nfslogd(1M)
NAME
nfslogd - nfs logging daemon
SYNOPSIS
/usr/lib/nfs/nfslogd
DESCRIPTION
The nfslogd daemon provides operational logging to the
Solaris NFS server. It is the nfslogd daemon's job to gen-
erate the activity log by analyzing the RPC operations pro-
cessed by the the NFS server. The log will only be gen-
erated for file systems exported with logging enabled.
This is specified at file system export time by means of
the share_nfs(1M) command.
Each record in the log file includes a time stamp, the IP
address (or hostname if it can be resolved) of the client
system, the file or directory name the operation was per-
formed on, and the type of operation. In the basic format,
the operation can either be an input (i) or output (o)
operation. The basic format of the NFS server log is compa-
tible with the log format generated by the Washington
University FTPd daemon. The log format can be extended to
include directory modification operations, such as mkdir,
rmdir, and remove. The extended format is not compatible
with the Washington University FTPd daemon format. See
nfslog.conf(4) for details.
The NFS server logging mechanism is divided in two phases.
The first phase is performed by the NFS kernel module, which
records raw RPC requests and their results in work buffers
backed by permanent storage. The location of the work
buffers is specified in the /etc/nfs/nfslog.conf file.
Refer to nfslog.conf(4) for more information. The second
phase involves the nfslogd user-level daemon, which period-
ically reads the work buffers, interprets the raw RPC infor-
mation, groups related RPC operations into single transac-
tion records, and generates the output log. The nfslogd dae-
mon then sleeps waiting for more information to be logged to
the work buffers. The amount of time that the daemon sleeps
can be configured by modifying the IDLE_TIME parameter in
/etc/default/nfslogd. The work buffers are intended for
internal consumption of the nfslogd daemon.
NFS operations use file handles as arguments instead of path
names. For this reason the nfslogd daemon needs to maintain
a database of file handle to path mappings in order to log
the path name associated with an operation instead of the
corresponding file handle. A file handle entry is added to
the database when a client performs a lookup or other NFS
operation that returns a file handle to the client.
Once an NFS client obtains a file handle from a server, it
can hold on to it for an indefinite time, and later use it
as an argument for an NFS operation on the file or direc-
tory. The NFS client can use the file handle even after the
server reboots. Because the database needs to survive server
reboots, it is backed by permanent storage. The location of
the database is specified by the fhtable parameter in the
/etc/nfs/nfslog.conf file. This database is intended for
the internal use of the nfslogd daemon.
In order to keep the size of the file handle mapping data-
base manageable, nfslogd prunes the database periodically.
It removes file handle entries that have not been accessed
in more than a specified amount of time.
The PRUNE_TIMEOUT configurable parameter in
/etc/default/nfslogd specifies the interval length between
successive runs of the pruning process. A file handle
record will be removed if it has not been used since the
last time the pruning process was executed.
Pruning of the database can effectively be disabled by set-
ting the PRUNE_TIMEOUT as high as INT_MAX.
When pruning is enabled, there is always a risk that a
client may have held on to a file handle longer than the
PRUNE_TIMEOUT and perform an NFS operation on the file han-
dle after the matching record in the mapping database had
been removed. In such case, the pathname for the file han-
dle will not be resolved, and the log will include the file
handle instead of the pathname.
There are various configurable parameters that affect the
behavior of the nfslogd daemon. These parameters are found
in /etc/default/nfslogd and are described below:
UMASK Sets the file mode for the log files, work buffer
files and file handle mapping database.
MIN_PROCESSING_SIZE
Specifies the minimum size, in bytes, that the
buffer file
must reach before processing the work
information and writing to the log file. The
value of MIN_PROCESSING_SIZE
must be between 1 and ulimit.
IDLE_TIME
Specifies the amount of time, in seconds, the
daemon should sleep while waiting for more infor-
mation to be placed in the buffer file. IDLE_TIME
also determines how often the configuration file
will be reread. The value of IDLE_TIME must be
between 1 and INT_MAX.
MAX_LOGS_PRESERVE
The nfslogd periodically cycles its logs.
MAX_LOGS_PRESERVE specifies the max-
imum number of log files to save. When
MAX_LOGS_PRESERVE is reached, the oldest files
will be overwritten as new log files are created.
These files will be saved with a numbered
extension, beginning with filename.0. The
oldest file will have the highest numbered exten-
sion up to the value configured for
MAX_LOGS_PRESERVE. The value of MAX_LOGS_PRESERVE
must be between 1 and INT_MAX.
CYCLE_FREQUENCY
Specifies how often, in hours, the log files are
cycled. CYCLE_FREQUENCY is used to insure that
the log files do not get too large. The value of
CYCLE_FREQUENCY
must be between 1 and INT_MAX.
MAPPING_UPDATE_INTERVAL
Specifies the time interval, in seconds, between
updates of the records in the file handle to path
mapping tables. Instead of updating the atime of
a record each time that record is accessed, it is
only updated if it has aged based on this parame-
ter. The record access time is used by the
pruning routine to determine whether the record
should be removed from the database. The
value of this parameter must be between 1 and
INT_MAX.
PRUNE_TIMEOUT
Specifies when a database record times out,
in hours. If the time that
elapsed since the record was last accessed is
greater than PRUNE_TIMEOUT then the record can
be pruned from the database. The default value
for PRUNE_TIMEOUT is 168 hours (7
days). The value of PRUNE_TIMEOUT must be
between 1 and INT_MAX.
EXIT STATUS
The following exit values are returned:
0 Daemon started successfully.
1 Daemon failed to start.
FILES
/etc/nfs/nfslogtab
/etc/nfs/nfslog.conf
/etc/default/nfslogd
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWnfssu |
|_____________________________|_____________________________|
SEE ALSO
share_nfs(1M), nfslog.conf(4), attributes(5)
Man(1) output converted with
man2html