Top of Page

Domain Time II Audit Server
Version 5.2

Data Collection


Audit Server can collect a variety of data from audited systems. It can then present this data to you in different ways to help monitor the health of your network time, interface with other systems, and for regulatory compliance purposes.

    Audit Data Types
    Audit Server collects two main types of data from audited systems. You can view any type of data collected by Audit Server by clicking on the "Audit Server" category in the left-hand column of Manager's interface

      . Audit Results Records - a snapshot record of information about the audited system taken at the time of the audit. It contains information such as current time on the target, it's last time source, etc. Daily Reports can be generated based on the Audit Result Records during each audit run to summarize and/or export data.

      . Synchronization (Drift) logs - a running log of time deltas (either reported or measured, depending on the type of audited time client and protocol).

 
Audit Results Records
Audit Results Records are highly compact collections of data collected from audited systems during an audit run.

    Audit Results records can be gathered from
      — Domain Time systems on Windows
      — domtimed daemons running on 'nix systems
      — From machines running NTP daemons that respond to time request packets

    Domain Time machines will provide more complete statistics on their operation than do NTP sources, but both contain enough data for auditing/alerting purposes.

    Audit Result Record Details
    Audit Result Record Details   [Click for larger size]

    The data from all audited machines during an audit run are collected into audit results files kept in the Audit Data Cache folder. The folder location is specified on the Audit Server -> Advanced -> Data Folders... menu (by default, C:\Program Files\Domain Time II\Audit Data Cache). Each audit run results in a new file.

    Disk requirements

    Although each individual audit record file is highly compact, the The size of each individual audit results file depends on how many machines are included. If unattended (and unlimited by the Audit Tasks setting described above), the folder can grow to contain a very large amount of data. You should plan to regularly archive this data off to your normal archival storage.

    Please see the Audit Disk Space Estimator page to calculate your disk space requirements for storing audit data.

    You may configure Audit Server to limit the growth of the Audit Data Cache by deleting all Audit Results Records over a certain age. This setting is found on the Audit Server -> Audit Tasks menu item.

    Audit Data Viewer
    Audit Data Viewer   [Click for larger size]

    Audit Results Records are viewed using a utility program called Audit Data Viewer (DTREADER.EXE-launched automatically when you view results through Manager). The DTReader utility is associated with files having the extension .dtad (DT Audit Data) during the installation of Audit Server. However, it can be used to view Audit Record Results files on other systems. Simply copy the program to any machine from which you'd like to view audit records.

    Note: DTREADER.EXE does not function on Windows Server Core systems. To view sync logs collected by Audit Server on Server Core systems, you must copy the DTREADER.EXE utility to a non-Core system and use it from there to view the .dtad audit records through a network share on the Core machine.

    Daily Reports
    Daily Reports are summary results files using a user-specified format, created during each audit run from audit record data. They are particularly useful for exporting audit data to external programs.

      You set up Daily Reports using the Audit Server -> Daily Reports -> Configure menu item.

      Audit Server Daily Report Configuration Dialog
      Audit Server Daily Report Configuration Dialog   [Click for smaller size]

      When enabled, Audit Server will create a special summary log of audit records each day in the folder specified for Daily Reports on the Audit Server -> Advanced -> Data Folders... menu item. Click the Audit Server -> Daily Reports -> View menu item to browse through the existing reports.

      Notes:

      Daily Audit Summary Logs only include information from audit records; they do not include information from the Synchronization Logs.

      The View Logs button displays the contents of the Daily Report Summary collection folder using the Explorer shell which does not function on Windows Server Core systems. Use Notepad to view the files manually or view them from a remote machine using any text reader.

      A new summary log file will be created each day. Any audits performed during that day will be appended to the log.

      Daily Reports are particularly useful if you are using your own log file collection and analysis program and need the audit record information to appear in a particular format to be imported correctly.

      You may specify the date format and extension to be used in creating filenames. The default extension is .txt, however, as of version 5.2.b.20160922, you may specify .htm or .html which will wrap the output in minimal HTML tags sufficient for viewing with a browser.

      The Daily Report Format section is where you specify how data will appear in the log. You can specify the format of the header used before the records as well as the format of the records themselves.

      The format string entered in the text field indicates the order of data variables (keywords surrounded by the % character) which represent specific data collected from the audited machine, special characters (such as \r representing a carriage return), and delimiters (if any) used to create each line of the log file. You can preview the effect of your settings by clicking the Show Example button.

      For example the format string:

        %Status%,%MachineName%,%IP%,%DST%,%TimeZone%\r\n

      results in a log file entry with this format:

        #
        # Audit results from audit performed at 17:00:00 UTC
        #
        # Status,MachineName,IP,DST,TimeZone\r\n
        OK,DC_2,172.10.1.12,Y,Central Daylight Time
        OK,PDC,172.10.1.10,Y,Central Daylight Time
        OK,NTP Server,192.43.244.18,?,Unknown

      Note that the entry for the NTP server in the example above shows ? in the DST and Unknown in the TimeZone fields. This information is only available from Domain Time II components.

      These are the items that can be included in the format string:

      Delimiters
      You may specify any text you want to use between variables in the format string.

      Special Characters

      \nline feed
      \rcarriage return
      \ttab character
      \\backslash character
      %%percent sign character

      Data Variables

      %Status%Whether or not the machine was audited successfully
      Returns OK or Err
      %AuditStampVersion%Audit stamp version number
      %ContactFailures%Number of consecutive contact failures
      %SecsSinceLastSet%Number of seconds since time was last set
      %Variance%Variance from reference at time of audit
      %LastContact%Time this machine was last contacted
      %SerialNumber%Machine's serial number
      %LastProtocol%Name of last time protocol used to set the time
      %LocalTime%Local time (adjusted for timezone and dst) at time of audit
      %UTC%UTC time at time of audit
      %LastVariance%Variance last time machine corrected its time
      %Corrections%Number of time corrections since last startup
      %Checks%Number of time checks (whether or not correction made) since startup
      %Errors%Number of times machine encountered an error while checking the time
      %InstallDate%Time this machine's client was installed
      %UnixTime%Time (in seconds) at time of audit (usually matches LocalTime)
      %LastSet%Time machine last corrected its time
      %LastStartup%Time machine last started the time service
      %LastSource%Most recently-used time source
      %TimeZone%Time zone (for example, "Eastern Standard Time")
      %Version%Version number of time software on machine
      %MachineName%Machine's NetBIOS name
      %DNSName%Machine's DNS name (if available)
      %IP%Machine's last-known IP address
      %DST%Y if machine is known to be applying Daylight Savings Time correction
      N if machine is known to NOT be applying DST correction
      ? if machine's treatment of Daylight Savings Time is unknown
      %Role%Machine's Domain Time II role (client, server, etc)
      %Registered%Y if software is registered
      N if software is an evaluation copy (or not a Domain Time component)
      %OS%Name of architecture, operating system, and OS version
      %AverageInfo%List of servers used for averaging (if available)


Synchronization (Drift) Logs
Audit Server can collect or generate several types of synchronization logs from audited machines into a central location where they can be reviewed, maintained, or archived off for data retention purposes.

    Logs collected from Domain Time Servers and Clients:

    • Domain Time II Synchronization logs - a running log of the results of each successful DT2 or NTP time synchronization (or sample aggregation if using PTP) by the Domain Time Server or Client.

        Domain Time II Synchronization logs are only available from Domain Time Clients or Servers running on Windows systems. The logs are kept locally on each Server or Client, but are copied and appended to to the Audit Server data store during an audit run. The time deltas contained in these records show the results of time corrections applied by Client or Server to match its configured time source(s). This information is reported by the audited machine itself and reflects its perspective of time accuracy as compared to its sources.

        Machines selected to be audited on either the Domains and Workgroups or Domain Time II Machines Manager lists will collect this type of sychronization log. Domain Time Synchronization log filenames begin with the Domain Time Serial Number and have the file extension .dt

    • Domain Time II PTP Offset Synchronization logs - a running log of the reported offset between the Domain Time Slave and its PTP Master (using the PTP protocol).

        Domain Time II PTP Offset Synchronization logs are only available from Domain Time Clients or Servers running on Windows systems. The logs are kept locally on each Server or Client, but are copied and appended to to the Audit Server data store during an audit run. The time deltas contained in these records show the results of time corrections applied by Client or Server to match its PTP master. This information is reported by the audited machine itself and reflects its perspective of time accuracy as compared to its sources.

        Machines selected to be audited on either the Domains and Workgroups or Domain Time II Machines Manager lists will collect this type of sychronization log (if also enabled on the Synchronization Log configuration dialog). Domain Time PTP Offset Synchronization log filenames begin with the Domain Time Serial Number and have the file extension _ptp.dt

    Notes:

    Domain Time II Synchronization Logs can only be collected from Windows Domain Time II Server and Clients version 3.1 and later. Domain Time II PTP Offset Logs may only be collected if all components (Audit Server/Manager and Client/Server) are version 5.2.b.2015037 or later.

    Both of these logs are limited in size on the Client or Server and older data scrolls off over time. Using Audit Server to collect this information allows you to preserve this data for audit trail and archival purposes. Note, in order to have a complete central record, you must Audit the machines often enough to collect the data before it scrolls off on the individual machines.

    Connecting to Domain Time versions prior to 5.2, the Audit Server must use credentials with sufficient rights to connect to the administrative shares on the remote systems to collect drift logs. Current versions obtain the data using direct communication over Port 9909 UDP/TCP.

    Drift Logs generated by tracking other systems:

    • NTP Server Drift logs - a running log of the time deltas of audited NTP Servers measured at the time of each audit run.

        NTP Server Drift logs can be collected from any machine that responds to a standard NTP time request. Drift files for each audited NTP Server are created/appended to during audit runs. The time deltas contained in these records show the measured difference between the NTP timestamp replies and Manager's configured Reference Time source(s).

        Machines selected to be audited on Manager's NTP Server list will collect this type of sychronization log. NTP Server Drift log filenames begin with NTP Server and end in _ntp.dt

    • PTP Node Drift logs - a running log of the deltas (either reported or measured) of audited PTP Nodes.

        As of Domain Time version 5.2.b.20170101, PTP Node Drift logs can be collected from any machine that is discovered by PTP Monitor. Drift files for each audited node are created/appended to during audit runs.

        When collecting PTP master data, the delta reported is the measured difference between the Master's announced time and Manager's configured Reference Time source(s). When collecting PTP slave data, the delta reported is the reported offset between the slave and its master. See the Offset measurement section of the PTP Monitor documentation for details.

        Machines selected to be audited on the PTP Nodes list will collect this type of sychronization log (if also enabled on the Synchronization Log configuration dialog).

        PTP Nodes Drift log filenames begin with PTP Node and end in _ptp.dt

    Synchronization Log Collection Settings
    Use the Audit Server -> Synchronization Logs -> Configure menu item to bring up the Synchronization Configuration Dialog. Alternately, you may right-click the Audit Server\Synchronization Logs item in Manager's Tree and choose Configure... from the context menu.

      Synchronization Configuration Dialog
      Synchronization Configuration Dialog   [Click for larger size]

      Foreground - collection must finish before audit completes
      Background - collection finishes independent of scheduled audits
           Run background collection periodically, not just at audit time

      These choices determine whether Audit Server will collect the sync logs in a separate thread from the audit run itself. Collecting sync logs from each audited machine can take an extended amount of time, particularly if you have a large number of machines to audit. Choosing Background allows collection of the basic audit data very quickly, and then the collection of the sync logs can complete in the background. Running the collection in the background periodically can make collection even more efficient.

      Collect PTP sample data from audited Domain Time machines
      Available on version 5.2.b.20150307 or higher. If the target machine is synchronizing using PTP, its PTP offset logs can be collected at the same time as the regular drift synchronization logs. PTP offset log collection is subject to the same limits and schedule as regular drift log collection.

      Collect PTP node data from audited PTP Monitor masters
      Available on version 5.2.b.20170101 or higher. If enabled, PTP masters selected to be audited on the PTP Nodes list in Manager will have a drift file created for them. PTP master node offsets are calculated with each received Sync or Sync/Followup (typically once per second). Data is buffered internally by Audit Server server before being written to the file. Log collection is therefore more or less continuous for PTP master nodes, but it still subject to the same limits as regular drift log collection.

      Collect PTP node data from audited PTP Monitor slaves
      Available on version 5.2.b.20170101 or higher. If enabled, PTP slaves selected to be audited on the PTP Nodes list in Manager will have a drift file created for them. A new data point is generated with each commanded or scheduled sweep (typically once every 30 seconds), and are buffered internally by Audit Server before being written to the file. Log collection for PTP slaves is subject to the same limits as regular drift log collection, but does not follow the same schedule.

      Limit size of collected Synchronization Logs
      You may restrict log size by limiting the number of records kept per machine (older records are rolled off to make room for new entries), and/or by deleting all records over a certain age.

      Disk requirements

      Although the binary synchronization logs files are quite efficient at recording individual delta events, the overall disk space needed depends on how many machines are being collected and how often events are being recorded in each type of file.

      • Domain Time II Synchronization Logs
        A data point is written for each successful time synchronization (or PTP aggregation). The overall schedule for these is set by the "Timings" settings on the Server or Client, however, other events can trigger additional synchronizations. Examine a representative sample of machines in normal operation to determine the number of records you'll require.

      • Domain Time II PTP Offset Logs
        A data point is written for each received Master sync packet. The schedule for this is determined by the PTP Master sync schedule (often 1/sec).

      • NTP Drift Logs
        A data point is written each time an audit is run. The schedule for this is set by Audit Server.

      • PTP Nodes Drift Logs
        A data point is written each time an audit is run. The schedule for this is set by Audit Server.

      If unattended (and unrestricted by the Limit size of collected synchronization logs setting), the folder can grow to contain a very large amount of data. You should plan to regularly archive this data off to your normal archival storage.

      Please see the Audit Disk Space Estimator page to calculate your disk space requirements for storing synchronization logs.

      Log filename format::  
      Sets the way sync log filenames are constructed. The default format is Serial - Name

      Expand binary sync log database file to text files
      Enabling this function will cause Audit Server to create a text file version of the binary sync log collection file(s). The text files will be named and formatted according to the settings indicated. You should only use this option if you require a text file be kept for a specific purpose, since the text files are dramatically larger than the binary files. Normally, you would use the View Logs function described below to view the binary files in a more friendly graphical format and generate a text file only if necessary by clicking the button on the Drift Graph display.

    Viewing/Managing Collected Logs
    You may view collected Synchronization logs by expanding the Audit Server item in the Manager tree and clicking on the Synchronization Logs item. You may also choose the Audit Server -> Synchronization Logs -> Open Containing Folder menu item.

    • Synchronization logs are collected in the folder specified for them on the Audit Server -> Advanced -> Data Folders... menu item.

    • View the collected logs in graphical format by choosing Audit Server -> Synchronization Logs -> View Drift Graphs... from the menu. Filenames for PTP records will end in "_ptp", otherwise they are standard drift log files.

        The Drift Graph
        The Drift Graph   [Click for larger size]

        Synchronization Logs are viewed using a utility program called DTDRIFT.EXE (launched automatically when you view results through Manager). The DTDrift utility is associated with files having the extension .dt during the installation of Domain Time Server, Client, and/or Audit Server. However, it can be used to view Synchronization Log files on other systems. Simply copy the program to any machine from which you'd like to view audit records.

        Note: The DTDRIFT.EXE program does not function on Windows Server Core systems. To view sync logs collected by Audit Server on Server Core systems, you must copy the DTDRIFT.EXE utility to a non-Core system and use it from there to view the .dt synchronization logs through a network share on the Core machine.

        Hint: Double-click on any part of the graph to bring up limit markers handy for seeing the range of deltas displayed. Note you need to be zoomed in enough to see actual variations in the graph.

        Click the button to see the underlying statistical data and individual records used to create the graphical display.

    • If you have chosen to expand the binary logs to text files (see the configuration option below), you can view the text versions by choosing Audit Server -> Synchronization Logs -> View Text Reports... from the menu.

 

Next Proceed to the PTP Monitor page
Back Back to the Configure Alerts page

Domain Time II Software distributed by Microsemi, Inc.
Documentation copyright © 1995-2017 Greyware Automation Products, Inc.
All Rights Reserved
All Trademarks mentioned are the properties of their respective owners.