nfswatch - Monitor an NFS server
The nfswatch command can usually be run without arguments and will produce useful results. However, for those occasions when the defaults are not sufficient, the following options are provided: Monitors packets destined for dsthost instead of the local host. Restricts packets being counted to those sent by srchost. Restricts packets being counted to those sent to or from serverhost. Specifies to monitor packets to and from all NFS servers on the local network. Specifies the packet filter interface from which to read packets. You can specify interfaces either by their actual names (such as ln0) or by their generic packet filter interface names (pfn, where n is an integer). By default, pf0 (the first configured interface that supports the packet filter) is used. Reads packets from all configured network interfaces, instead of a single device. The first ten pf devices (0-9) are checked, and if configured, will be monitored. Reads a list of file names (one per line) from filelist and monitors the NFS traffic to these files in addition to the normal monitoring of exported file systems. When logging, writes information to the file logfile. The default is nfswatch.log. Writes snapshots to the file snapfile. The default is nfswatch.snap. Reads a list of device names and file system names (one pair per line) from mapfile and translates from one to the other when displaying file system names. Terminates execution after running for maxtime seconds. This is primarily for use with the -bg option. Sets the cycle time (interval length) to timeout seconds. The default is 10. The cycle time may also be adjusted from the command prompt. Displays the file system NFS monitoring data instead of the individual file data. This option is meaningful only if specified with the -f filelist option. The display may also be controlled from the command prompt. Displays the individual file NFS monitoring data instead of the file system data. This option is meaningful only if specified with the -f filelist option. The display may also be controlled from the command prompt. Displays statistics on authentication packets (individual users). Displays statistics on NFS procedures (RPC calls) instead of per-file or per-file system data. Displays statistics on NFS client operation rates instead of per-file or per-filesystem data. Sets file system, procedure, or client display to be sorted in declining order of percent usage. By default, the display is sorted alphabetically. This may also be toggled from the command prompt. Turns on logging at startup time. Logging is turned off by default, but may be enabled from the command prompt. Starts as a daemon, running in the background. No screen updates will be performed; all data will be written to the log file only. When started with this option, nfswatch will print the process id of the daemon process. To terminate nfswatch, send the process a SIGTERM signal, or use the -T option to set the maximum execution time.
The nfswatch program monitors all incoming network traffic to an NFS file server and divides it into several categories. The number and percentage of packets received in each category is displayed on the screen in a continuously updated display. The screen is updated every ten seconds by default; this time period is called an interval.
Your kernel must be configured with the packetfilter option. (See packetfilter(7).) After kernel configuration, any user can invoke nfswatch once the superuser has enabled promiscuous-mode operation using the following pfconfig command: # pfconfig +p +c interface
By default, nfswatch monitors all packets destined for the current host. An alternate destination host to watch for may be specified using the -dst argument. If a source host is specified with the -src argument, then only packets arriving at the destination host which were sent by the source host are monitored. Traffic between a specific server and its clients may be watched by specifying the name of the server with the -server argument. If the -all argument is given, then all NFS traffic on the network is monitored. It is usually desirable to specify the -all option whenever using the -server option.
The nfswatch screen is divided into the following three parts: The first part, at the top of the screen, is made up of three lines. The first line displays the name of the host being monitored, the current date and time, and the time elapsed since the start of monitoring.
When logging is on, nfswatch writes one entry to the log file each interval. The information printed to the log file is easily readable, and basically contains a copy of all information on the screen. Additionally, any NFS traffic to file systems or individual files which was not printed on the screen (due to space limitations) is printed in the log file. Finally, in the log file, the NFS traffic to file systems and individual files is further broken down into counts of how many times each specific NFS procedure was called.
The information in the nfswatch log file can be summarized easily using the nfslogsum program.
The nfswatch utility also allows several commands to be entered at its prompt during execution. The prompt is displayed on the last line of the screen. For most commands, feedback describing the effect of the command is printed on the same line as the prompt. The commands are: Clears and redraws the screen. Switches the display to show statistics on individual users. Switches the display to show statistics on NFS client hosts instead of per-file or per-filesystem information. Toggles the display of mounted file systems and the display of individual files in the NFS packet monitoring area. This command is only meaningful if the -f filelist option was specified on the command line. (If the display is showing NFS procedures or clients, then this command switches the display to show file systems.) Switches the display to show statistics on NFS procedures instead of per-file or per-filesystem information. Toggles the logging feature. If logging is off it is started; if logging is on, it is turned off. Toggles display of host names or host numbers in client mode. By default, client mode displays host names. However, this may not be sufficient for determining the names of unknown remote hosts, since domain names are not displayed. This command tells nfswatch to display host numbers instead, enabling each host to be uniquely identified. Takes a snapshot of the current screen and saves it to a file. This is useful to record occasional copies of the data when the log file is not needed. Toggles the sort key for the display of mounted file systems in the NFS packet monitoring area. By default, these are sorted by file system name, but they can also be sorted in declining order of percent usage. Decreases the cycle time (interval length) by ten seconds. This takes effect after the next screen update. Increases the cycle time (interval length) by ten seconds. This takes effect after the next screen update. Decreases the cycle time (interval length) by one second. This takes effect after the next screen update. Increases the cycle time (interval length) by one second. This takes effect after the next screen update. Scrolls forward through the bottom part of the display, if there are files/file systems/clients/procedures not being displayed due to lack of space. Scrolls backward. Exits nfswatch. Using the interrupt key will also cause nfswatch to exit.
Typing any other character will cause a help screen to be displayed.
Commands: pfstat(1), nfslogsum(8), pfconfig(8), tcpdump(8).
Networking: bpf(7), packetfilter(7). delim off