Topic
7 replies Latest Post - ‏2013-02-25T23:07:40Z by Trey
SystemAdmin
SystemAdmin
6772 Posts
ACCEPTED ANSWER

Pinned topic NFS log target-not logging at all

‏2013-02-21T22:27:33Z |
Hi,

I have created NFS log target.
Following has been created and status is 'UP' for corresponding objects -
1. enabled NFS client settings
2. Created NFS static mount
3. created log target for NFS.

Did a packet capture, I do not see any errors.
I could see traffic flowing from DP to NFS box.

BUT file is NOT getting created.
When I checked the NFS static Mount Status - I see
Files Opened for Read = 0
Files Opened for Write = 0
Files Currently Open = 0

Authorization on NFS is working. Because ealier, I have seen authorization error in packet capture. After providing root access to the DP user, I do not see that error. But file is not getting created.

I followed the instructions at
http://www-01.ibm.com/support/docview.wss?uid=swg21372185

Kindly suggest, what I am missing?
Updated on 2013-02-25T23:07:40Z at 2013-02-25T23:07:40Z by Trey
  • SystemAdmin
    SystemAdmin
    6772 Posts
    ACCEPTED ANSWER

    Re: NFS log target-not logging at all

    ‏2013-02-21T22:28:51Z  in response to SystemAdmin
    No errors in default log, neither on log Target nor on NFS static mount.
  • Trey
    Trey
    222 Posts
    ACCEPTED ANSWER

    Re: NFS log target-not logging at all

    ‏2013-02-22T02:17:50Z  in response to SystemAdmin
    I normally turn on the file system access option in the nfs settings, then via the cli try to copy files into and out of the nfs mount. Just try basic read/write actions to the nfs.

    If you can copy a test file into the nfs mount directory then move it from the nfs directory to say temporary:/// on the device via the devices cli then you can read. Likewise if you can put file there and try use the cli command 'show file' to view the contents of the file then you can write.

    At that point the log target should work. If it does not then you are reduced to starting a packet trace, filter on the nfs server ip, then enable the log target and capture the negotiation.

    Let me know if this does not help or what you find.

    • do not forget to disable the file system access feature when you are done.
    • SystemAdmin
      SystemAdmin
      6772 Posts
      ACCEPTED ANSWER

      Re: NFS log target-not logging at all

      ‏2013-02-22T17:45:11Z  in response to Trey
      THanks for your response.

      well, I tried to logon to NFS dir using CLI.

      Here is the output from cli

      +

      xi50(config)# dir
      Options:
      store:
      temporary:
      image:
      config:
      cert:
      dpcert:
      sharedcert:
      pubcert:
      tasktemplates:
      logtemp:
      logstore:
      audit:
      chkpoints:
      export:
      local:
      nfs-TestNFS:
      xi50(config)# dir TestNFS:

      % TestNFS: - No such file or directory
      xi50(config)# dir nfs-TestNFS:

      % nfs-TestNFS: - No such file or directory
      xi50(config)#
      +++++
      It shows nfs-TestNFS as directory but when I run
      dir nfs-TestNFS - says no such directory.

      I have turned ON Local Filesystem Access on NFS static mount configuration.

      Value in remote NFS Export is this - abc:/vol/apps/ServicebusDataPower01 (host is masked)
      Is there issue with lenght of export. I read somewhere it to be less than 12 characters.

      Trev - Kindly suggest, how can I write/read to NFS using cli.

      FYI - I was going through this (http://www-01.ibm.com/support/docview.wss?uid=swg21398114) to get some clues. And wanted to 'cd' to nfs direcoty and see, if I can put file there?
      • SystemAdmin
        SystemAdmin
        6772 Posts
        ACCEPTED ANSWER

        Re: NFS log target-not logging at all

        ‏2013-02-22T17:46:31Z  in response to SystemAdmin
        Well, I craeted another NFS static mount to eliminate 12 char. condition
        But no gain.

        ++++

        xi50(config)# dir
        Options:
        store:
        temporary:
        image:
        config:
        cert:
        dpcert:
        sharedcert:
        pubcert:
        tasktemplates:
        logtemp:
        logstore:
        audit:
        chkpoints:
        export:
        local:
        nfs-vNFS:
        xi50(config)# dir nfs-vNFS:

        % nfs-vNFS: - No such file or directory
        xi50(config)#
        ++++++
        • Trey
          Trey
          222 Posts
          ACCEPTED ANSWER

          Re: NFS log target-not logging at all

          ‏2013-02-22T19:21:33Z  in response to SystemAdmin
          I just ran a quick test on an nfs v3 mount to my 401 and 382 firmware devices and have no problems viewing the contents of the nfs mount.

          I used to see similar one off type problems back on older firmware like 381 and 382. This may not work but try to disable the nfs mount wait a minute then enable, or you can save config and reboot.

          If that does not fix it then maybe we can dig in a little deeper through a pmr and look at your mount settings on the server and device to see what is going on. Once we have this working then we can see about your log target and make sure this is the best option for you.

          I hope this helps.
          • SystemAdmin
            SystemAdmin
            6772 Posts
            ACCEPTED ANSWER

            Re: NFS log target-not logging at all

            ‏2013-02-22T20:33:49Z  in response to Trey
            Thanks Trey.

            Well, I had done that - disabling the nfs log target , nfs mount and nfs client setting and then enabling them (reverse order).
            Rebooted the appliance. But no gain.

            I am using XI50.4.0.2.10
            Build:220496

            Btw, when you said, make sure , nfs log target is the best option for you, do you recommend NOT using it( as a best practice ).

            AS of now, we have syslog over UDP. But our audit team suggested against UDP.
            Using syslog over TCP is an option, but syslogs are handled by another (UNIX) group and there is dependency on them to get the logs when in need.

            I mean, what things I should evaluate to decide whether NFS log target is a good option or not.
            I know, connectivity might be an issue and we should have secondary log target, if DP is not able to log on NFS for some reason.
            what else, should be considered?

            Thanks for your responses. They always have been helpful.
            • Trey
              Trey
              222 Posts
              ACCEPTED ANSWER

              Re: NFS log target-not logging at all

              ‏2013-02-25T23:07:40Z  in response to SystemAdmin
              Let me say that this is just a thought to consider based on experiences with other clients I have been lucky enough to work with.
              • DataPowers log targets need to be fast, I personally like a raid log target with something pulling the files off the device
              • If it must be network based then UDP is always faster and less overhead than anything TCP based
              • NFS is a heavy protocol for a log that can generate a lot of traffic
              • the nfs log target is built or resting on top of the nfs mount settings
              (for example if you use a static mount with a 10 second refresh policy and during peak time you are generating say 50 log events per second that is easily 500 lost messages, not to mention the over head of the nfs mount trying to disconnect/reconnect and further log messages lost. I just saw another thread post for a similar log target queue overflow today)

              In the 5.0 firmware TCP and UDP log targets are on equal footing and speed as we start reusing connections over TCP connections now. Prior to 5.0 you would have 1 TCP connection per log event in the case of syslog/tcp.

              I hope this does not scare you away, I have lots of clients using NFS log targets due to business needs and they have seriously high available mount servers and are operating over very nice low loss networks.

              Let me know if you open a pmr and we can try to dig into the mount point not working for you.
              It sounds like permissions on the server side but that is just an educated guess.