Information: Forum is in read-only mode
For details and other support options see https://www.adiscon.com/news/support-forum-set-to-read-only-mode/

synchronized to xx.xx.xx.xx question

Questions around SyslogAppliance, the virtual logging appliance.

Moderator: alorbach

Google Ads


synchronized to xx.xx.xx.xx question

Postby thomasb » Thu Feb 18, 2010 9:08 am

Hi All,

I just installed the Syslog Appliance, and really like it. It's helped me monitor and understand my network much better than before.

However, I have one question, regarding some log-entries I don't understand, and I can't seem to find any documentation for them, so if anyone could explain them to me, I'd be very grateful :)

It's lines like these that I don't understand:

Code: Select all
DAEMON   INFO   appliance   ntpd[2164]:  Syslog   synchronized to 77.233.251.100 {test.linuxbutikken.dk} , stratum 2


You can see a screenshot here (jpeg, 440 KB)

It seems to be from the appliance itself, but the IP's and domains it synchronizes to, is unknown to me, I've never had anything to do with those sites. Can anyone tell me why the appliance syncs to those sites, and what it syncs?

Or if it's something I need to worry about?

Thank you all in advacne,
Thomas :)
thomasb
New
 
Posts: 2
Joined: Thu Feb 18, 2010 8:47 am

Re: synchronized to xx.xx.xx.xx question

Postby rgerhards » Thu Feb 18, 2010 10:10 am

that's NTP time synchronization
rgerhards
Site Admin
 
Posts: 3807
Joined: Thu Feb 13, 2003 11:57 am

Re: synchronized to xx.xx.xx.xx question

Postby thomasb » Thu Feb 18, 2010 12:38 pm

rgerhards wrote:that's NTP time synchronization


Thank you for you fast reply!

Can you figure out, why the appliance tries to sync time with those - for me - strange and unknown servers? Are they set up somewhere in the appliance, and thus are "official" NTP-servers for the appliance?

I find it strange, that they are all Danish servers, because I'm from Denmark. But perhaps the appliance are set up to know where it runs from, and syncs with local servers? But why is it syncing so much then, and why from so many different servers?

Hmm ... I just find it very peculiar, and a little unnerving, but all may be just fine. If anyone knows, I'd love to hear your theories :)

Cheers,
Thomas
thomasb
New
 
Posts: 2
Joined: Thu Feb 18, 2010 8:47 am

Re: synchronized to xx.xx.xx.xx question

Postby rgerhards » Thu Feb 18, 2010 2:47 pm

I have to admit I do not know, it seems to be a Debian setting. The appliance has nothing special configured. My uneducated guess is that the NTP subsystem queries (somone?) for the closest server.

Unfortunately, the appliance was not very commercially successfull (aka "0" sales), so I got no further funding to work on it. It's a shame, I still think it would have been useful. But rather than pulling the appliance and site, I thought I keep it posted for a while, but thus I unfortunately can no longer dig into any details or improve it.

Rainer
rgerhards
Site Admin
 
Posts: 3807
Joined: Thu Feb 13, 2003 11:57 am

Google Ads



Return to SyslogAppliance

Who is online

Users browsing this forum: No registered users and 0 guests

cron