How can I identify who is writing to NFS server and where are these writes coming from?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
Our CentOS6 NFS export is near 100% capacity. We've turned off NFS for now and are trying to move data around. I temporarily turned it back on with logging on and was surprised to see data roaring back into the NFS directories. There's no information in the log about who is doing the writing. I'd like to find out where these writes are coming from, who is doing them, and which directory they're writing to. Unfortunately, the logs don't really show me the identities of who/where they are coming from. Any hints on how to get that information?
Thanks in advance!
centos raid nfsv4
add a comment |Â
up vote
2
down vote
favorite
Our CentOS6 NFS export is near 100% capacity. We've turned off NFS for now and are trying to move data around. I temporarily turned it back on with logging on and was surprised to see data roaring back into the NFS directories. There's no information in the log about who is doing the writing. I'd like to find out where these writes are coming from, who is doing them, and which directory they're writing to. Unfortunately, the logs don't really show me the identities of who/where they are coming from. Any hints on how to get that information?
Thanks in advance!
centos raid nfsv4
There really isn't any way to find out who is writing to the export unless you're going to monitor processes on every machine that has the exports mounted. You candu /path/to/export | sort -rn > outputfile
on the machine which will output the largest file sizes to a file and you can review it to see what's taking up the space. Perhaps that will give you a better idea of what's happening.
â Nasir Riley
May 8 at 23:52
re-enable but firewall off and look for connection attempts in the fw logs? if a small enough ip pool, re-allow small blocks at a time until writes start flooding in...
â ivanivan
May 8 at 23:55
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
Our CentOS6 NFS export is near 100% capacity. We've turned off NFS for now and are trying to move data around. I temporarily turned it back on with logging on and was surprised to see data roaring back into the NFS directories. There's no information in the log about who is doing the writing. I'd like to find out where these writes are coming from, who is doing them, and which directory they're writing to. Unfortunately, the logs don't really show me the identities of who/where they are coming from. Any hints on how to get that information?
Thanks in advance!
centos raid nfsv4
Our CentOS6 NFS export is near 100% capacity. We've turned off NFS for now and are trying to move data around. I temporarily turned it back on with logging on and was surprised to see data roaring back into the NFS directories. There's no information in the log about who is doing the writing. I'd like to find out where these writes are coming from, who is doing them, and which directory they're writing to. Unfortunately, the logs don't really show me the identities of who/where they are coming from. Any hints on how to get that information?
Thanks in advance!
centos raid nfsv4
asked May 8 at 23:41
PolkaRon
74113
74113
There really isn't any way to find out who is writing to the export unless you're going to monitor processes on every machine that has the exports mounted. You candu /path/to/export | sort -rn > outputfile
on the machine which will output the largest file sizes to a file and you can review it to see what's taking up the space. Perhaps that will give you a better idea of what's happening.
â Nasir Riley
May 8 at 23:52
re-enable but firewall off and look for connection attempts in the fw logs? if a small enough ip pool, re-allow small blocks at a time until writes start flooding in...
â ivanivan
May 8 at 23:55
add a comment |Â
There really isn't any way to find out who is writing to the export unless you're going to monitor processes on every machine that has the exports mounted. You candu /path/to/export | sort -rn > outputfile
on the machine which will output the largest file sizes to a file and you can review it to see what's taking up the space. Perhaps that will give you a better idea of what's happening.
â Nasir Riley
May 8 at 23:52
re-enable but firewall off and look for connection attempts in the fw logs? if a small enough ip pool, re-allow small blocks at a time until writes start flooding in...
â ivanivan
May 8 at 23:55
There really isn't any way to find out who is writing to the export unless you're going to monitor processes on every machine that has the exports mounted. You can
du /path/to/export | sort -rn > outputfile
on the machine which will output the largest file sizes to a file and you can review it to see what's taking up the space. Perhaps that will give you a better idea of what's happening.â Nasir Riley
May 8 at 23:52
There really isn't any way to find out who is writing to the export unless you're going to monitor processes on every machine that has the exports mounted. You can
du /path/to/export | sort -rn > outputfile
on the machine which will output the largest file sizes to a file and you can review it to see what's taking up the space. Perhaps that will give you a better idea of what's happening.â Nasir Riley
May 8 at 23:52
re-enable but firewall off and look for connection attempts in the fw logs? if a small enough ip pool, re-allow small blocks at a time until writes start flooding in...
â ivanivan
May 8 at 23:55
re-enable but firewall off and look for connection attempts in the fw logs? if a small enough ip pool, re-allow small blocks at a time until writes start flooding in...
â ivanivan
May 8 at 23:55
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
1
down vote
I found some good answers in this AskUbuntu question.
I would stress the answer that uses:
iftop -P -i <interface name (e.g. enp1s0)>
to show traffic sorted by volume on a port and then uses:
sudo netstat -tup <port number>
to identify which PID is using which port.
Once you have the PID, you're home free.
add a comment |Â
up vote
0
down vote
I would suggest to use 'wireshark' tool to monitor network traffic. With filters set to show only NFS traffic you will be able to identify network hosts writing to your NFS server.
Wireshark is good. Maybe too good for this job. Don't misunderstand me, I mean well, but that program is a little complex to me at least.
â Vlastimil
May 9 at 11:06
Wireshark is very easy to use: Launch wireshark GUI. Select network card. Start capturing traffic. Select line marked with NFS. From context menu select apply it as filter. Write down displayed IP address, from context menu add it as exclude filter. Repeat it until list gets empy.
â John Doe
May 9 at 11:29
Put that to your answer.
â Vlastimil
May 9 at 11:54
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
I found some good answers in this AskUbuntu question.
I would stress the answer that uses:
iftop -P -i <interface name (e.g. enp1s0)>
to show traffic sorted by volume on a port and then uses:
sudo netstat -tup <port number>
to identify which PID is using which port.
Once you have the PID, you're home free.
add a comment |Â
up vote
1
down vote
I found some good answers in this AskUbuntu question.
I would stress the answer that uses:
iftop -P -i <interface name (e.g. enp1s0)>
to show traffic sorted by volume on a port and then uses:
sudo netstat -tup <port number>
to identify which PID is using which port.
Once you have the PID, you're home free.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
I found some good answers in this AskUbuntu question.
I would stress the answer that uses:
iftop -P -i <interface name (e.g. enp1s0)>
to show traffic sorted by volume on a port and then uses:
sudo netstat -tup <port number>
to identify which PID is using which port.
Once you have the PID, you're home free.
I found some good answers in this AskUbuntu question.
I would stress the answer that uses:
iftop -P -i <interface name (e.g. enp1s0)>
to show traffic sorted by volume on a port and then uses:
sudo netstat -tup <port number>
to identify which PID is using which port.
Once you have the PID, you're home free.
edited May 9 at 11:09
Vlastimil
6,3011146116
6,3011146116
answered May 9 at 6:05
mathew gunther
515
515
add a comment |Â
add a comment |Â
up vote
0
down vote
I would suggest to use 'wireshark' tool to monitor network traffic. With filters set to show only NFS traffic you will be able to identify network hosts writing to your NFS server.
Wireshark is good. Maybe too good for this job. Don't misunderstand me, I mean well, but that program is a little complex to me at least.
â Vlastimil
May 9 at 11:06
Wireshark is very easy to use: Launch wireshark GUI. Select network card. Start capturing traffic. Select line marked with NFS. From context menu select apply it as filter. Write down displayed IP address, from context menu add it as exclude filter. Repeat it until list gets empy.
â John Doe
May 9 at 11:29
Put that to your answer.
â Vlastimil
May 9 at 11:54
add a comment |Â
up vote
0
down vote
I would suggest to use 'wireshark' tool to monitor network traffic. With filters set to show only NFS traffic you will be able to identify network hosts writing to your NFS server.
Wireshark is good. Maybe too good for this job. Don't misunderstand me, I mean well, but that program is a little complex to me at least.
â Vlastimil
May 9 at 11:06
Wireshark is very easy to use: Launch wireshark GUI. Select network card. Start capturing traffic. Select line marked with NFS. From context menu select apply it as filter. Write down displayed IP address, from context menu add it as exclude filter. Repeat it until list gets empy.
â John Doe
May 9 at 11:29
Put that to your answer.
â Vlastimil
May 9 at 11:54
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I would suggest to use 'wireshark' tool to monitor network traffic. With filters set to show only NFS traffic you will be able to identify network hosts writing to your NFS server.
I would suggest to use 'wireshark' tool to monitor network traffic. With filters set to show only NFS traffic you will be able to identify network hosts writing to your NFS server.
answered May 9 at 11:02
John Doe
804
804
Wireshark is good. Maybe too good for this job. Don't misunderstand me, I mean well, but that program is a little complex to me at least.
â Vlastimil
May 9 at 11:06
Wireshark is very easy to use: Launch wireshark GUI. Select network card. Start capturing traffic. Select line marked with NFS. From context menu select apply it as filter. Write down displayed IP address, from context menu add it as exclude filter. Repeat it until list gets empy.
â John Doe
May 9 at 11:29
Put that to your answer.
â Vlastimil
May 9 at 11:54
add a comment |Â
Wireshark is good. Maybe too good for this job. Don't misunderstand me, I mean well, but that program is a little complex to me at least.
â Vlastimil
May 9 at 11:06
Wireshark is very easy to use: Launch wireshark GUI. Select network card. Start capturing traffic. Select line marked with NFS. From context menu select apply it as filter. Write down displayed IP address, from context menu add it as exclude filter. Repeat it until list gets empy.
â John Doe
May 9 at 11:29
Put that to your answer.
â Vlastimil
May 9 at 11:54
Wireshark is good. Maybe too good for this job. Don't misunderstand me, I mean well, but that program is a little complex to me at least.
â Vlastimil
May 9 at 11:06
Wireshark is good. Maybe too good for this job. Don't misunderstand me, I mean well, but that program is a little complex to me at least.
â Vlastimil
May 9 at 11:06
Wireshark is very easy to use: Launch wireshark GUI. Select network card. Start capturing traffic. Select line marked with NFS. From context menu select apply it as filter. Write down displayed IP address, from context menu add it as exclude filter. Repeat it until list gets empy.
â John Doe
May 9 at 11:29
Wireshark is very easy to use: Launch wireshark GUI. Select network card. Start capturing traffic. Select line marked with NFS. From context menu select apply it as filter. Write down displayed IP address, from context menu add it as exclude filter. Repeat it until list gets empy.
â John Doe
May 9 at 11:29
Put that to your answer.
â Vlastimil
May 9 at 11:54
Put that to your answer.
â Vlastimil
May 9 at 11:54
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f442656%2fhow-can-i-identify-who-is-writing-to-nfs-server-and-where-are-these-writes-comin%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
There really isn't any way to find out who is writing to the export unless you're going to monitor processes on every machine that has the exports mounted. You can
du /path/to/export | sort -rn > outputfile
on the machine which will output the largest file sizes to a file and you can review it to see what's taking up the space. Perhaps that will give you a better idea of what's happening.â Nasir Riley
May 8 at 23:52
re-enable but firewall off and look for connection attempts in the fw logs? if a small enough ip pool, re-allow small blocks at a time until writes start flooding in...
â ivanivan
May 8 at 23:55