IOS "show clock" results' heading symbols

 R0>show clock
 *00:20:29.467 UTC Fri Mar 1 2002 
 R0>

We all know by "show clock" command we can know the system time on an IOS host. Do you notice there are some symbols ahead of the result output? Here is my research:

Reference of show clock on Cisco.com

Table 15 show clock Display Leading Symbol Descriptions

Symbol	Description
*	Time is not authoritative.
(blank)	Time is authoritative.
.	Time is authoritative, but NTP is not synchronized.

* NOTE: the above table also applies to log messages!


I remember them this way: no news is good news: symbol "blank" > dot "." > star "*". I will explain from the worst one.

Symbol Star "*"

When an IOS platform boots without a "hardware clock" (IOS call it a "calendar"), IOS pick some time value by itself. The system time is something like this:

 R0>show clock
 *00:20:29.467 UTC Fri Mar 1 2002 
 R0>

This star symbol is reminding us that the time value should not be trusted at all.

Symbol Dot "."

If somehow we enabled NTP, and the NTP is not yet synchronized, then IOS uses a dot "." symbol.

 R0>show clock
 .01:57:20.026 UTC Mon May 4 2009

We should not trust the time value, either. But the good news is: NTP is already configured, although not yet working.

This is also an indication of NTP synchronization problem.

Blank

This is the best result, so the time value can be trusted.

 R0>show clock
 01:07:21.356 UTC Mon May 4 2009

However, if we did not enable NTP function at all and used "clock set" command to manually set the time, the result is also blank. We cannot tell the difference in such case!

These symbols also apply to log messages!

This is very important to us. We will know whether or not we should trust the time values associated with each log messages.

*Mar  1 00:12:02.267: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:12:11.143: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:12:13.915: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:12:52.695: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:13:55.923: %SYS-5-CONFIG_I: Configured from console by console
.May  4 01:29:10.951: %SYS-5-CONFIG_I: Configured from console by console
.May  4 01:29:41.195: %SYS-5-CONFIG_I: Configured from console by console
.May  4 01:29:50.083: %SYS-5-CONFIG_I: Configured from console by console
May  4 01:31:12.262: %SYS-5-CONFIG_I: Configured from console by console
May  4 01:31:20.272: %SYS-5-CONFIG_I: Configured from console by console

Conclusion: enable NTP as early as you can!

From above analysis, if we enable NTP, then we will get only 2 possible outcomes: blank or dot. In other words: "trust" or "don't trust". We can thus make log messages much more trustworthy!