From owner-freebsd-questions@FreeBSD.ORG Mon Sep 24 13:21:23 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F3B216A417 for ; Mon, 24 Sep 2007 13:21:23 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mesiob.obspm.fr (mesiob.obspm.fr [145.238.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id CEE6713C4A6 for ; Mon, 24 Sep 2007 13:21:22 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from localhost (pcjas.obspm.fr [145.238.2.126]) by mesiob.obspm.fr (8.13.4/8.13.4/SIO Observatoire de Paris) with ESMTP id l8ODLLIr011704; Mon, 24 Sep 2007 15:21:21 +0200 Date: Mon, 24 Sep 2007 15:21:21 +0200 From: Albert Shih To: Martin Alejandro Paredes Sanchez Message-ID: <20070924132121.GG42088@pcjas.obspm.fr> References: <20070920172428.GA90565@pcjas.obspm.fr> <20070921185934.GI7562@dan.emsphone.com> <20070921201756.GB85057@pcjas.obspm.fr> <200709230027.15813.mapsware@prodigy.net.mx> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200709230027.15813.mapsware@prodigy.net.mx> User-Agent: Mutt/1.5.16 (2007-06-09) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mesiob.obspm.fr [145.238.2.2]); Mon, 24 Sep 2007 15:21:21 +0200 (CEST) X-Virus-Scanned: ClamAV version 0.91.2, clamav-milter version 0.91.2 on mesiob.obspm.fr X-Virus-Status: Clean Cc: freebsd-questions@freebsd.org Subject: Re: How to know who use NFS. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Sep 2007 13:21:23 -0000 Le 23/09/2007 à 00:27:15-0700, Martin Alejandro Paredes Sanchez a écrit > > Use the force luke > > You only need 100 packets (you may decide to increase) that are directed to > your server, to the NFS daemon. > > tcpdump -c 100 -nq dst port nfs and dst host $HOST > > You don't need to interpret this info, you need to know who is originating the > traffic, lets extract the ip that are originating the traffic > > nawk 'BEGIN {FS="[ .]"; OFS="."} {print $4,$5,$6,$7}' > > But, who generate more traffic? > Lets count how many packets are originating each one of those ip > > nawk '{packets[$1]++} END{for (ip in packets){print packets[ip], ip}}' > > And order it > > sort -rn OK, but that's not I'm exactly I search. I ask again my question because It's seem my poor english make my question not clear. I've two servers : Server A (NFS) --- NFS -- Server B On server A there one service is NFS, and server B is it's client. On server B I've lot of users, some users make very huge transfert throught NFS (what I don't want), huge = ~ 10-100 Go in one time (big file). I want to known who did this, because I've lot of users it's not easy to known when I'm using top/ps to known who did this (sometime it's the output of some scientifique software). The solution you give me can tell me the name of server B, but this thing I known it ;-), what I want to known is WHO on server B. Do you think I need to use dark side of the force....I known it's not more powerful, but it's more easy ;-) Regads. JAS -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Heure local/Local time: Lun 24 sep 2007 15:12:56 CEST