP software version and build time
|
processor |
hardware platform and version
|
system |
operating system and version
|
leap |
leap warning indicator (0-3)
|
stratum |
stratum (1-15)
|
precision |
precision (log2 s)
|
rootdelay |
total roundtrip delay to the primary reference clock
|
rootdisp |
total dispersion to the primary reference clock
|
peer |
system peer association ID
|
tc |
time constant and poll exponent (log2 s) (3-17)
|
mintc |
minimum time constant (log2 s) (3-10)
|
clock |
date and time of day
|
refid |
reference ID or
kiss code <decode.html#kiss>
|
reftime |
reference time
|
offset |
combined offset of server relative to this host
|
sys_jitter |
combined system jitter
|
frequency |
frequency offset (PPM) relative to hardware clock
|
clk_wander |
clock frequency wander (PPM)
|
clk_jitter |
clock jitter
|
tai |
TAI-UTC offset (s)
|
leapsec |
NTP seconds when the next leap second is/was inserted
|
expire |
NTP seconds when the NIST leapseconds file expires
|
The jitter and wander statistics are exponentially-weighted RMS averages. The system jitter is defined in the NTPv4 specification; the clock jitter statistic is computed by the clock discipline module.
The following peer variables appear in the rv billboard for each association. Not all variables are displayed in some configurations.
Variable |
Description
|
associd |
association ID
|
status |
peer status word <decode.html#peer>
|
srcadr srcport |
source (remote) IP address and port
|
dstadr dstport |
destination (local) IP address and port
|
leap |
leap indicator (0-3)
|
stratum |
stratum (0-15)
|
precision |
precision (log2 s)
|
rootdelay |
total roundtrip delay to the primary reference clock
|
rootdisp |
total root dispersion to the primary reference clock
|
refid |
reference ID or
kiss code <decode.html#kiss>
|
reftime |
reference time
|
reach |
reach register (octal)
|
unreach |
unreach counter
|
hmode |
host mode (1-6)
|
pmode |
peer mode (1-5)
|
hpoll |
host poll exponent (log2 s) (3-17)
|
ppoll |
peer poll exponent (log2 s) (3-17)
|
headway |
headway (see
Rate Management and <rate.html>
the Kiss-o'-Death Packet)"
|
flash |
flash status word <decode.html#flash>
|
offset |
filter offset
|
delay |
filter delay
|
dispersion |
filter dispersion
|
jitter |
filter jitter
|
bias |
fudge for asymmetric links/paths
|
The following clock variables appear in the cv billboard for each association with a reference clock. Not all variables are displayed in some configurations.
Variable |
Description
|
associd |
association ID
|
status |
clock status word <decode.html#clock>
|
device |
device description
|
timecode |
ASCII time code string (specific to device)
|
poll |
poll messages sent
|
noreply |
no reply
|
badformat |
bad format
|
baddata |
bad date or time
|
fudgetime1 |
fudge time 1
|
fudgetime2 |
fudge time 2
|
stratum |
driver stratum
|
refid |
driver reference ID
|
flags |
driver flags
|
When listing refids, addresses of the form 127.127.x.x are no longer automatically interpreted as local refclocks as in older versions of ntpq. Instead, a clock-format display is requested by the NTPsec daemon when appropriate (by setting the srcaddr peer variable). This means that when used to query legacy versions of ntpd, which do not know how to request this, this program will do a slightly wrong thing.
In older versions, the type variable associated with a reference clock was a numeric driver type index. It has been replaced by name, a shortname for the driver type.
In older versions, no count of control packets was listed under sysstats.
The -O (--old-rv) option of legacy versions has been retired.
It is possible for a ":config unpeer" command to fail silently, yielding "Config Succeeded", if it is given a peer identifier that looks like a driver type name or a hostname not present in the peer list. The error will, however, be reported in the system log.
The config command cannot be used to change a server's default restrictions.
Under some circumstances python 2 cannot emit unicode. When true, the display of units is downgraded to non-unicode alternatives. One place a user is likely to encounter this is when diverting output through a pipe. Attempts have been made to force the use of UTF-8, all of which break the command history feature.
When using the -u option, very old xterms may fail to render μ correctly. If this happens, be sure your xterm is started with the -u8 option, or the utf8 resource', and that your console font contains the UTF-8 &mu character. Also confirm your LANG environment variable is set to a UTF-8 language, like this: "export LANG=en_US.utf8".
Timestamp interpretation in this program is likely to fail in flaky ways if the local system clock has not already been approximately synchronized to UTC. Querying a server based in a different NTP era than the current one is especially likely to fail.
This program will behave in apparently buggy and only semi-predictable ways when fetching MRU lists from any server with sufficiently high traffic.
The problem is fundamental. The Mode 6 protocol can't ship (and your client cannot accept) MRU records as fast as the daemon accepts incoming traffic. Under these circumstances, the daemon will repeatedly fail to ship an entire report, leading to long hangs as your client repeatedly re-sends the request. Eventually the Mode 6 client library will throw an error indicating that a maximum number of restarts has been exceeded.
To avoid this problem, avoid monitoring over links that don't have enough capacity to handle the monitored server's entire NTP load.
You may be able to retrieve partial data in very high-traffic conditions by using the direct option.
One of the following exit values will be returned:
0 (EXIT_SUCCESS)
1 (EXIT_FAILURE)