How To Check Ntp Server In Linux – Linux NTP Server Synchronization Check

by

Keeping accurate time across your network starts with verifying that your NTP server is properly configured and reachable. If you’ve ever wondered how to check ntp server in linux, you’re in the right place—this guide walks you through every command and method you need.

Time synchronization is critical for logs, authentication, and scheduled tasks. A misconfigured NTP server can cause chaos, from failed cron jobs to Kerberos errors. Let’s make sure your Linux system stays on schedule.

Why NTP Verification Matters

Network Time Protocol (NTP) keeps your system clock in sync with global time servers. Without it, your server might drift minutes or even hours off. That leads to SSL certificate validation failures, database replication issues, and confusing log timestamps.

Checking your NTP setup isn’t a one-time task. You should verify it after initial configuration, after network changes, and periodically as part of routine maintenance. The commands are simple but powerful.

How To Check Ntp Server In Linux

This is the core section you came for. We’ll cover multiple methods, from classic tools to modern alternatives. Each approach gives you different insights into your NTP health.

Using The Ntpq Command

The ntpq utility is the standard tool for querying NTP servers. It connects to the local NTP daemon and displays peer status.

  1. Open a terminal on your Linux machine.
  2. Type ntpq -p and press Enter.
  3. Look at the output columns: remote, refid, st, t, when, poll, reach, delay, offset, jitter.

The -p flag prints a list of all configured NTP servers and their current status. A * next to a server means it’s the current synchronization source. A + indicates a candidate server. A - means the server is rejected.

If you see no servers listed, your NTP daemon might not be running. Check with systemctl status ntpd or systemctl status chronyd depending on your setup.

Checking With Chronyc (For Chrony Users)

Many modern Linux distributions use Chrony instead of the traditional NTP daemon. Chrony is faster and handles network interruptions better.

Run chronyc sources -v to see your NTP sources. The -v flag gives verbose output. You’ll see a list with indicators similar to ntpq: * for the current source, + for acceptable sources, and - for rejected ones.

For more detail, use chronyc tracking. This shows the current system time offset, last offset, RMS offset, and other metrics. A small offset (under 100 milliseconds) is normal.

Using The Ntpdate Command (Legacy Method)

Older systems might still use ntpdate for one-time synchronization. While it’s deprecated, you can still use it to manually query a server.

Run ntpdate -q pool.ntp.org to query the server without setting the clock. The -q flag means query only. You'll see the offset and whether the server is reachable.

Note: ntpdate is often replaced by ntpd -q or chronyd in modern setups. Use it only if you know your system relies on it.

Verifying NTP Service Status

Before checking the servers, ensure the NTP service itself is running. Use these commands:

  • systemctl status ntpd for traditional NTP
  • systemctl status chronyd for Chrony
  • systemctl status systemd-timesyncd for systemd's built-in time sync

If the service is inactive or failed, start it with systemctl start ntpd (or the appropriate service name). Enable it to start on boot with systemctl enable ntpd.

Checking Firewall Rules

NTP uses UDP port 123. If your firewall blocks this port, your server can't communicate with time sources. Check with:

  • firewall-cmd --list-ports (firewalld)
  • iptables -L -n (iptables)
  • ufw status (UFW)

If port 123 is blocked, add a rule to allow it. For firewalld: firewall-cmd --add-service=ntp --permanent then firewall-cmd --reload.

Testing NTP Server Reachability

Sometimes the issue isn't your configuration but network connectivity. Use basic network tools to test:

  • ping ntp.your-server.com - Check if the host is reachable
  • nc -vuz ntp.your-server.com 123 - Test UDP connectivity to port 123
  • telnet ntp.your-server.com 123 - Won't work well for UDP, but confirms DNS resolution

If ping fails, check DNS resolution and routing. If ping works but NTP doesn't, the server might be rejecting your requests due to firewall or access restrictions.

Reading NTP Log Files

Logs provide historical data about synchronization events. Check these files:

  • /var/log/messages or /var/log/syslog - General system logs
  • /var/log/ntp.log - NTP-specific logs (if configured)
  • journalctl -u ntpd - Systemd journal for NTP service

Look for entries like "synchronized to NTP server" or "no servers reachable". These tell you exactly what's happening.

Common NTP Issues And Solutions

Even with the right commands, you might encounter problems. Here are frequent issues and how to fix them.

No Synchronization Source

If ntpq -p shows no * server, your system isn't synced. Possible causes:

  • NTP service not running
  • Firewall blocking UDP 123
  • Incorrect server addresses in config file
  • Network connectivity issues

Check the config file at /etc/ntp.conf or /etc/chrony.conf. Ensure at least one server is listed and reachable.

Large Time Offset

A huge offset (seconds or minutes) might prevent NTP from syncing. The daemon may refuse to make large jumps by default. Force a sync with:

  • ntpd -gq - Allows a one-time large time adjustment
  • chronyc -a makestep - Forces Chrony to step the clock

After forcing the sync, monitor with ntpq -p or chronyc tracking to ensure it stabilizes.

Stratum Too High

NTP servers are organized in strata. Stratum 1 is the most accurate (atomic clocks), Stratum 2 syncs from Stratum 1, and so on. If your server is Stratum 16, it's unsynchronized.

Check the st column in ntpq -p. A value of 16 means the server isn't reachable or hasn't synced yet. Wait a few minutes and check again.

Multiple Servers With Same Stratum

Having multiple servers at the same stratum is fine. NTP uses algorithms to select the best one. But if all servers are unreachable, you'll see no * or + indicators.

Add more reliable servers to your config. Public NTP pools like pool.ntp.org are good choices.

Advanced NTP Verification Techniques

For deeper troubleshooting, these advanced methods give you more control.

Using Ntpq In Interactive Mode

Run ntpq without arguments to enter interactive mode. Then type peers to see the peer list, rv to read system variables, and associations for detailed association info.

Interactive mode is useful for scripting or when you need to run multiple queries without re-typing the command.

Checking NTP Statistics

Chrony provides detailed statistics via chronyc sourcestats -v. This shows the number of samples, frequency drift, and offset variance. High variance indicates unstable network conditions.

For traditional NTP, use ntpstat (if installed). It gives a summary of synchronization status, including stratum, offset, and time since last sync.

Verifying NTP With Systemd-Timesyncd

Some lightweight systems use systemd-timesyncd instead of full NTP. Check its status with timedatectl status. Look for "NTP service: active" and "System clock synchronized: yes".

If it's not active, enable it with timedatectl set-ntp true. You can also check /etc/systemd/timesyncd.conf for configured servers.

Using Network Time Security (NTS)

Modern NTP implementations support NTS for encrypted time synchronization. To verify NTS, check your Chrony config for nts directives. Use chronyc -N to show NTS details in the output.

NTS is still evolving, so not all servers support it. If you see "NTS: enabled" in your logs, your connection is secure.

Automating NTP Checks

Manual checks are fine for troubleshooting, but automation ensures continuous monitoring. Here are a few ways to script NTP verification.

Simple Bash Script

Create a script that runs ntpq -p and checks for a * character. If missing, send an alert.

#!/bin/bash
if ntpq -p | grep -q '^\*'; then
    echo "NTP synced"
else
    echo "NTP not synced" | mail -s "NTP Alert" admin@example.com
fi

Schedule this with cron to run every hour.

Using Monit Or Nagios

Monitoring tools like Monit or Nagios have built-in NTP checks. Configure them to watch for time drift or service failures. They can send SMS, email, or webhook alerts.

For Monit, add a check like: check program ntp with path "/usr/bin/ntpq -p". Set thresholds for acceptable offset.

Logging To Centralized Syslog

Forward your NTP logs to a central syslog server. This helps correlate time issues across multiple machines. Use rsyslog or syslog-ng to collect logs from all your servers.

Search for patterns like "time reset" or "no server suitable" to identify problems early.

Frequently Asked Questions

What Is The Command To Check NTP Server In Linux?

The most common command is ntpq -p for traditional NTP, or chronyc sources -v for Chrony. Both show your current time sources and synchronization status.

How Do I Know If NTP Is Working On My Linux Server?

Run timedatectl status and look for "System clock synchronized: yes". You can also check ntpq -p for a * next to a server, indicating it's the active sync source.

Why Is My NTP Server Not Synchronizing?

Common causes include firewall blocking UDP port 123, incorrect server addresses in config files, network connectivity issues, or the NTP service not running. Check logs and test connectivity.

Can I Check NTP Without Root Privileges?

Yes, ntpq -p and chronyc sources work as a regular user. However, some system-level checks like systemctl status may require sudo.

What Is The Difference Between Ntpq And Chronyc?

ntpq is for the traditional NTP daemon (ntpd), while chronyc is for Chrony. Both serve the same purpose but have different syntax and features. Chrony is newer and preferred on most modern distributions.

Final Thoughts On NTP Verification

Knowing how to check ntp server in linux is a fundamental skill for any sysadmin. It ensures your systems stay synchronized, logs remain accurate, and services run reliably.

Start with the basics: ntpq -p or chronyc sources. Then dig deeper with logs, firewall checks, and automated monitoring. Over time, you'll develop an intuition for what normal looks like on your network.

Remember that time sync isn't set-and-forget. Network conditions change, servers go down, and configurations drift. Regular verification keeps your infrastructure healthy.

If you run into persistent issues, don't hesitate to consult the NTP documentation or community forums. The protocol has been around for decades, and most problems have well-documented solutions.

Now go check your NTP servers—your logs will thank you.