El Lun 24 Sep 2007, Albert Shih escribió:
>  Le 23/09/2007 à 00:27:15-0700, Martin Alejandro Paredes Sanchez a écrit
> I've two servers :
>       Server A (NFS) --- NFS -- Server B
> On server A there one service is NFS, and server B is it's client.
> On server B I've lot of users, some users make very huge transfert throught
> NFS (what I don't want), huge = ~ 10-100 Go in one time (big file).
> I want to known who did this, because I've lot of users it's not easy to
> known when I'm using top/ps to known who did this (sometime it's the output
> of some scientifique software).
> The solution you give me can tell me the name of server B, but this thing I
> known it ;-), what I want to known is WHO on server B.

Ok, that change the problem, but I think tcpdump is still usefull, only if the 
the problem is caused when a user copy one huge file in one time, this 
because I assume 1 socket is created for each file copied (I am not an expert 
in NFS)

In computer B run this command (piped) as root

tcpdump -c 100 -nq dst port nfs and dst host serverB
nawk 'BEGIN {FS="[ .]"}{print $8}'
nawk '{packets[$1]++} END{for (ip in packets){print packets[ip], ip}}'
sort -rn

In the last line will appear socket number that generate more packets, 
something like this:


To know who has that socket, run

# sockstat -4c | grep ":59891"
martin   kdeinit    1173  9  tcp4

The first column is the user, lets see what is doing

# ps -wxU martin

> Do you think I need to use dark side of the force....I known it's not more
> powerful, but it's more easy ;-)

You mean windows (for the easy), NNOOOO.

If the problem is caused, because the user is copying a folder

cp  ~/MySmallFiles/*  /serverB/dest/

maybe, each file will create a different socket, because of that, you will 
need to translate each socket to a user before counting the packets, I think 
that is a job for perl, phyton or something like that.

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to