What do you use to get traffic insights from your servers?

I am running a few NTP servers from past few months and I would like to get some more insights about the traffic I get on my servers. I have seen people posting stats about the country wise traffic, pretty graphs.

So what setup do you use to get these kind of insights. Just wanted to know how everyone’s setup looks like and differs from each other.


For basic traffic I log via ntpq -c iostats which gives packes in/out. I also run ntpq -c rv -c peers -n and parse that for various other bits of how NTP is operating. Pass that into your favorite RRD graphing program…

When I want to log NTP traffic I do it via iptables / rsyslog / mysql…

Basically iptables will output NTP specific traffic prepended with a certain tag.
Then rsyslog looks for that tag and redirects it to a UDP socket.
The socket is just a basic script that parses the iptables format and inserts the relevant data into MySQL.
Then at my leisure I’ll run another script that searches all the IPs for their country via a (free) database from ip2location or maxmind (I can’t remember which, they are basically the same).


I use IPTables as a packet counter and log with Munin which produces graphs for the last 24 hours, 7 days, 30 days and year.

I am not sure Munin has a standard plugin for NTP traffic. I wrote my own plugin which not only counts NTP traffic, but also SMTP, HTTP, POPS and other traffic to each server. Munin does ship with a standard plugin for internal statistics of your NTP server.

1 Like

I use munin with the ntp_packet plugin to monitor the ntpd repsonse (packet, kod, invalid) and bypass iptaqbles / nft connection tracking for performance.


also you can use ntpsec daemon, it have ntpviz tool in sources to do cool graphs :slight_smile: (or use ntpviz with classic ntpd, but don’t ask me “how”) If you will use ntpsec in production, I recommend build it from latest sources. It have performance optimizations in January.

I use Grafana for monitoring.