= ntpd System Log Messages =

[cols="10%,90%",frame="none",grid="none",style="verse"]
|==============================
|image:pic/flatheads.gif[]|
{millshome}pictures.html[from
'Alice's Adventures in Wonderland', Lewis Carroll]

The log can be shrill at times.

|==============================

== Related Links ==

include::includes/install.txt[]

'''''

You have come here because you found a cryptic message in the system
log. This page by no means lists all messages that might be found, since
new ones come and old ones go. Generally, however, the most common ones
will be found here. They are listed by program module and log severity
code in bold: *+LOG_ERR+*, *+LOG_NOTICE+* and *+LOG_INFO+*.

Most of the time *+LOG_ERR+* messages are fatal, but often +ntpd+ limps
onward in the hopes of discovering more errors. The *+LOG_NOTICE+*
messages usually mean the time has changed or some other condition that
probably should be noticed. The *+LOG_INFO+* messages usually say
something about the system operations, but do not affect the time.

In the following a \'?' character stands for text in the message. The
meaning should be clear from context.

== Protocol Module ==

=== LOG_ERR ===

+buffer overflow ?+::
  Fatal error. An input packet is too long for processing.

=== LOG_NOTICE ===

+no reply; clock not set+::
  No servers have been found. The server(s) and/or
  network may be down. Standard debugging procedures apply.

=== LOG_INFO ===

+proto_config: illegal item ?, value ?+::
  Program error. Bugs can be reported link:bugs.html[here].
+receive: server server maximum rate exceeded+::
  A kiss-o'death packet has been received. The transmit rate is
  automatically reduced.
+pps sync enabled+::
  The PPS signal has been detected and enabled.
+transmit: encryption key ? not found+::
  The encryption key is not defined or not trusted.
+precision = ? usec+::
  This reports the precision measured for this machine.
+using 10ms tick adjustments+::
  Gotcha for some machines with dirty rotten clock hardware.
+no servers reachable+::
  The system clock is running on internal batteries. The server(s)
  and/or network may be down.

== Clock Discipline Module ==

=== LOG_ERR ===
--
+time correction of ? seconds exceeds sanity limit (?); set clock manually to the correct UTC time+. ::
   Fatal error. Better do what it says, then restart the daemon. Be advised
   NTP and Unix know nothing about local time zones. The clock must be set
   to Coordinated Universal Time (UTC). Believe it; by international
   agreement abbreviations are in French and descriptions are in English.

+sigaction() fails to save SIGSYS trap: ?+::
+sigaction() fails to restore SIGSYS trap: ?+::
    Program error. Bugs can be reported link:bugs.html[here].::
--

=== LOG_NOTICE ===

+frequency error ? exceeds tolerance 500 PPM+::
  The hardware clock frequency error exceeds the rate the kernel can
  correct. This could be a hardware or a kernel problem.
+time slew ? s+::
  The time error exceeds the step threshold and is being slewed to the
  correct time. You may have to wait a very long time.
+time reset ? s+::
  The time error exceeds the step threshold and has been reset to the
  correct time. Computer scientists don't like this, but they can set
  the +ntpd -x+ option and wait forever.
+kernel time sync disabled ?+::
  The kernel reports an error. See the codes in the +timex.h+ file.
+pps sync disabled+::
  The PPS signal has died, probably due to a dead radio, broken wire or
  loose connector.

=== LOG_INFO ===

+kernel time sync status ?+::
  For information only. See the codes in the +timex.h+ file.

== Cryptographic Module ==

=== LOG_ERR ===

+cert_parse ?+::
+cert_sign ?+::
+crypto_cert ?+::
+crypto_encrypt ?+::
+crypto_gq ?+::
+crypto_iff ?+::
+crypto_key ?+::
+crypto_mv ?+::
+crypto_setup ?+::
+make_keys ?+::
  Usually fatal errors. These messages display error codes returned from
  the OpenSSL library. See the OpenSSL documentation for explanation.

+crypto_setup: certificate ? is trusted, but not self signed.+::
+crypto_setup: certificate ? not for this host+::
+crypto_setup: certificate file ? not found or corrupt+::
+crypto_setup: host key file ? not found or corrupt+::
+crypto_setup: host key is not RSA key type+::
+crypto_setup: random seed file ? not found+::
+crypto_setup: random seed file not specified+::
  Fatal errors. These messages show problems during the initialization
  procedure.

=== LOG_INFO ===

+cert_parse: expired ?+::
+cert_parse: invalid issuer ?+::
+cert_parse: invalid signature ?+::
+cert_parse: invalid subject ?+::
  There is a problem with a certificate. Operation cannot proceed until
  the problem is fixed. If the certificate is local, it can be
  regenerated using the ntpkeygen program. If it is held somewhere
  else, it must be fixed by the holder.

+crypto_?: defective key+::
+crypto_?: invalid filestamp+::
+crypto_?: missing challenge+::
+crypto_?: scheme unavailable+::
  There is a problem with the identity scheme. Operation cannot proceed
  until the problem is fixed. Usually errors are due to
  misconfiguration or an orphan association. If the latter, +ntpd+ will
  usually time out and recover by itself.
+crypto_cert: wrong PEM type ?+::
  The certificate does not have MIME type +CERTIFICATE+. You are
  probably using the wrong type from OpenSSL or an external certificate
  authority.
+crypto_ident: no compatible identity scheme found+::
  Configuration error. The server and client identity schemes are
  incompatible.
+crypto_tai: kernel TAI update failed+::
  The kernel does not support this function. You may need a new kernel
  or patch.
+crypto_tai: leapseconds file ? error ?+::
  The leapseconds file is corrupt. Obtain the latest file from
  +time.nist.gov+.

'''''

include::includes/footer.txt[]
