What means "NFS suspicious calls" on NFS statistics ?

Hi,

we have zero number there, I think that sounds good.

It was just a curiosity.

Hi Rainer,

I found something interesting:

TopTalker Suspicious Events:
One of the TopTalker output columns lists Suspicious Ops/second. “Suspicious" events are any of the following, which are typical of the patterns seen when viruses or other badly behaved software/users are attacking a system:

CIFS events:
o ACCESS_DENIED returned for FindFirst,
o ACCESS_DENIED returned for Open/CreateFile,
o ACCESS_DENIED returned for DeleteFile,
o SUCCESS returned for DeleteFile,
o SUCCESS returned for TruncateFile (size=0),

NFSv2/v3/v4 events:
o NFSERR_ACCES returned for NFS OPEN/LOOKUP/CREATE/DELETE,
o NFSERR_ACCES returned for READDIR/READDIRPLUS
o NFS_OK for NFS REMOVE,
o NFS_OK for NFS SETATTR (size=0)

IP address   NFS  NFS      NFS    NFS           NFS   NFS    NFS  NFS
Timestamp  Total  Read     Write  Suspicious  Total   Read   Write  Avg
                  Ops/s  Ops/s  Ops/s  Ops            KiB/s  KiB/s  KiB/s  uSec/call
Note: You may also see a summary called “suspectCalls”

Are you getting any non-zero numbers there ?