nfslogd - nfs logging daemon




     The nfslogd  daemon  provides  operational  logging  to  the
     Solaris  NFS server.  It is the nfslogd daemon's job to gen-
     erate the activity log by analyzing the RPC operations  pro-
     cessed  by  the  the  NFS server.  The log will only be gen-
     erated for file systems exported with logging enabled.
      This is specified at file system export time  by  means  of
     the share_nfs(1M) command.

     Each record in the log file includes a time  stamp,  the  IP
     address  (or  hostname  if it can be resolved) of the client
     system, the file or directory name the  operation  was  per-
     formed  on, and the type of operation.  In the basic format,
     the operation can either be  an  input  (i)  or  output  (o)
     operation.  The basic format of the NFS server log is compa-
     tible with  the  log  format  generated  by  the  Washington
     University  FTPd  daemon.  The log format can be extended to
     include directory modification operations,  such  as  mkdir,
     rmdir,  and  remove.   The extended format is not compatible
     with the Washington  University  FTPd  daemon  format.   See
     nfslog.conf(4) for details.

     The NFS server logging mechanism is divided in  two  phases.
     The first phase is performed by the NFS kernel module, which
     records raw RPC requests and their results in  work  buffers
     backed  by  permanent  storage.   The  location  of the work
     buffers  is  specified  in  the  /etc/nfs/nfslog.conf  file.
     Refer  to  nfslog.conf(4)  for  more information. The second
     phase involves  the nfslogd user-level daemon, which period-
     ically reads the work buffers, interprets the raw RPC infor-
     mation, groups related RPC operations into  single  transac-
     tion records, and generates the output log. The nfslogd dae-
     mon then sleeps waiting for more information to be logged to
     the work buffers.  The amount of time that the daemon sleeps
     can be configured by modifying the  IDLE_TIME  parameter  in
     /etc/default/nfslogd.   The  work  buffers  are intended for
     internal consumption of the nfslogd daemon.

     NFS operations use file handles as arguments instead of path
     names.  For this reason the nfslogd daemon needs to maintain
     a database of file handle to path mappings in order  to  log
     the  path  name  associated with an operation instead of the
     corresponding file handle.  A file handle entry is added  to
     the  database  when  a client performs a lookup or other NFS
     operation that returns a file handle to the client.

     Once an NFS client obtains a file handle from a  server,  it
     can  hold  on to it for an indefinite time, and later use it
     as an argument for an NFS operation on the  file  or  direc-
     tory.  The NFS client can use the file handle even after the
     server reboots. Because the database needs to survive server
     reboots, it is backed by permanent storage.  The location of
     the database is specified by the fhtable  parameter  in  the
     /etc/nfs/nfslog.conf  file.   This  database is intended for
     the internal use of the nfslogd daemon.

     In order to keep the size of the file handle  mapping  data-
     base  manageable,  nfslogd prunes the database periodically.
     It removes file handle entries that have not  been  accessed
     in more than a specified amount of time.
      The     PRUNE_TIMEOUT     configurable     parameter     in
     /etc/default/nfslogd  specifies  the interval length between
     successive runs of  the  pruning  process.   A  file  handle
     record  will  be  removed  if it has not been used since the
     last time the pruning process was executed.
      Pruning of the database can effectively be disabled by set-
     ting the PRUNE_TIMEOUT as high as INT_MAX.

     When pruning is enabled, there  is  always  a  risk  that  a
     client  may  have  held  on to a file handle longer than the
     PRUNE_TIMEOUT and perform an NFS operation on the file  han-
     dle  after  the  matching record in the mapping database had
     been removed.  In such case, the pathname for the file  han-
     dle  will not be resolved, and the log will include the file
     handle instead of the pathname.

     There are various configurable parameters  that  affect  the
     behavior  of the nfslogd daemon.  These parameters are found
     in /etc/default/nfslogd and are described below:

          UMASK Sets the file mode for the log files, work buffer
                files and file handle mapping database.

                Specifies the minimum size, in  bytes,  that  the
                buffer  file
                 must   reach   before   processing  the     work
                information  and  writing  to  the log file.  The
                value of MIN_PROCESSING_SIZE
                 must be between 1 and ulimit.

                Specifies the amount of  time,  in  seconds,  the
                daemon should sleep while waiting for more infor-
                mation to be placed in the buffer file. IDLE_TIME
                also  determines how often the configuration file
                will be reread. The value of  IDLE_TIME  must  be
                between 1 and INT_MAX.

                The  nfslogd  periodically   cycles   its   logs.
                            MAX_LOGS_PRESERVE  specifies the max-
                imum  number  of  log   files   to   save.   When
                MAX_LOGS_PRESERVE  is  reached,  the oldest files
                will be overwritten as new log files are created.
                These   files   will  be  saved  with  a numbered
                extension,   beginning   with   filename.0.   The
                oldest file will have the highest numbered exten-
                sion   up   to   the   value    configured    for
                MAX_LOGS_PRESERVE. The value of MAX_LOGS_PRESERVE
                must be between 1 and INT_MAX.

                Specifies how often, in hours, the log files  are
                cycled.  CYCLE_FREQUENCY  is  used to insure that
                the log files do not get too large. The value  of
                must be between 1 and INT_MAX.

                Specifies the time interval, in seconds,  between
                updates of the records in the file handle to path
                mapping tables. Instead of updating the atime  of
                a record each time that record is accessed, it is
                only updated if it has aged based on this parame-
                ter.  The   record  access   time  is used by the
                pruning routine to determine whether  the  record
                should  be   removed   from   the  database.  The
                value of this parameter must  be  between  1  and

                Specifies when a database   record   times   out,
                in                   hours.   If  the  time  that
                elapsed since the record  was  last  accessed  is
                greater  than  PRUNE_TIMEOUT then  the record can
                be pruned from the database.  The  default  value
                for  PRUNE_TIMEOUT  is  168 hours (7
                 days).   The  value  of  PRUNE_TIMEOUT  must  be
                between 1 and INT_MAX.


     The following exit values are returned:

          0     Daemon started successfully.

          1     Daemon failed to start.






     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWnfssu                   |


     share_nfs(1M), nfslog.conf(4), attributes(5)

Man(1) output converted with man2html