nfswatch - Monitor an NFS server
/usr/sbin/nfswatch [options]
The nfswatch command can usually be run without options
and will produce useful results. However, for those occasions
when the defaults are not sufficient, the following
options are provided: Monitors packets destined for
dsthost instead of the local host. Restricts packets
being counted to those sent by srchost. Restricts packets
being counted to those sent to or from serverhost. Specifies
to monitor packets to and from all NFS servers on the
local network. Specifies the packet filter interface from
which to read packets. You can specify interfaces either
by their actual names (such as ln0) or by their generic
packet filter interface names (pfn, where n is an integer).
By default, pf0 (the first configured interface
that supports the packet filter) is used. Reads packets
from all configured network interfaces, instead of a single
device. The first ten pf devices (0-9) are checked,
and if configured, will be monitored. Reads a list of
file names (one per line) from filelist and monitors the
NFS traffic to these files in addition to the normal monitoring
of exported file systems. When logging, writes
information to the file logfile. The default is
nfswatch.log. Writes snapshots to the file snapfile. The
default is nfswatch.snap. Reads a list of device names
and file system names (one pair per line) from mapfile and
translates from one to the other when displaying file system
names. Terminates execution after running for maxtime
seconds. This is primarily for use with the -bg option.
Sets the cycle time (interval length) to timeout seconds.
The default is 10. The cycle time may also be adjusted
from the command prompt. Displays the file system NFS
monitoring data instead of the individual file data. This
option is meaningful only if specified with the -f
filelist option. The display may also be controlled from
the command prompt. Displays the individual file NFS monitoring
data instead of the file system data. This option
is meaningful only if specified with the -f filelist
option. The display may also be controlled from the command
prompt. Displays statistics on authentication packets
(individual users). Displays statistics on NFS procedures
(RPC calls) instead of per-file or per-file system
data. Displays statistics on NFS client operation rates
instead of per-file or per-filesystem data. Sets file
system, procedure, or client display to be sorted in
declining order of percent usage. By default, the display
is sorted alphabetically. This may also be toggled from
the command prompt. Turns on logging at startup time.
Logging is turned off by default, but may be enabled from
the command prompt. Starts as a daemon, running in the
background. No screen updates will be performed; all data
will be written to the log file only. When started with
this option, nfswatch will print the process id of the
daemon process. To terminate nfswatch, send the process a
SIGTERM signal, or use the -T option to set the maximum
execution time.
The nfswatch program monitors all incoming network traffic
to an NFS file server and divides it into several categories.
The number and percentage of packets received in
each category is displayed on the screen in a continuously
updated display. The screen is updated every ten seconds
by default; this time period is called an interval.
Your kernel must be configured with the packetfilter
option. (See packetfilter(7).) After kernel configuration,
any user can invoke nfswatch once the superuser has
enabled promiscuous-mode operation using the following
pfconfig command: # pfconfig +p +c interface
By default, nfswatch monitors all packets destined for the
current host. An alternate destination host to watch for
may be specified using the -dst option. If a source host
is specified with the -src option, then only packets
arriving at the destination host which were sent by the
source host are monitored. Traffic between a specific
server and its clients may be watched by specifying the
name of the server with the -server option. If the -all
option is given, then all NFS traffic on the network is
monitored. It is usually desirable to specify the -all
option whenever using the -server option.
The nfswatch screen is divided into the following three
parts: The first part, at the top of the screen, is made
up of three lines. The first line displays the name of the
host being monitored, the current date and time, and the
time elapsed since the start of monitoring.
The second line displays the total number of packets
received during the most recent interval.
The third line displays the total number of packets
received since monitoring started.
The second and third lines display three numbers
each: the total number of packets on the network,
the total number of packets received by the destination
host (possibly subject to being only from
the specified source host), and the number of packets
dropped by the monitoring interface due to
buffer space limitations. Dropped packets are not
included in the packet monitoring totals. The second
part of the screen divides the received packets
into 16 categories. Each category is displayed with
three numbers: The number of packets received this
interval. The percentage this represents of all
packets received by the host during this interval.
The total number of packets received since monitoring
started.
The packet categories are not mutually exclusive;
some packets may be counted in more than one category
(for example, NFS packets are also UDP packets).
The categories in this section and their meanings
are: Sun Network Disk read requests. Only servers
which serve clients running SunOS 3.5 or less
should display nonzero counts in this section. This
field is only counted when nfswatch is run on a
SunOS 4.x system; other versions of nfswatch count
these packets as "other." Sun Network Disk write
requests. Only servers which serve clients running
SunOS 3.5 or less should display nonzero counts in
this section. This field is only counted when
nfswatch is run on a SunOS 4.x system; other versions
of nfswatch count these packets as "other."
NFS requests which primarily result in a file system
read being performed (read file, read directory,
and so on). NFS requests which primarily
result in a file system write being performed
(write file, rename file, create file, delete file,
and so on). NFS mount requests. Sun NIS (Yellow
Pages) and NIS+ requests. All RPC reply packets
fall into this category, because RPC replies do not
contain the protocol number, and thus cannot be
classified as anything else. (If the -all option is
given, then you will see all the RPC replies on the
network in this category.) All RPC requests which
do not fall into one of the above categories.
Packets sent using the Transmission Control Protocol
(TCP). Packets sent using the User Datagram
Protocol (UDP). Packets sent using the Internet
Control Message Protocol (ICMP). Routing Information
Protocol (RIP) packets. Address Resolution
Protocol (ARP) packets. These packets are not
counted on System V Release 4 systems (except for
SunOS 5.x), due to limitations of the dlpi(7)
interface. Reverse Address Resolution Protocol
(RARP) packets. These packets are not counted on
System V Release 4 systems (except for SunOS 5.x),
due to limitations of the dlpi(7) interface. Ethernet
(or FDDI) broadcast packets. These packets
are destined for and received by all hosts on the
local network. These packets are not counted on
System V Release 4 systems (except for SunOS 5.x),
due to limitations of the dlpi(7) interface. A
catch-all for any packets not counted in any of the
above categories. The third part of the display
shows the mounted file systems exported by the file
server for mounting through NFS. If nfswatch is
monitoring the same host it is being run on, these
file systems are listed by path name. Otherwise,
the program attempts to decode the server's major
and minor device numbers for the file system, and
displays them in parentheses. (If the -all option
is given, the name of the server is also shown.)
With each file system, three numbers are displayed:
The number of NFS requests for this file system
received during the interval. The percentage this
represents of all NFS requests received by the
host. The total number of NFS requests for this
file system received since monitoring started. Up
to 256 file systems will be monitored by nfswatch
and recorded in the log file, but only as many as
will fit (2 * (LINES - 16)) will be displayed on
the screen.
If the -map mapfile option is specified, nfswatch
will read pairs of file system device specifications
(as described above) and the proper names of
the file systems from mapfile. Each line should
contain a string representing what nfswatch would
normally print, and then separated from that by
whitespace, the name that is preferred. For example:
myhost(7,24) /homedirs
If the -f filelist option is specified, a list of
file names (one per line) is read from filelist,
and the traffic to these individual files is also
monitored. The files must reside in file systems
exported by the file server. When this option is
specified, the third section of the screen will
display counters for these files, instead of for
the mounted file systems. Up to 256 individual
files will be monitored by nfswatch and recorded in
the log file, but only as many as will fit (2 *
(LINES - 16)) will be displayed on the screen.
If the -procs option is specified, instead of showing
per-file or per-file system statistics,
nfswatch shows the frequency of each NFS procedure
(RPC call) (or as many as will fit on the screen).
For each procedure, some timing statistics are also
displayed; these include the number of completed
operations (request and response seen) during the
interval, the average response time during the
interval, the standard deviation from the average
during the interval, and the maximum response time
over all time.
If the -clients option is specified, instead of
showing per-file or per-file system statistics,
nfswatch shows the operation rate of each NFS
client of the specified server or servers (or as
many as will fit on the screen).
It should be noted here that only NFS requests,
made by client machines, are counted in the NFS
packet monitoring area. The NFS traffic generated
by the server in response to these requests is not
counted.
If the -auth option is specified, the display will
show packet counts divided up by user name (or user
id, if the login name is not in the local password
file). This information is decoded from the
AUTH_UNIX authentication part of each RPC packet.
The nfswatch utility only decodes AUTH_UNIX authenticators,
the other types of authentication (for
example, AUTH_DES) are lumped into a single bucket
for each authentication type.
When logging is on, nfswatch writes one entry to the log
file each interval. The information printed to the log
file is easily readable, and basically contains a copy of
all information on the screen. Additionally, any NFS
traffic to file systems or individual files which was not
printed on the screen (due to space limitations) is
printed in the log file. Finally, in the log file, the NFS
traffic to file systems and individual files is further
broken down into counts of how many times each specific
NFS procedure was called.
The information in the nfswatch log file can be summarized
easily using the nfslogsum program.
The nfswatch utility also allows several commands to be
entered at its prompt during execution. The prompt is displayed
on the last line of the screen. For most commands,
feedback describing the effect of the command is printed
on the same line as the prompt. The commands are: Clears
and redraws the screen. Switches the display to show
statistics on individual users. Switches the display to
show statistics on NFS client hosts instead of per-file or
per-filesystem information. Toggles the display of
mounted file systems and the display of individual files
in the NFS packet monitoring area. This command is only
meaningful if the -f filelist option was specified on the
command line. (If the display is showing NFS procedures or
clients, then this command switches the display to show
file systems.) Switches the display to show statistics on
NFS procedures instead of per-file or per-filesystem
information. Toggles the logging feature. If logging is
off it is started; if logging is on, it is turned off.
Toggles display of host names or host numbers in client
mode. By default, client mode displays host names. However,
this may not be sufficient for determining the names
of unknown remote hosts, since domain names are not displayed.
This command tells nfswatch to display host numbers
instead, enabling each host to be uniquely identified.
Takes a snapshot of the current screen and saves it
to a file. This is useful to record occasional copies of
the data when the log file is not needed. Toggles the
sort key for the display of mounted file systems in the
NFS packet monitoring area. By default, these are sorted
by file system name, but they can also be sorted in
declining order of percent usage. Decreases the cycle
time (interval length) by ten seconds. This takes effect
after the next screen update. Increases the cycle time
(interval length) by ten seconds. This takes effect after
the next screen update. Decreases the cycle time (interval
length) by one second. This takes effect after the
next screen update. Increases the cycle time (interval
length) by one second. This takes effect after the next
screen update. Scrolls forward through the bottom part of
the display, if there are files/file systems/clients/procedures
not being displayed due to lack of space. Scrolls
backward. Exits nfswatch. Using the interrupt key will
also cause nfswatch to exit.
Typing any other character will cause a help screen to be
displayed.
Commands: pfstat(1), nfslogsum(8), pfconfig(8), tcpdump(8)
Networking: bpf(7), packetfilter(7)
nfswatch(8)
[ Back ] |
