The Logs and Status page contains the settings for the Domain Time service text log.
Note: If you see the Group Policy applied indicator in the lower-left corner of the applet,
there are settings on this page that are being overridden by an Active Directory Group Policy. Settings controlled by policy may be greyed-out or you may be otherwise prevented from making a change here.
See the Active Directory page for more information on using Group Policies.
Logs are kept in the %SystemRoot%\System32\ folder. There are at least four main log files collected when the service is running:
This is the currently active text log file.
If log archiving is enabled (see below), additional archived log files will be created using a
A detailed text log of the service startup process. Only data from the latest startup is included.
To view these two text logs, click the button on the applet, which launches the Domain Time Log Viewer.
A binary file containing information on each time check/correction made using the NTP and DT2 protocols, or the aggregate
of corrections made by PTP (if enabled) during the check interval configured on the Timings page.
Drift logs can also collected remotely by Domain Time Audit Server.
To view this log, click the button on the applet, which launches the Domain Time Drift Log Viewer.
IF PTP is enabled, a binary file containing information on each PTP Sync.
PTP Drift logs can also collected remotely by Domain Time Audit Server.
To view this log, click the Graph link on the Obtain the Time property page, which launches the
Domain Time Drift Log Viewer.
This section selects the properties of the domtimes.log service text log.
The Log Level drop-down chooses what type of entries to include in the log. You can increase or decrease the amount of information logged as needed.
The available levels are (in increasing amount of detail):
This switch will only disable the domtimes.log file. Other system logs, such as domtimes.startup.log and drift.dt cannot be disabled.
Errors Only messages marked as Errors will be logged
Warnings Logs will include Errors and Warnings
Information Includes Errors, Warnings, and information on the activity of the time service, such as time sources contacted, amount of clock correction, etc.
Trace Includes all of the above, plus detailed information on time setting and time sample analysis.
Debug Includes all available information provided by the service.
CAUTION: Debug logging will generate a great deal of data, so be sure to only enable it
when you need the additional information, and don't forget to turn it off when finished troubleshooting.
When you select Debug level, the button becomes enabled. Clicking this brings up a dialog where you can select exactly which type of debug messages to include in the logs.
This allows you to limit the size of the logs while troubleshooting a particular issue. Please re-enable all messages if submitting a log for analysis.
Max size: sets how large the log file is allowed to grow (in kilobytes).
Once the maximum size is reached, the oldest events will be scrolled off to make room for new events. Enter 0 (zero) if you don't want to limit the log size.
It's a good idea to set a log size that will allow you to keep enough history to troubleshoot any issues that may arise.
Enable lazy write delay of up to seconds (range 1-600)
This value specifies the maximum amount of time to wait before flushing data to the log.
Logging large amounts of information on an underpowered or busy machine can generate a great deal of overhead, which can adversly affect system performance and diminish timing accuracy.
When enabled, Domain Time will try to buffer log data in memory until the delay period is reached instead of attempting to write all events to the disk in real time. This may provide some "breathing space" for the disk system to process outstanding writes that may accumulate
from constant log activity. If the buffer fills before the limit is reached, it will be flushed to disk even if the full wait period has not expired.
Include client accesses (requests for time and control messages)
When checked, all client requests made of this machine will be logged. This includes queries for time or other information such as statistics, auditing, or status requests.
CAUTION: Enabling this option can generate a large amount of logging data and system overhead if you have a lot of clients synchronizing with this server.
Examine the log after the server has been running for a while to see if this option generates an onerous amount of data.
Enable UDP packet tracing Enable TCP packet tracing
These checkboxes cause Domain Time to log additional useful details about the time packets being used by Domain Time.
The output is similar to the output from a packet analyzer, showing you the actual packet contents and payloads.
CAUTION: Enabling this option can generate a large amount of logging data and system overhead.
You should enable these only when actively troubleshooting network issues and for short periods.
Enable Time Change Event Monitor
Tells Domain Time to use Windows auditing to help identify the user or process responsible for changing the system clock.
When checked, Domain Time will attempt to enable the Windows audit category "System" success auditing, and then watch the
security event log for events pertaining to date/time changes made by programs other than Domain Time. If such an event is detected,
Domain Time will parse the security event log entry and issue a warning in its own log. The warning will show the user
and process that changed the time, and by how much (if the information is available). These warning messages are informational
only, and should be enabled only to help track down environments where another user or process is interfering with the
If the audit policy for the machine is controlled by a group policy, then Domain Time's change to the audit policy will succeed,
but only until the next group policy refresh is applied. If you are using this feature in a domain, either undefine the group
policy setting (Local Polices/Audit Policy/Audit system events) or set it to enabled for success events.
Note: This option is complementary to, but independent of the Clock Change Monitor function, which resets the system time if unauthorized changes
to the system clock are detected. See the description of Clock Change Monitor on the Advanced page.
CAUTION: This option causes additional system overhead and uses additional
memory and resources. You should enable this option only if you are experiencing rogue time changes on your system and are having
difficulty identifying the cause. You should not run with this option enabled in normal operation.
Enable NTP4 peerstats Enable NTP4 loopstats
As of version 5.2.b.20170101, these checkboxes enable creation of ntpd-style peerstats and loopstats statistic files.
See the ntpd Compatibility page for details.
When enabled, the path where the files are collected will be displayed in the NTP Stats Folder: field.
Note: NTP must be enabled on the Serve the Time property page in order to collect these stats.
Domain Time can automatically archive the text log on a daily, weekly, or monthly schedule.
When the log is archived, all existing log events in the domtimes.log
file will be written to an archive file named
domtimes.YYYYMMDD.log (i.e. domtimes.20090928.log) and the current log file will then be cleared to accept new data.
You can choose how many archived log files to keep on the machine. When the indicated limit is reached, the oldest log file will be deleted.