Unsolved
This post is more than 5 years old
13 Posts
0
1633
What means "NFS suspicious calls" on NFS statistics ?
Hello friends,
does anybody knows what means NFS suspicious calls on NFS statistics output ?
thanks in advance
Unsolved
This post is more than 5 years old
13 Posts
0
1633
Hello friends,
does anybody knows what means NFS suspicious calls on NFS statistics output ?
thanks in advance
Top
silvam2BRA
13 Posts
0
July 9th, 2013 06:00
Hi,
we have zero number there, I think that sounds good.
It was just a curiosity.
silvam2BRA
13 Posts
0
July 9th, 2013 06:00
Hi Rainer,
I found something interesting:
TopTalker Suspicious Events:
One of the TopTalker output columns lists Suspicious Ops/second. “Suspicious" events are any of the following, which are typical of the patterns seen when viruses or other badly behaved software/users are attacking a system:
CIFS events:
o ACCESS_DENIED returned for FindFirst,
o ACCESS_DENIED returned for Open/CreateFile,
o ACCESS_DENIED returned for DeleteFile,
o SUCCESS returned for DeleteFile,
o SUCCESS returned for TruncateFile (size=0),
NFSv2/v3/v4 events:
o NFSERR_ACCES returned for NFS OPEN/LOOKUP/CREATE/DELETE,
o NFSERR_ACCES returned for READDIR/READDIRPLUS
o NFS_OK for NFS REMOVE,
o NFS_OK for NFS SETATTR (size=0)
IP address NFS NFS NFS NFS NFS NFS NFS NFS
Timestamp Total Read Write Suspicious Total Read Write Avg
Ops/s Ops/s Ops/s Ops KiB/s KiB/s KiB/s uSec/call
Note: You may also see a summary called “suspectCalls”
Rainer_EMC
8.6K Posts
0
July 9th, 2013 06:00
Are you getting any non-zero numbers there ?
Rdamal
165 Posts
0
November 30th, 2017 18:00
I see non-zero number in suspicious ops column on a Celerra. But the top talker doesn't seem to have any issues with access denial. Is it really bad to have non-zero val in this column ?