Table of Contents
The default output is a sorted list of clients, one per line, showing the number of I/Os, number and size of READ and WRITE requests, the number of "suspicious" events, and the IP address and user account of the client. The statistics are normalized to values per second. A single client may have more than one entry if it is multiplexing multiple users on a single connection, as is frequently the case when a Windows Terminal Server connects to the filer.
This command relies on data collected when the cifs.per_client_stats.enable option is "on", so it must be used in conjunction with that option. Administrators should be aware that there is overhead associated with collecting the per-client stats. This overhead may noticeably affect filer performance.
ops Sort by number of operations per second of any type.
Sort by kilobytes per second of data sent in response to read requests.
Sort by kilobytes per second of data written to the filer.
ios Sort by the combined total of reads plus writes for each client.
Sort by the number of "suspicious" events sent per second by each client. "Suspicious" events are any of the following, which are typical of the patterns seen when viruses or other badly behaved software/users are attacking a system:
ACCESS_DENIED returned for FindFirst ACCESS_DENIED returned for Open/CreateFile ACCESS_DENIED returned for DeleteFile SUCCESS returned for DeleteFile SUCCESS returned for TruncateFile
Use a smoothed average which is weighted towards recent behavior but takes into account previous history of the client.
now Use a one-second sample taken immediately. No history is taken into account.
Use the total count of each statistic divided by the total time since sampling started. If the -v option is also used, the totals are given without dividing by the sample time.
toaster> cifs top -n 3 -s w ops/s reads(n, KB/s) writes(n, KB/s) suspect/s IP Name 263 | 29 215 | 137 627 | 0 | 10.56.10.120 ENGR\varun 248 | 27 190 | 126 619 | 1 | 10.56.10.120 ENGR\jill 246 | 26 195 | 125 616 | 19 | 10.56.12.118 MKTG\bob
toaster> vfiler run vfiler0 cifs top
Table of Contents