The default clientloglimit in chrony.conf is 524288bytes, which according to the docs is good for about 4000 clients.
Has anybody run in to that limit with clients when running pool servers? If so at what sorts of bandwidths does it happen?
Is anybody adjusting this value or do you just turn it off with noclientlog?
I find that chronyc clients command is not very helpful when you have a large number of clients.
It would be more interesting to have a chronyc clients --summary or some such command that outputs the total number of clients being served, perhaps also with a switch for IPv6 and IPv4.
Iām running with a limit of "clientloglimit 262144ā. chrony serverstats shows āclient logs droppedā. The longer chronyd will run, the more is droppedā¦
Define āthe number of clientsā? If once 2h ago one NTP packet was served to a client, is that still a client? 24h? So Iām fine with dropping lots of client statisticsā¦ when chronyd runs long enough, clients logs will be dropped anyway. Just keeping a small log, to see that everything still works.
Disabling the clientlog can decrease the CPU load and improve the maximum packet rate slightly (maybe 1%).
Increasing the limit can be useful to better support the interleaved mode. If the limit is too small, a client polling at 1024s interval might not be getting interleaved responses as the previous transmit timestamp was already dropped to make room for a different address. From what I have seen, very few clients have the interleaved mode enabled. Starting with chrony-4.2, the interleaved-specific data is separate from the addresses and it can work on a busy server even if the limit is small.
On my servers I have the limit set to 100000000. There is a script which looks for abusive clients every 30 minutes. If one address sends over 500k packets in that interval, a 10s tcpdump capture is made so I can investigate it and it doesnāt consume much of the disk space.
So around 520K client entries. Number of active clients of course would be much lesser.
Depending on the nature of traffic your server gets, you can use the -p option to filter client records greater than a certain number.
chronyc -c -n clients -p 1800 -r
The -r option resets the statistics - so you can find ābadā clients easily.