Solved

Excessive resource usage: ntp (7326)

Posted on 2011-02-24
21
875 Views
Last Modified: 2012-05-11
How do I fix the message below

lfd on server.example.com: Excessive resource usage: ntp (7326)

Time:         Thu Feb 24 11:02:04 2011 -0500
Account:      ntp
Resource:     Process Time
Exceeded:     83882 > 1800 (seconds)
Executable:   /usr/sbin/ntpd
Command Line: ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
PID:          7326
Killed:       No
0
Comment
Question by:sobeservices2
  • 11
  • 5
  • 3
  • +1
21 Comments
 
LVL 77

Accepted Solution

by:
arnold earned 334 total points
ID: 34971934
stop ntp, confirm the timezone. run ntpdate to get the clock synchronized.
I might be misreading the error message, but it might be an issue that the time is off.
Does this error show up first thing when the system is booted?

hwclock --show to see whether your hardware clock is running behind.

You may need to run hwclock --systohc after you synchronize the system time using ntpdate. You may want to setup a cron job, or add to /etc/rc.local which will run after all other services loaded including ntpd sync the hwclock --systohc to get the hardware clock to the current time.
0
 

Author Comment

by:sobeservices2
ID: 34972265
stop ntp did not work?
stop command not found

hwclock shows
Thu 24 Feb 2011 12:34:46 PM EST  -0.316614 seconds
0
 
LVL 5

Expert Comment

by:mooodiecr
ID: 34972719
I think the command you are looking for is

service ntpd stop
0
 

Author Comment

by:sobeservices2
ID: 34972741
ok then what should I do?
0
 
LVL 5

Assisted Solution

by:mooodiecr
mooodiecr earned 83 total points
ID: 34972834
you will want to watch your time on the server for a while and see if time is getting off by anything that you can actually measure.  -0.xxxxxxx seconds to me is acceptable.  you can run the hwclock command to see how far off the internal clock is running.  You will notice the more work the system sees that this can spike to -1.xxxx or even -2.xxxxx seconds.  This is visible if you run the hwclock command back to back as quick as the system can respond to you.  The -0.xxxxxx will grow.  if you stop for 4-5 seconds and run the command again you will see it back to the -0.0xxxxxx range.  Again to me this is acceptable.

Unless you have a reason to require that time is exact I would leave the NTP service off if it is negatively effecting your system.  But be sure to watch and see if time falls behind as there could be a completely different reason why the NTP service was using so many resources.  

0
 

Author Comment

by:sobeservices2
ID: 34973096
This is what I am getting
Time:    Thu Feb 24 14:02:32 2011 -0500
PID:     7326
Account: ntp
Uptime:  94710 seconds


Executable:

/usr/sbin/ntpd


Command Line (often faked in exploits):

ntpd -u ntp:ntp -p /var/run/ntpd.pid -g


Network connections by the process (if any):

udp: 0.0.0.0:123 -> 0.0.0.0:0
udp6: 0.0.0.0:123 -> 0.0.0.0:0
udp6: 254.227.31.117:123 -> 0.0.0.0:0
udp: 127.0.0.1:123 -> 0.0.0.0:0
udp: 000.13.222.000:123 -> 0.0.0.0:0



Files open by the process (if any):

/dev/null
/dev/null
/dev/null


Memory maps by the process (if any):

00110000-00263000 r-xp 00000000 08:06 4587525    /lib/libc-2.5.so
00263000-00265000 r-xp 00152000 08:06 4587525    /lib/libc-2.5.so
00265000-00266000 rwxp 00154000 08:06 4587525    /lib/libc-2.5.so
00266000-00269000 rwxp 00266000 00:00 0
00269000-00279000 r-xp 00000000 08:06 4587767    /lib/libresolv-2.5.so
00279000-0027a000 r-xp 0000f000 08:06 4587767    /lib/libresolv-2.5.so
0027a000-0027b000 rwxp 00010000 08:06 4587767    /lib/libresolv-2.5.so
0027b000-0027d000 rwxp 0027b000 00:00 0
002a7000-002c2000 r-xp 00000000 08:06 4587522    /lib/ld-2.5.so
002c2000-002c3000 r-xp 0001a000 08:06 4587522    /lib/ld-2.5.so
002c3000-002c4000 rwxp 0001b000 08:06 4587522    /lib/ld-2.5.so
003c5000-003c8000 r-xp 00000000 08:06 4587654    /lib/libcap.so.1.10
003c8000-003c9000 rwxp 00002000 08:06 4587654    /lib/libcap.so.1.10
004b5000-00528000 r-xp 00000000 08:03 1428117    /usr/sbin/ntpd
00528000-0052e000 rwxp 00073000 08:03 1428117    /usr/sbin/ntpd
0052e000-005be000 rwxp 0052e000 00:00 0
005c7000-005ee000 r-xp 00000000 08:06 4587763    /lib/libm-2.5.so
005ee000-005ef000 r-xp 00026000 08:06 4587763    /lib/libm-2.5.so
005ef000-005f0000 rwxp 00027000 08:06 4587763    /lib/libm-2.5.so
006e8000-006ec000 r-xp 00000000 08:06 6947020    /lib/libnss_dns-2.5.so
006ec000-006ed000 r-xp 00003000 08:06 6947020    /lib/libnss_dns-2.5.so
006ed000-006ee000 rwxp 00004000 08:06 6947020    /lib/libnss_dns-2.5.so
0076a000-0076b000 r-xp 0076a000 00:00 0          [vdso]
00a5d000-00a67000 r-xp 00000000 08:06 6947022    /lib/libnss_files-2.5.so
00a67000-00a68000 r-xp 00009000 08:06 6947022    /lib/libnss_files-2.5.so
00a68000-00a69000 rwxp 0000a000 08:06 6947022    /lib/libnss_files-2.5.so
00ab4000-00bde000 r-xp 00000000 08:06 4590755    /lib/libcrypto.so.0.9.8e
00bde000-00bf1000 rwxp 00129000 08:06 4590755    /lib/libcrypto.so.0.9.8e
00bf1000-00bf5000 rwxp 00bf1000 00:00 0
00f1b000-00f2d000 r-xp 00000000 08:03 1270947    /usr/lib/libz.so.1.2.3
00f2d000-00f2e000 rwxp 00011000 08:03 1270947    /usr/lib/libz.so.1.2.3
00f7b000-00f7e000 r-xp 00000000 08:06 4587773    /lib/libdl-2.5.so
00f7e000-00f7f000 r-xp 00002000 08:06 4587773    /lib/libdl-2.5.so
00f7f000-00f80000 rwxp 00003000 08:06 4587773    /lib/libdl-2.5.so
08820000-08841000 rw-p 08820000 00:00 0          [heap]
b7f0a000-b7f0d000 rw-p b7f0a000 00:00 0
bfad9000-bfaef000 rw-p bffe8000 00:00 0          [stack]
0
 

Author Comment

by:sobeservices2
ID: 34973098
Time:         Thu Feb 24 14:02:32 2011 -0500
Account:      ntp
Resource:     Process Time
Exceeded:     94710 > 1800 (seconds)
Executable:   /usr/sbin/ntpd
Command Line: ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
PID:          7326
Killed:       No
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 334 total points
ID: 34973348
I do not see external servers referenced with which ntp will synchronize.

add to /etc/ntp/ntp.conf
server 0.us.pool.ntp.org
server 1.us.pool.ntp.org

and restart NTP
servce ntpd restart

See if this issue returns.
0
 

Author Comment

by:sobeservices2
ID: 34973408
I got this again

Time:    Thu Feb 24 14:35:37 2011 -0500
PID:     3006
Account: ntp
Uptime:  106 seconds


Executable:

/usr/sbin/ntpd


Command Line (often faked in exploits):

ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
0
 

Author Comment

by:sobeservices2
ID: 34973415
Like my CSF firewall

is t rigging the error
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 77

Expert Comment

by:arnold
ID: 34975109
you can try to use ntpq to see if it can reach the configured SNTP servers.
0
 

Author Comment

by:sobeservices2
ID: 34975141
how?
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 334 total points
ID: 34977129
/usr/sbin/ntpq lpeers
/usr/sbin/ntpq -p
http://support.ntp.org/bin/view/Support/TroubleshootingNTP

What/where is this error displayed?
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 83 total points
ID: 34978366
This message just results of ntpd being a never-ending process, so it's process time will accumulate beyond the lfd default limit of 1800 seconds.

Add /usr/sbin/ntpd to the csf.pignore file and this message will not appear again

wmp
0
 

Author Comment

by:sobeservices2
ID: 34983602
A little lost now what should I do continuing to get it

Time:    Fri Feb 25 16:03:00 2011 -0500
PID:     3006
Account: ntp
Uptime:  91749 seconds


Executable:

/usr/sbin/ntpd


Command Line (often faked in exploits):

ntpd -u ntp:ntp -p /var/run/ntpd.pid -g


Network connections by the process (if any):
0
 

Author Comment

by:sobeservices2
ID: 34983619
arnold here is results of your post


root@server [~]# /usr/sbin/ntpq lpeers
Name or service not known
ntpq>


root@server [~]# /usr/sbin/ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+211.229.223.67. 72.26.217.210    3 u  776 1024  377   44.152   -9.862   0.119
*68.68.18.78.cus 192.43.244.18    2 u  232 1024  377   39.296   -9.311   0.175
+triangle.kansas 128.252.19.1     2 u  875 1024  377   19.077    3.481   7.149
 LOCAL(0)        .LOCL.          10 l   45   64  377    0.000    0.000   0.001
root@server [~]#
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34983757
Did you try my "csf.pignore" suggestion? Don't forget to recycle csf!

wmp
0
 

Author Comment

by:sobeservices2
ID: 34983782
What didn't do anything when I typed in csf.pignore
How do I recycle csf? what does that mean
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34983834
csf.pignore is a configuration file, not a command!
Recycle csf means stop then start csf.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 334 total points
ID: 34985225
NTP seems to be configured and connecting, I do not know what generates the events you posted nor it is unclear to me what it is trying to alert.
0
 

Author Closing Comment

by:sobeservices2
ID: 35161712
Overall ok
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now