Logging in general and SNTP messages in particular

  • 0
  • 2
  • Question
  • Updated 4 years ago
  • Answered
Hi,

I was wondering:

1) What is "persistent" logging? What is a "syslog persistent file"? (see manual)
( set logging local console enable **file enable** )
What file are we talking about? current.log?
I believe that one is written either way, even when persistent logging is not enabled (see example at the end)

2) How do I get rid of the
SIM[xxxx]: sntp_client.c(2109) .... %% SNTP has changed system time
messages of level "notice".
Which application (show logging application) is generating this?
Can I decrease the logging level there? Would I then potentially miss other more important messages of that application and in that level?
Why does it have to change time all the time anyway, does the built-in clock drift that much?


See both things here (B/C-series in that case, FW 6.61):

(rw)->show file logs/current.log

<165>Jan  2 16:44:23 192.168.xxx-1 SIM[196744656]: sntp_client.c(2109) 10862260 %% SNTP has changed system time.

(rw)->show logging local
Syslog Console Logging enabled
Syslog File Logging disabled
Syslog Security Audit Logging disabled


Thanks.
Photo of jeronimo

jeronimo

  • 1,198 Points 1k badge 2x thumb

Posted 5 years ago

  • 0
  • 2
Photo of Jason Parker

Jason Parker, Employee

  • 3,018 Points 3k badge 2x thumb
Lets start with the sntp messsage "SNTP has changed time. "
We nrrd to start with a few questions that may end up taking up several replies back and forsth that may need a case open so we can assist but lets start with a few questions
1. What is the sntp configuration? SHOW CONFIG SNTP
2. Is the server local (on the network) and active-Show sntp (if active then ping it and mke sure thre is no loss of ping
3. Is the network stable (STP)
Jason
Photo of jeronimo

jeronimo

  • 1,198 Points 1k badge 2x thumb
Hi,

Concerning syslog: just asking for an interpretation of the CLI/config guide here. ;-)

I don't actually want to open a call for each minor stupidity that I
encounter (they'll think I'm crazy) therefore I thought asking here
would be perfect and everyone could benefit from these little but precious details.

Concerning your ntp questions, [edit] ok I realize this seems to happen where two ntp servers are configured (by coincidence the B/C models)
1. 
begin
!
#***** NON-DEFAULT CONFIGURATION *****
!
!
# Firmware Revision: 06.61.08.0013
!
!

#sntp
set sntp client unicast
set sntp server 1.2.3.4
set sntp server 1.2.3.5
!
end

2. Yes, local, well behind a router/firewall but still in the LAN
(rw)->show sntp
SNTP Version: 3
Current Time: SAT JAN 04 17:49:46 2014
Timezone: 'CET' offset from UTC is 1 hours and 0 minutes
Client Mode: unicast
Trusted Keys : None
Broadcast Count: 0
Poll Interval: 9 (512 seconds)
Poll Retry: 1
Poll Timeout: 5 seconds
SNTP Poll Requests: 5886
Last SNTP Update: SAT JAN 04 17:41:33 2014
Last SNTP Request: SAT JAN 04 17:41:33 2014
Last SNTP Status: Success
SNTP-Server Precedence Key Status
----------------------------------------------------
1.2.3.4 1 0 Active
1.2.3.5 1 0 Active
3.
You mean topology changes? I guess if there were any and that frequently, we would know. No, there are none.

From a workstation:
# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
1.2.3.4  93.184.71.155    3 u  223 1024  377    0.116   -0.181   0.044
1.2.3.5  192.36.143.150   2 u   58 1024  377    0.360   -1.148   0.015

Thanks.

[UPDATE] Using predence 1 for the first and precedence 2 for the second server doesn't help either. I maybe thought that it was selecting the one server one time and the other one the next time, and since they never really have the same time, this might have posed a problem.
(Edited)
Photo of Jason Parker

Jason Parker, Employee

  • 3,018 Points 3k badge 2x thumb
The poll-retry may be your issue. If you miss one poll (no response) then it will change SNTP servers
I would suggest changing the poll-retry to 6 and see if this happens again.
Photo of Jason Parker

Jason Parker, Employee

  • 3,018 Points 3k badge 2x thumb
I will get you some details on the syslog questions
Photo of Jason Parker

Jason Parker, Employee

  • 3,018 Points 3k badge 2x thumb
please review the following URL
https://community.enterasys.com/enter...
Photo of jeronimo

jeronimo

  • 1,198 Points 1k badge 2x thumb
Nothing helped as far as the NTP issue was concerned, but I see that there are fixes out there, so there seems to have been a problem after all:

B5, v6.81:
19249 Modified the logging behavior of SNTP to prevent excessive changed system time messages, “sntp_client.c(2109) 62 %% SNTP has changed system time”.
Photo of James A

James A, Embassador

  • 6,962 Points 5k badge 2x thumb
Firmware 6.61.13.0006 also fixes this.