Thread: Server monitoring (samba,NFS,telnet,ssh,ftp)

I have here lots of question
How can I monitor the status of my server? How can I know who are logged on in telnet,ssh etc and what resources are they using?

Samba (connected users, what resources are used)
-----smbstatus, ok.

NFS (IP add of the connected client, what resources are used)
-----netstat can see the IP but I have no idea how to get the resources that he is using.

ftp, telnet, ssh (username or IP, resources used)
-----netstat can get the IP. how to get the username or resources used?

I have seen a NAS that was able to do this. there's a section in their gui that you can view all the current status.
Maybe someone can help me out how to do this
thanks in advance for any help.

warren

How can I monitor the status of my server? How can I know who are logged on in telnet,ssh etc and what resources are they using?

Use w, who, last, lastcomm command. See url: http://www.cyberciti.biz/faqs/2006/0...-logged-in.php

Samba (connected users, what resources are used)
-----smbstatus, ok.

Yup use smbstatus command.

I have no idea about other stuff may be someone will help out

ok thanks sweta.
I tried w, who, last.
yes it shows who is logged on and the IP add but its hard to tell if its ssh or telnet.
see output below.
-bash-3.00# w
13:24:02 up 21:40, 4 users, load average: 0.00, 0.00, 0.00
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 09:54 0.00s 0.06s 0.00s w
admin pts/1 12:14 1:09m 0.00s 0.00s -bash
user2 pts/2 12:17 1:06m 0.02s 0.02s -bash
user1 pts/3 12:19 1:04m 0.00s 0.00s -bash

-bash-3.00# who
root pts/0 Jun 14 09:54 (192.168.100.170)
admin pts/1 Jun 14 12:14 (192.168.100.170)
user2 pts/2 Jun 14 12:17 (192.168.100.170)
user1 pts/3 Jun 14 12:19 (192.168.100.170)

-bash-3.00# netstat -t -u
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.100.163:ssh 192.168.100.170:1795 ESTABLISHED
tcp 0 0 192.168.100.163:telnet 192.168.100.170:1818 ESTABLISHED
tcp 0 0 192.168.100.163:telnet 192.168.100.170:1823 ESTABLISHED
tcp 0 0 192.168.100.163:ssh 192.168.100.170:1095 ESTABLISHED

with netstat results, I have the client IP add and the service used. two ssh and two telnet but the problem is, which users are using telnet or ssh?

thanks,
warren

ok, netstat -t -u -p (-p is available in netstat from net-tools) I am using BusyBox netstat
[root@wbeldadFC4 ~]# netstat -t -u -p
tcp 0 0 ::ffff:192.168.100.162:ssh ::ffff:192.168.10spserver ESTABLISHED 3021/sshd: user1 [p

[root@wbeldadFC4 ~]# who -a
user1 + pts/5 2006-06-14 13:59 00:16 3021 (192.168.100.170)

I have now the username, client IP and PID. maybe i can filter the PID in ps to get more info.
looks like this is ok for telnet, ssh, ftp. There's a tool "nu" for Netatalk.
whats left is NFS.
how do I know what resources NFS users are using?

thanks,
warren

The nfsstat command can be used to display statistics related to NFS activity

May be try out NFSwatch http://nfswatch.sourceforge.net/ for nfs.

For user monitor you need to use special tool called whowatch

Whowatch is an console, interactive users and process monitoring tool. It displays information about the users currently logged on to the machine, in real-time. Besides standard informations (login name, tty, host, user's
process), the type of the connection (ie. telnet or ssh) is shown. Display of users command line can be switch to tty idle time.

To install whowatch use command (if you are using debian):

Code:

apt-get install whowatch

Fedora user can use

Code:

yum install whowatch

See output:
http://www.cyberciti.biz/tips/wp-con...h-output-1.png

I tried nfswatch, its good but the information is more on monitoring packets and NFS read/write....
nfsstat is also on rpc,nfs statistics. whowatch looks good but its a complete application w/ menus.
I am looking only for, who logon and what share did he connect.
maybe in the log files, where can I find the log files for NFS?

NFS is a stateless protocol. This means that the file server stores no per-client information, and there are no NFS "connections". For example, NFS has no operation to open a file, since this would require the server to store state information (that a file is open; what its file descriptor is; the next byte to read; etc).

So you cannot get all the clients details.

back to work...
thanks for the good info tom. so, the point is we cannot know who open/deleted the files.
I'm just wondering how the other NAS get the info about the IP address of the client and the resource connected.
Maybe in the system log because there an info like,

Jun 19 12:10:13 localhost rpc.mountd: authenticated mount request from 192.168.100.162:720 for /mnt/NAS/public (/mnt/NAS/public)

client IP = 192.168.100.162
resource connected = /mnt/NAS/public
but its hard to get a string in a log file.

on NFS server.
showmount -a "List both the client hostname and mounted directory in host:dir format."
-bash-3.00# showmount -a
All mount points on NAS163:
*:/mnt/NAS/public
*:/mnt/NAS/share1/share1
192.168.100.162:*
192.168.100.164:*
192.168.100.171:*
---the client is there but how can I know which share is being mounted.

warren,

you can grep information:

Code:

grep  -i 'authenticated mount request' /var/log/message

Then you can use awk to separate information. If you see above information in your log file you can you can write a shell script to create report.

Let me know if this helps out or not