kk Blog —— 通用基础


date [-d @int|str] [+%s|"+%F %T"]
netstat -ltunp
sar -n DEV 1

NTP log 记录每次发包

vim /etc/ntp.conf

logfile /var/log/ntp.log

修改rpm

https://rpmfind.net/linux/RPM/centos/7.9.2009/x86_64/Packages/ntp-4.2.6p5-29.el7.centos.2.x86_64.html

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

diff --git a/libntp/humandate.c b/libntp/humandate.c
index 705f4c8..ece409e 100644
--- a/libntp/humandate.c
+++ b/libntp/humandate.c
@@ -26,9 +26,14 @@ humanlogtime(void)

  LIB_GETBUF(bp);

+/*
  snprintf(bp, LIB_BUFLENGTH, "%2d %s %02d:%02d:%02d",
       tm->tm_mday, months[tm->tm_mon],
       tm->tm_hour, tm->tm_min, tm->tm_sec);
+*/
+ snprintf(bp, LIB_BUFLENGTH, "%04d-%02d-%02d %02d:%02d:%02d",
+      tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
+      tm->tm_hour, tm->tm_min, tm->tm_sec);

  return bp;
 }
diff --git a/ntpd/ntp_io.c b/ntpd/ntp_io.c
index 89b1e96..46d1692 100644
--- a/ntpd/ntp_io.c
+++ b/ntpd/ntp_io.c
@@ -3191,6 +3191,9 @@ sendpkt(
      DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n",
              ismcast ? "\tMCAST\t***** " : "", src->fd,
              stoa(dest), stoa(&src->sin), ttl, len));
+     msyslog(LOG_INFO, "%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n",
+             ismcast ? "\tMCAST\t***** " : "", src->fd,
+             stoa(dest), stoa(&src->sin), ttl, len);
 #ifdef MCAST
      /*
       * for the moment we use the bcast option to set multicast ttl

tail -f /var/log/ntp.log

1

2024-08-09 17:23:14 ntpd[45933]: sendpkt(19, dst=106.55.184.199, src=192.168.100.80, ttl=0, len=48)

/etc/logrotate.d/ntp

1
2
3
4
5
6
7
8
9
10
11
12

/var/log/ntpstats/*log {
    create 0640 root root
    daily
    rotate 100
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /bin/systemctl restart ntpd.service > /dev/null 2>/dev/null || true
    endscript
}

NTP服务配置

https://www.jianshu.com/p/25ab49103e4d

https://www.cnblogs.com/tdyizhen1314/p/17085917.html

https://www.cnblogs.com/21summer/p/14819406.html

vim /etc/ntp.conf

0 log

logfile /var/log/ntp.log

1 restrict

作用: 对ntp做权限控制

1
2
3
4
5
6
7
8

ignore: 忽略所有类型的NTP连接请求
nomodify: 限制客户端不能使用命令ntpc和ntpq来修改服务器端的时间
noquery: 不提供NTP网络校时服务
notrap: 不接受远程登录请求
notrust: 不接受没有经过认证的客户端的请求
nopeer: 用于阻止主机尝试与服务器对等,并允许欺诈性服务器控制时钟
kod: 访问违规时发送KoD 包。
restrict -6 表示IPV6地址的权限设置。

【如果没有用任何参数,那么表示不做任何限制】

例子:

1

restrict 10.220.5.0 mask 255.255.255.0 nomodify

允许10.220.5.0/24 网段主机进行时间同步

server

作用: 指定ntp服务器的地址

格式:

1
2
3
4
5
6
7
8
9
10

server host [ key n ] [ version n ] [ prefer ] [ mode n ] [ minpoll n ] [ maxpoll n ] [ iburst ]

其中host是上层NTP服务器的IP地址或域名,随后所跟的参数解释如下所示:
 key:       表示所有发往服务器的报文包含有秘钥加密的认证信息,n是32位的整数,表示秘钥号。
 version: 表示发往上层服务器的报文使用的版本号,n默认是3,可以是1或者2。
 prefer:   如果有多个server选项,具有该参数的服务器优先使用。
 mode:   指定数据报文mode字段的值。
 minpoll: 指定与查询该服务器的最小时间间隔为2的n次方秒,n默认为6,范围为4-14。
 maxpoll:指定与查询该服务器的最大时间间隔为2的n次方秒,n默认为10,范围为4-14。
 iburst:   当初始同步请求时,采用突发方式接连发送8个报文,时间间隔为2秒。

server 127.127.1.0 # 将当前主机作为时间服务器

3、fudge

作用: 设置时间服务器的层级

格式:

1

fudge ip [stratum int]

例子:

1

fudge 10.225.5.1 stratum 10

注意: fudge必须和server一块用, 而且是在server的下一行

stratum 0~15

0: 表示顶级

10: 通常用于给局域网主机提供时间服务

4、通过 ntpq -p 静态查看NTP服务器与外部NTP服务器同步情况。

1
2
3
4
5
6
7

st: 即stratum阶层,值越小表示ntp serve的精准度越高。
when: 几秒前曾做过时间同步更新的操作。
poll: 表示,每隔多少毫秒与ntp server同步一次。
reach: 已经向上层NTP服务器要求更新的次数。
delay: 网络传输过程钟延迟的时间。
offset: 时间补偿的结果。
jitter: Linux系统时间与BIOS硬件时间的差异时间。

1000s

ntp服务默认当本地时间与上级ntp时间差超过1000s,那么ntp进程就会退出并在系统日志文件中记录。若不希望出现ntp进程退出的情况,可使用参数选项,如下:

tinker panic 600 时间差超过600,ntp进程会退出。

tinker panic 0 ntp忽略阈值参数检测,不会因为超过阈值而自动将服务down掉,这可以保证ntpd在时间差较大时依然工作。

开启日志

使用statsdir和filegen开启统计分析。

设定方式:

1
2
3
4
5
6

statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

当打开统计分析时,ntp会在/var/log/ntpstats/目录下产生filegen中所设定的统计文件。

更多统计选项

https://docs.ntpsec.org/latest/ntp_conf.html

6. Monitoring Support

ntpd(8) includes a comprehensive monitoring facility suitable for continuous, long term recording of server and client timekeeping performance. See the statistics command below for a listing and example of each type of statistics currently supported. Statistic files are managed using file generation sets and scripts in the ./scripts directory of this distribution. Using these facilities and UNIX cron(8) jobs, the data can be automatically summarized and archived for retrospective analysis.

6.1. Monitoring Commands

statistics name…​

Enables writing of statistics records. Currently, ten kinds of name statistics are supported.

clockstats

Enables recording of clock driver statistics information. Each update received from a clock driver appends a line of the following form to the file generation set named clockstats:

49213 525.624 SPECTRACOM(1) 93 226 00:08:29.606
Item Units Description

49213

MJD

modified Julian day number

525.624

s

time of day (s) past midnight UTC

SPECTRACOM(1)

receiver identifier (Spectracom unit 1)

93 226 00:08:29.606

timecode (format varies by refclock)

The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next normally shows clock type and unit (but if you are running in strict Classic compatibility mode it will show the magic clock address in dotted-quad notation). The final field is the last timecode received from the clock in decoded ASCII format, where meaningful. For some clock drivers, a good deal of additional information can be gathered and displayed as well. See information specific to each clock for further details.

loopstats

Enables recording of loop filter statistics information. Each update of the local clock outputs a line of the following form to the file generation set named loopstats:

50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
Item Units Description

50935

MJD

date

75440.031

s

time past midnight

0.000006019

s

clock offset

13.778

PPM

drift (frequency offset)

0.000351733

s

RMS jitter

0.013380

PPM

RMS frequency jitter (aka wander)

6

log2 s

clock discipline loop time constant

The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next five fields show time offset (seconds), frequency offset (parts per million - PPM), RMS jitter (seconds), Allan deviation (PPM) and clock discipline time constant.

ntsstats

Enables recording of NTS statistics counters on a periodic basis. Each hour a line of the following form is appended to the file generation set named ntsstats:

60209 77147.187 3600 1320 1239 0 2895 2895 11 4104 0 2897 2885 10 0 0 2 0
Item Units Description

60209

MJD

date

77147.187

s

time past midnight

3600

s

time since reset

1320

packets

client requests sent

1239

packets

client responses received good

0

packets

client responses received bad

2895

packets

server responses sent

2895

packets

server requests received good

11

packets

server requests received bad

4104

packets

cookies made

0

packets

cookie decodes not server

2897

packets

cookie decodes total

2885

packets

cookie decodes current

10

packets

cookie decodes 1-2 days

0

packets

cookie decodes 2-3 days

0

packets

cookie decodes 3-10 days

2

packets

cookie decodes too old

0

packets

cookie decodes error

These counters are also available via ntpq's nts command.

ntskestats

Enables recording of NTS-KE statistics counters on a periodic basis. Each hour a line of the following form is appended to the file generation set named ntskestats:

60209 77147.187 3600 10 2.914 0.026 2 3.218 0.004 0 0.000 0.000 0 0
Item Units Description

60209

MJD

date

77147.187

s

time past midnight

3600

s

time since reset

10

requests

server requests good

2.914

seconds

server good wall clock time

0.026

seconds

server good CPU time

2

requests

server requests no-TLS

3.218

seconds

server no-TLS wall clock time

0.004

seconds

server no-TLS CPU time

0

requests

server requests bad

0.000

seconds

server bad wall clock time

0.000

seconds

server bad CPU time

0

requests

client requests good

0

requests

client requests bad

These counters are also available via ntpq's nts command.

There are two types of failures for NTS-KE server processing. The no-TLS slots are for the path when the TLS connection doesn’t get setup. The bad slots are for the path when the TLS connection does get setup but there is an error during the NTS-KE exchange.

Both are typically caused by bad guys probing for servers to abuse. A no-TLS event would be caused by a bad guy using unencrypted SMTP while a bad event would be caused by SMTP over TLS.

protostats

Record significant peer and system events. Each significant event appends one line to the protostats file set:

49213 525.624 128.4.1.1 963a 8a message
Item Units Description

49213

MJD

date

525.624

s

time past midnight

128.4.1.1

IP

source address (0.0.0.0 for system)

963a

code

status word

8a

code

event message code

message

text

event message

The event message code and message field are described on the "Event Messages and Status Words" page.

peerstats

Enables recording of peer statistics information. This includes statistics records of all peers of an NTP server and of special signals, where present and configured. Each valid update appends a line of the following form to the current element of a file generation set named peerstats:

48773 10847.650 SPECTRACOM(4) 9714 -0.001605376 0.000000000 0.001424877 0.000958674
Item Units Description

48773

MJD

date

10847.650

s

time past midnight

SPECTRACOM(4)

clock name (unit) or source address

9714

hex

status word

-0.001605376

s

clock offset

0.000000000

s

roundtrip delay

0.001424877

s

dispersion

0.000958674

s

RMS jitter

The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The third field shows the reference clock type and unit number (but if you are running in the peer address in dotted-quad notation instead) The fourth field is a status word, encoded in hex in the format described in Appendix A of the NTP specification RFC 1305. The final four fields show the offset, delay, dispersion and RMS jitter, all in seconds.

rawstats

Enables recording of raw-timestamp statistics information. This includes statistics records of all peers of an NTP server and of special signals, where present and configured. Each NTP message received from a peer or clock driver appends a line of the following form to the file generation set named rawstats:

59786 36302.768 2610:20:6f15:15::27 2604:a880:1:20::17:5001 3867818701.119346355 3867818701.152009264 3867818701.152010426 3867818702.768490825 0 3 4 1 13 -29 0.000244 0.000488 .NIST. 0 1 2000

Item

Units

Description

59786

MJD

date

36302.768

s

time past midnight

2610:20:6f15:15::27

IP

source address

2604:a880:1:20::17:5001

IP

destination address

3867818701.119346355

NTP s

origin timestamp

3867818701.152009264

NTP s

receive timestamp

3867818701.152010426

NTP s

transmit timestamp

3867818702.768490825

NTP s

destination timestamp

0

0: OK, 1: insert pending, 2: delete pending, 3: not synced

leap warning indicator

3

4 was current in 2012

NTP version

4

3: client, 4: server, 6: ntpq

mode

1

1-15, 16: not synced

stratum

13

log2 seconds

poll

-29

log2 seconds

precision

0.000244

seconds

total roundtrip delay from the remote server to the primary reference clock

0.000488

seconds

total dispersion from the remote server to the primary reference clock

.NIST.

IP or text

refid, association ID

0

integer

lost packets since last response

1

integer

dropped packets since last request

2000

hex integer

0 if packet accecpted, BOGON flag if packet is discarded

The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the remote IP Address followed by the local address. The next four fields show the originate, receive, transmit and final NTP timestamps in order. The timestamp values are as received and before processing by the various data smoothing and mitigation algorithms.

A packet that is accecpted is logged. At most the first dropped packet per request is logged. That avoids DDoSing the log file.

The BOGON flags are decoded here.

sysstats

Enables recording of ntpd statistics counters on a periodic basis. Each hour a line of the following form is appended to the file generation set named sysstats:

59935 82782.547 3600 36082754 31287166 26510580 4779042 113 19698 1997 428 4773352 0 366120
Item Units Description

59935

MJD

date

82782.547

s

time past midnight

3600

s

time since reset

36082754

#

packets received

31287166

#

packets processed

26510580

#

current version

4779042

#

old version(s)

113

#

access denied

19698

#

bad length or format

1997

#

bad authentication

428

#

declined

4773352

#

rate exceeded

0

#

kiss-o'-death packets sent

366120

#

NTPv1 packets received

The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The remaining ten fields show the statistics counter values accumulated since the last generated line.

usestats

Enables recording of ntpd resource usage statistics. Each hour a line of the following form is appended to the file generation set named usestats:

57570 83399.541 3600 0.902 1.451 164 0 0 0 2328 64226 1 0 4308
Item Units Description

57570

MJD

date

83399.541

s

time past midnight

3600

s

time since reset

0.902

s

ru_utime: CPU seconds - user mode

1.451

s

ru_stime: CPU seconds - system

164

#

ru_minflt: page faults - reclaim/soft (no I/O)

0

#

ru_majflt: page faults - I/O

0

#

ru_nswap: process swapped out

0

#

ru_inblock: file blocks in

2328

#

ru_oublock: file blocks out

64226

#

ru_nvcsw: context switches, wait

1

#

ru_nivcsw: context switches, preempts

0

#

ru_nsignals: signals

4308

#

ru_maxrss: resident set size, kilobytes

The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The ru_ tags are the names from the rusage struct. See man getrusage for details. (The NetBSD and FreeBSD man pages have more details.) The maxrss column is the high water mark since the process was started. The remaining fields show the values used since the last report.

statsdir directory_path

Indicates the full path of a directory where statistics files should be created (see below). This keyword allows the (otherwise constant) filegen filename prefix to be modified for file generation sets, which is useful for handling statistics logs.

filegen name [file filename] [type typename] [link | nolink] [enable | disable]

Configures setting of the generation file set name. Generation file sets provide a means for handling files that are continuously growing during the lifetime of a server. Server statistics are a typical example for such files. Generation file sets provide access to a set of files used to store the actual data. At any time at most one element of the set is being written to. The type given specifies when and how data will be directed to a new element of the set. This way, information stored in elements of a file set that are currently unused are available for administrative operations without the risk of disturbing the operation of ntpd. (Most important: they can be removed to free space for new data produced.)

Note that this command can be sent from the ntpq(1) program running at a remote location.

name

This is the type of the statistics records, as shown in the statistics command.

file filename

This is the file name for the statistics records. Filenames of set members are built from three concatenated elements prefix, filename and suffix:

Attribute Description

prefix

This is a constant filename path. It is not subject to modifications via the filegen option. It is defined by the server, usually specified as a compile-time constant. It may, however, be configurable for individual file generation sets via other commands. For example, the prefix used with loopstats and peerstats generation can be configured using the statsdir option explained above.

filename

This string is directly concatenated to the prefix mentioned above (no intervening ‘/’). This can be modified using the file argument to the filegen statement. No .. elements are allowed in this component to prevent filenames referring to parts outside the filesystem hierarchy denoted by prefix.

suffix

This part is reflects individual elements of a file set. It is generated according to the type of a file set.
type typename

A file generation set is characterized by its type. The following types are supported: // The following are tables only because indent lists cannot be // nested more than 2 deep.

Attribute Description

none

The file set is actually a single plain file.

pid

One element of file set is used per incarnation of a ntpd server. This type does not perform any changes to file set members during runtime, however it provides an easy way of separating files belonging to different ntpd(8) server incarnations. The set member filename is built by appending a ‘.’ to concatenated prefix and filename strings, and appending the decimal representation of the process ID of the ntpd(8) server process.

day

One file generation set element is created per day. A day is defined as the period between 00:00 and 24:00 UTC. The file set member suffix consists of a ‘.’ and a day specification in the form YYYYMMdd. YYYY is a 4-digit year number (e.g., 1992). MM is a two digit month number. dd is a two digit day number. Thus, all information written at 10 December 1992 would end up in a file named prefix filename.19921210.

week

Any file set member contains data related to a certain week of a year. The term week is defined by computing day-of-year modulo 7. Elements of such a file generation set are distinguished by appending the following suffix to the file set filename base: A dot, a 4-digit year number, the letter W, and a 2-digit week number. For example, information from January, 10th 1992 would end up in a file with suffix 1992W1.

month

One generation file set element is generated per month. The file name suffix consists of a dot, a 4-digit year number, and a 2-digit month.

year

One generation file element is generated per year. The filename suffix consists of a dot and a 4 digit year number.

age

This type of file generation sets changes to a new element of the file set every 24 hours of server operation. The filename suffix consists of a dot, the letter a, and an 8-digit number. This number is taken to be the number of seconds the server is running at the start of the corresponding 24-hour period.
link | nolink

It is convenient to be able to access the current element of a file generation set by a fixed name. This feature is enabled by specifying link and disabled using nolink. If link is specified, a hard link from the current file set element to a file without suffix is created. When there is already a file with this name and the number of links of this file is one, it is renamed appending a dot, the letter C, and the pid of the ntpd server process. When the number of links is greater than one, the file is unlinked. This allows the current file to be accessed by a constant name.

enable | disable

Enables or disables the recording function. Information is only written to a file generation by specifying enable; output is prevented by specifying disable.

unix时间戳, excel date, 儒略日julian date

UNIX时间戳

https://www.cnblogs.com/xifengyeluo/p/8143059.html

Unix时间戳(英文为Unix epoch, Unix time, POSIX time 或 Unix timestamp)

是从1970年1月1日(UTC/GMT的午夜)开始所经过的秒数,不考虑闰秒。

UNIX时间戳的0按照ISO 8601规范为 :1970-01-01T00:00:00Z.

一个小时表示为UNIX时间戳格式为:3600秒;一天表示为UNIX时间戳为86400秒,闰秒不计算。

在大多数的UNIX系统中UNIX时间戳存储为32位,这样会引发2038年问题或Y2038。

excel date

https://blog.csdn.net/luoluoyu2013/article/details/127750570

excel:

1
2
3

日期转时间戳:B1=INT((A1-70*365-19)*86400-8*3600)*1000

时间戳转日期:A1=TEXT((B1/1000+8*3600)/86400+70*365+19,"yyyy-mm-dd hh:mm:ss")

是从 1899-12-30 开始的天数 ???

1
2
3
4
5

echo date('Y-m-d', strtotime("1899-12-30 +45506 days"));

$d1 = new DateTime('1970-01-01');
$d0 = new DateTime('1899-12-30');
echo $d1->diff($d0)->format("%a days");
1
2

2024-08-02
25569 days

儒略日 (Julian Date)

儒略日(Julian day,JD)是指由公元前4713年1月1日,协调世界时中午12时开始所经过的天数,多为天文学家采用,用以作为天文学的单一历法,把不同历法的年表统一起来。

儒略日(Julian Date)的简化: 由于儒略日数字位数太多,国际天文学联合会于1973年采用简化儒略日(MJD),其定义为 MJD = JD - 2400000.5。MJD相应的起点是1858年11月17日世界时0时。 例如1979年10月1日零时儒略日数为2,444,147.5。天文年历附表载有各年每月零日世界时12时的儒略日数。

1
2
3
4
5

<?php
    echo gregoriantojd(10, 1, 1979) - 0.5, "\n";
    echo gregoriantojd(10, 1, 1979) - 0.5 - 2400000.5, "\n";

    echo jdtogregorian(2444147.5 + 0.5), "\n";
1
2
3

2444147.5
44147
10/1/1979

https://blog.sina.com.cn/s/blog_65d6476a0101k54y.html