smb or nfs shares accessed through which subnets in isilon

So you are saying that your current NFS exports are to either a number of subnets, or a very large range of IPs and you'd like to narrow that down?  Is that your goal? 

Also, although SMB shares can be restricted based upon IP (as well), traditionally the only access control on SMB shares is via the Share's ACL.  Even then most customers using 'Everyone' - 'Full Control' and then restrict down access to the data using filesystem permissions.  It's really the best way to do it.

Anyway the best you can do is to sample over time and see who is connecting.

So you could run a command like this:

isilon-1# isi statistics client -nall --protocols smb2 --totalby remote_addr -z

Ops     In    Out  TimeAvg  Node  Proto  Class  UserName  LocalName     RemoteAddr     RemoteName

--------------------------------------------------------------------------------------------------

2.3k   5.1M   4.9M   8630.6     *      *      *         *          *  192.168.11.59  192.168.11.59

1.9k 502.7k   4.7M   8992.1     *      *      *         *          * 192.168.11.236 192.168.11.236

2.1k  12.3M 271.9k  16650.0     *      *      *         *          *  192.168.16.71  192.168.16.71

Or this:

isilon-1# isi statistics client -nall --protocols nfs3 --totalby remote_addr -z

Ops     In  Out  TimeAvg  Node  Proto  Class  UserName  LocalName     RemoteAddr          RemoteName

-----------------------------------------------------------------------------------------------------

4.2k 520.3k 4.8M   8529.4     *      *      *         *          * 192.168.12.118 dobiminer.vdc2.dobi

3.2k 407.9k 5.1M  15151.5     *      *      *         *          * 192.168.12.120 dobiminer.vdc2.dobi

Maybe set the output to csv or json, whatever is easiest for you to interpret.  Output the results to a text file and just keep appending to it.  Run maybe once every 30 minutes for a week?  Then single-instance the list. 

The problem with this?  It doesn't show you what share or export a given user or client system is connecting to, merely what protocol they're connecting with.

Alternatively InsightIQ can collect a good deal of this information and you could export it from there.

Last option, you could use showmount.  This works on some systems not on others.  So here I am looking at

isilon-1# isi statistics client -nall --protocols nfs3 --totalby local_addr -z

  Ops     In   Out  TimeAvg  Node  Proto  Class  UserName      LocalAddr      LocalName  RemoteName

---------------------------------------------------------------------------------------------------

446.4  57.0k  3.4M   7323.8     *      *      *         * 192.168.11.161 192.168.11.161           *

398.2  50.9k  3.2M   7876.1     *      *      *         * 192.168.11.163 192.168.11.163           *

413.0  52.6k 15.3M  46910.4     *      *      *         * 192.168.11.164 192.168.11.164           *

862.8 108.1k  7.1M  22902.5     *      *      *         * 192.168.11.165 192.168.11.165           *

415.6  51.4k  2.9M  12953.4     *      *      *         * 192.168.11.166 192.168.11.166           *

453.6  56.0k  3.3M  17188.5     *      *      *         * 192.168.11.167 192.168.11.167           *

755.2  94.7k  6.1M  14825.7     *      *      *         * 192.168.11.168 192.168.11.168           *

417.6  51.6k  2.8M  14851.2     *      *      *         * 192.168.11.169 192.168.11.169           *

isilon-1# showmount -a 192.168.11.161

All mount points on 192.168.11.161:

10.10.145.35:/ifs

10.10.145.35:/ifs/Engineering

10.10.145.41:/ifs

192.168.11.234:/ifs

192.168.12.102:/ifs/Engineering

192.168.12.118:/ifs

192.168.12.118:/ifs/Engineering

192.168.12.120:/ifs

192.168.12.120:/ifs/Engineering

192.168.16.70:/ifs

So this is telling me what systems are currently connecting, and what export they are connecting to.  You'd have to run this against each IP that customers can mount, run it frequently, and then single instance it, then group by either IP or by the path.

~Chris