System Administration Commands nfslogd(1M)
NAME
nfslogd - nfs logging daemon
SYNOPSIS
/usr/lib/nfs/nfslogd
DESCRIPTION
The nfslogd daemon provides operational logging to the
Solaris NFS server. It is the nfslogd daemon's job to gen-
erate the activity log by analyzing the RPC operations pro-
cessed by the NFS server. The log will only be generated for
file systems exported with logging enabled. This is speci-
fied at file system export time by means of the
sharenfs(1M) command.
NFS server logging is not supported on Solaris machines that
are using NFS Version 4.
Each record in the log file includes a time stamp, the IP
address (or hostname if it can be resolved) of the client
system, the file or directory name the operation was per-
formed on, and the type of operation. In the basic format,
the operation can either be an input (i) or output (o)
operation. The basic format of the NFS server log is compa-
tible with the log format generated by the Washington
University FTPd daemon. The log format can be extended to
include directory modification operations, such as mkdir,
rmdir, and remove. The extended format is not compatible
with the Washington University FTPd daemon format. See
nfslog.conf(4) for details.
The NFS server logging mechanism is divided in two phases.
The first phase is performed by the NFS kernel module, which
records raw RPC requests and their results in work buffers
backed by permanent storage. The location of the work
buffers is specified in the /etc/nfs/nfslog.conf file. Refer
to nfslog.conf(4) for more information. The second phase
involves the nfslogd user-level daemon, which periodically
reads the work buffers, interprets the raw RPC information,
groups related RPC operations into single transaction
records, and generates the output log. The nfslogd daemon
then sleeps waiting for more information to be logged to the
work buffers. The amount of time that the daemon sleeps can
be configured by modifying the IDLETIME parameter in
/etc/default/nfslogd. The work buffers are intended for
internal consumption of the nfslogd daemon.
SunOS 5.11 Last change: 2 Dec 2004 1
System Administration Commands nfslogd(1M)
NFS operations use file handles as arguments instead of path
names. For this reason the nfslogd daemon needs to maintain
a database of file handle to path mappings in order to log
the path name associated with an operation instead of the
corresponding file handle. A file handle entry is added to
the database when a client performs a lookup or other NFS
operation that returns a file handle to the client.
Once an NFS client obtains a file handle from a server, it
can hold on to it for an indefinite time, and later use it
as an argument for an NFS operation on the file or direc-
tory. The NFS client can use the file handle even after the
server reboots. Because the database needs to survive server
reboots, it is backed by permanent storage. The location of
the database is specified by the fhtable parameter in the
/etc/nfs/nfslog.conf file. This database is intended for the
internal use of the nfslogd daemon.
In order to keep the size of the file handle mapping data-
base manageable, nfslogd prunes the database periodically.
It removes file handle entries that have not been accessed
in more than a specified amount of time. The PRUNETIMEOUT
configurable parameter in /etc/default/nfslogd specifies
the interval length between successive runs of the pruning
process. A file handle record will be removed if it has not
been used since the last time the pruning process was exe-
cuted. Pruning of the database can effectively be disabled
by setting the PRUNETIMEOUT as high as INTMAX.
When pruning is enabled, there is always a risk that a
client may have held on to a file handle longer than the
PRUNETIMEOUT and perform an NFS operation on the file han-
dle after the matching record in the mapping database had
been removed. In such case, the pathname for the file handle
will not be resolved, and the log will include the file han-
dle instead of the pathname.
There are various configurable parameters that affect the
behavior of the nfslogd daemon. These parameters are found
in /etc/default/nfslogd and are described below:
UMASK Sets the file mode for the log
files, work buffer files and file
handle mapping database.
MINPROCESINGSIZE Specifies the minimum size, in
bytes, that the buffer file must
SunOS 5.11 Last change: 2 Dec 2004 2
System Administration Commands nfslogd(1M)
reach before processing the work
information and writing to the
log file. The value of
MINPROCESINGSIZE must be
between 1 and ulimit.
IDLETIME Specifies the amount of time, in
seconds, the daemon should sleep
while waiting for more informa-
tion to be placed in the buffer
file. IDLETIME also determines
how often the configuration file
will be reread. The value of
IDLETIME must be between 1 and
INTMAX.
MAXLOGSPRESERVE The nfslogd periodically cycles
its logs. MAXLOGSPRESERVE
specifies the maximum number of
log files to save. When
MAXLOGSPRESERVE is reached, the
oldest files will be overwritten
as new log files are created.
These files will be saved with a
numbered extension, beginning
with filename.0. The oldest file
will have the highest numbered
extension up to the value config-
ured for MAXLOGSPRESERVE. The
value of MAXLOGSPRESERVE must
be between 1 and INTMAX.
CYCLEFREQUENCY Specifies how often, in hours,
the log files are cycled.
CYCLEFREQUENCY is used to insure
that the log files do not get
too large. The value of
CYCLEFREQUENCY must be between 1
and INTMAX.
MAPINGUPDATEINTERVAL Specifies the time interval, in
seconds, between updates of the
records in the file handle to
path mapping tables. Instead of
updating the atime of a record
each time that record is
accessed, it is only updated if
it has aged based on this
SunOS 5.11 Last change: 2 Dec 2004 3
System Administration Commands nfslogd(1M)
parameter. The record access
time is used by the pruning rou-
tine to determine whether the
record should be removed from the
database. The value of this
parameter must be between 1 and
INTMAX.
PRUNETIMEOUT Specifies when a database record
times out, in hours. If the time
that elapsed since the record was
last accessed is greater than
PRUNETIMEOUT then the record can
be pruned from the database. The
default value for PRUNETIMEOUT
is 168 hours (7 days). The value
of PRUNETIMEOUT must be between
1 and INTMAX.
EXIT STATUS
The following exit values are returned:
0 Daemon started successfully.
1 Daemon failed to start.
FILES
/etc/nfs/nfslogtab
/etc/nfs/nfslog.conf
/etc/default/nfslogd
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 2 Dec 2004 4
System Administration Commands nfslogd(1M)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWnfssu
SEE ALSO
sharenfs(1M), nfslog.conf(4), attributes(5)
SunOS 5.11 Last change: 2 Dec 2004 5
|
