The default output is a sorted list of clients, one per line, showing the number of I/Os, number and size of READ and WRITE requests, the number of "suspicious" events, and the IP address and user account of the client. The statistics are normalized to values per second. A single client may have more than one entry if it is multiplexing multiple users on a single connection, as is frequently the case when a Windows Terminal Server connects to the filer.
This command relies on data collected when the cifs.per_client_stats.enable option is "on", so it must be used in conjunction with that option. Administrators should be aware that there is overhead associated with collecting the per-client stats. This overhead may noticeably affect filer performance.
ops Sort by number of operations per second of any type.
reads
Sort by kilobytes per second of data
sent in response to read requests.
writes
Sort by kilobytes per second of data
written to the filer.
ios Sort by the combined total of reads plus writes for each client.
suspicious
Sort by the number of "suspicious"
events sent per second by each client.
"Suspicious" events are any of the
following, which are typical of the
patterns seen when viruses or other
badly behaved software/users are
attacking a system:
ACCESS_DENIED returned for FindFirst ACCESS_DENIED returned for Open/CreateFile ACCESS_DENIED returned for DeleteFile SUCCESS returned for DeleteFile SUCCESS returned for TruncateFile
smooth
Use a smoothed average which is
weighted towards recent behavior but
takes into account previous history of
the client.
now Use a one-second sample taken immediately. No history is taken into account.
total
Use the total count of each statistic
divided by the total time since sampling
started. If the -v option is
also used, the totals are given without
dividing by the sample time.
toaster> cifs top -n 3 -s w ops/s reads(n, KB/s) writes(n, KB/s) suspect/s IP Name 263 | 29 215 | 137 627 | 0 | 10.56.10.120 ENGR\varun 248 | 27 190 | 126 619 | 1 | 10.56.10.120 ENGR\jill 246 | 26 195 | 125 616 | 19 | 10.56.12.118 MKTG\bob
toaster> vfiler run vfiler0 cifs top