Marc Compere
2021-05-28 03:39:48 UTC
Hello,
I've accidentally made a chrony-top like application. It is a simple python
script that uses successive output of `chronyc -n clients` to detect which
IP addresses are (a) found in two successive reports and (b) have an
increasing NTP request count.
I made this to detect the offending IP address during sporadic periods of
unusually high NTP request activity. It turns out it detects the very high
users but also updates with typical user's NTP requests over a period of 5
to 10 seconds.
It updates the console screen every dt seconds with IPs from the most
recent highest NTP requests.
Can someone try this out and let me know if it works? It works on Ubuntu
20.04.2 quite well and reports something similar to the attached screenshot:
[image: chrony_top_screenshot.png]
It must be run as sudo or root, so make sure you read the script before
executing. It's simple and short. It makes a folder in /tmp to save output
from `chronyc -nc clients`.
MDC
I've accidentally made a chrony-top like application. It is a simple python
script that uses successive output of `chronyc -n clients` to detect which
IP addresses are (a) found in two successive reports and (b) have an
increasing NTP request count.
I made this to detect the offending IP address during sporadic periods of
unusually high NTP request activity. It turns out it detects the very high
users but also updates with typical user's NTP requests over a period of 5
to 10 seconds.
It updates the console screen every dt seconds with IPs from the most
recent highest NTP requests.
Can someone try this out and let me know if it works? It works on Ubuntu
20.04.2 quite well and reports something similar to the attached screenshot:
[image: chrony_top_screenshot.png]
It must be run as sudo or root, so make sure you read the script before
executing. It's simple and short. It makes a folder in /tmp to save output
from `chronyc -nc clients`.
MDC