SUMMARY: nfswatch outputs all zeroes

From: Ole Holm Nielsen (Ole.H.Nielsen_at_fysik.dtu.dk)
Date: 11/24/05

  • Next message: Nikola Milutinovic: "How to get shlib version number?" 
    Date: Thu, 24 Nov 2005 13:41:20 +0100
To: tru64-unix-managers@ornl.gov

    I received helpful answers from a number of people regarding
    the non-working nfswatch utility:

    1. It is necessary to enable promiscuous mode on the network interface
         using "pfconfig +p +c interface". The "nfswatch" manual is
         misleading, since the pfconfig is required also for the "root"
         superuser to use nfswatch.

    2. The packetfilter devices must be created if they don't exist:
         cd /dev; MAKEDEV pfilt

    3. The Tru64 UNIX nfswatch utility is outdated (useless ?) since
         it only handles NFSv2 traffic. This nfswatch cannot handle
         NFS over TCP nor NFSv3. There is an nfswatch project on
         SourceForge at http://sourceforge.net/projects/nfswatch/
         but it doesn't seem to support Tru64 UNIX.

    4. Since nfswatch is broken, only tcpdump can give you some information.
         Eric Werme sent me a tcpdump command to try, and this finally
         allowed me to get the information about NFS clients that I needed.
         I've turned this into a little script "nfsdump" (see below) which
         may be used as a "poor man's nfswatch".

    Original question:
    > We have an NFS overload situation of our Tru64 v5.1B server, and we
    > need to run the "nfswatch" utility to identify the misbehaving NFS
    > clients.
    >
    > Unfortunately, "nfswatch --allif" shows almost exclusively zero
    > NFS traffic, although the server in reality is being killed by
    > NFS traffic (the disk subsystem does 800 SCSI transfers/sec).
    >
    > Question: Does anyone which special tricks are required in order
    > to make "nfswatch" behave correctly (the way it does on other
    > UNIXes) ? I do have "options PACKETFILTER" defined in the kernel
    > config file.

    Thanks to:
    allan@physics.umn.edu
    werme@zk3.dec.com
    farrell@pangea.Stanford.EDU
    bard.tesaker@nt.ntnu.no 

    -- 
Ole Holm Nielsen
Department of Physics, Technical University of Denmark
The script nfsdump:
-------------------
#!/bin/sh
# Dumping NFS client packets as a replacement for broken nfswatch
if test $# -ne 2
then
         echo Usage: $0 interface-name number-of-packets
         exit 1
fi
INTERFACE=$1
COUNT=$2
# Minimum number of calls which we bother to list
MINCALLS=10
TCPDUMP="/usr/sbin/tcpdump"
TCPDUMP_ARGS="-ts300 port 2049"
echo "Doing tcpdump of $COUNT packets on interface $INTERFACE and listing NFS 
calls (over $MINCALLS)"
$TCPDUMP -i $INTERFACE -c$COUNT $TCPDUMP_ARGS | grep call | \
awk '{ match($1, "[.][^.]+$"); print substr($1, 1, RSTART-1) }' | \
sort | uniq -c | sort -n +1 | \
awk -v MINCALLS=$MINCALLS '{if($1>=MINCALLS) print $0}'
  • Next message: Nikola Milutinovic: "How to get shlib version number?"