Sun Microsystems, Inc.
spacerspacer
spacer   www.sun.com docs.sun.com | | |  
spacer
black dot
   
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
    
 
System Administration Commandsnfslogd(1M)


NAME

 nfslogd - nfs logging daemon

SYNOPSIS

 
/usr/lib/nfs/nfslogd

DESCRIPTION

 

The nfslogd daemon provides operational logging to the Solaris NFS server. It is the nfslogd daemon's job to generate the activity log by analyzing the RPC operations processed by the the NFS server. The log will only be generated for file systems exported with logging enabled. This is specified at file system export time by means of the share_nfs(1M) command.

Each record in the log file includes a time stamp, the IP address (or hostname if it can be resolved) of the client system, the file or directory name the operation was performed on, and the type of operation. In the basic format, the operation can either be an input (i) or output (o) operation. The basic format of the NFS server log is compatible with the log format generated by the Washington University FTPd daemon. The log format can be extended to include directory modification operations, such as mkdir, rmdir, and remove. The extended format is not compatible with the Washington University FTPd daemon format. See nfslog.conf(4) for details.

The NFS server logging mechanism is divided in two phases. The first phase is performed by the NFS kernel module, which records raw RPC requests and their results in work buffers backed by permanent storage. The location of the work buffers is specified in the /etc/nfs/nfslog.conf file. Refer to nfslog.conf(4) for more information. The second phase involves the nfslogd user-level daemon, which periodically reads the work buffers, interprets the raw RPC information, groups related RPC operations into single transaction records, and generates the output log. The nfslogd daemon then sleeps waiting for more information to be logged to the work buffers. The amount of time that the daemon sleeps can be configured by modifying the IDLE_TIME parameter in /etc/default/nfslogd. The work buffers are intended for internal consumption of the nfslogd daemon.

NFS operations use file handles as arguments instead of path names. For this reason the nfslogd daemon needs to maintain a database of file handle to path mappings in order to log the path name associated with an operation instead of the corresponding file handle. A file handle entry is added to the database when a client performs a lookup or other NFS operation that returns a file handle to the client.

Once an NFS client obtains a file handle from a server, it can hold on to it for an indefinite time, and later use it as an argument for an NFS operation on the file or directory. The NFS client can use the file handle even after the server reboots. Because the database needs to survive server reboots, it is backed by permanent storage. The location of the database is specified by the fhtable parameter in the /etc/nfs/nfslog.conf file. This database is intended for the internal use of the nfslogd daemon.

In order to keep the size of the file handle mapping database manageable, nfslogd prunes the database periodically. It removes file handle entries that have not been accessed in more than a specified amount of time. The PRUNE_TIMEOUT configurable parameter in /etc/default/nfslogd specifies the interval length between successive runs of the pruning process. A file handle record will be removed if it has not been used since the last time the pruning process was executed. Pruning of the database can effectively be disabled by setting the PRUNE_TIMEOUT as high as INT_MAX.

When pruning is enabled, there is always a risk that a client may have held on to a file handle longer than the PRUNE_TIMEOUT and perform an NFS operation on the file handle after the matching record in the mapping database had been removed. In such case, the pathname for the file handle will not be resolved, and the log will include the file handle instead of the pathname.

There are various configurable parameters that affect the behavior of the nfslogd daemon. These parameters are found in /etc/default/nfslogd and are described below:

UMASK
Sets the file mode for the log files, work buffer files and file handle mapping database.
MIN_PROCESSING_SIZE
Specifies the minimum size, in bytes, that the buffer file must reach before processing the work information and writing to the log file. The value of MIN_PROCESSING_SIZE must be between 1 and ulimit.
IDLE_TIME
Specifies the amount of time, in seconds, the daemon should sleep while waiting for more information to be placed in the buffer file. IDLE_TIME also determines how often the configuration file will be reread. The value of IDLE_TIME must be between 1 and INT_MAX.
MAX_LOGS_PRESERVE
The nfslogd periodically cycles its logs. MAX_LOGS_PRESERVE specifies the maximum number of log files to save. When MAX_LOGS_PRESERVE is reached, the oldest files will be overwritten as new log files are created. These files will be saved with a numbered extension, beginning with filename.0. The oldest file will have the highest numbered extension up to the value configured for MAX_LOGS_PRESERVE. The value of MAX_LOGS_PRESERVE must be between 1 and INT_MAX.
CYCLE_FREQUENCY
Specifies how often, in hours, the log files are cycled. CYCLE_FREQUENCY is used to insure that the log files do not get too large. The value of CYCLE_FREQUENCY must be between 1 and INT_MAX.
MAPPING_UPDATE_INTERVAL
Specifies the time interval, in seconds, between updates of the records in the file handle to path mapping tables. Instead of updating the atime of a record each time that record is accessed, it is only updated if it has aged based on this parameter. The record access time is used by the pruning routine to determine whether the record should be removed from the database. The value of this parameter must be between 1 and INT_MAX.
PRUNE_TIMEOUT
Specifies when a database record times out, in hours. If the time that elapsed since the record was last accessed is greater than PRUNE_TIMEOUT then the record can be pruned from the database. The default value for PRUNE_TIMEOUT is 168 hours (7 days). The value of PRUNE_TIMEOUT must be between 1 and INT_MAX.

EXIT STATUS

 

The following exit values are returned:

0
Daemon started successfully.
1
Daemon failed to start.

FILES

 
/etc/nfs/nfslogtab
/etc/nfs/nfslog.conf
/etc/default/nfslogd

ATTRIBUTES

 

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPEATTRIBUTE VALUE
AvailabilitySUNWnfssu

SEE ALSO

 

share_nfs(1M), nfslog.conf(4), attributes(5)


SunOS 5.9Go To TopLast Changed 6 Nov 2000

 
      
      
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.