Solaris Performance Tools Pdf Editor

This document is primarily written with reference to Solaris performance monitoring and tuning but these tools are available in other Unix variants & Linux also with slight syntax difference. Iostat, vmstat and netstat are three most commonly used tools for performance monitoring. These comes built in with the operating system and are easy to use.iostat stands for input output statistics and reports statistics for i/o devices such as disk drives. Vmstat gives the statistics for virtual Memory and netstat gives the network statistics. Following pages describes these tools and their usage for performance monitoring explains their syntax, examples and explanantion of results and solution for the common problems. Iostat – Input Output statistics iostat reports terminal and disk I/O activity and CPU utilization. The first line of output is for the time period since boot & each subsequent line is for the prior interval.

Kernel maintains a number of counters to keep track of the values. Iostat’s activity class options default to tdc (terminal, disk, and CPU). Yardi Voyager Training Download.

If any other option/s are specified, this default is completely overridden i.e. Iostat -d will report only statistics about the disks.

Solaris 10 systems need tuning and optimization in order to give the best performance given a certain system configuration and workload. The methods mentioned here are applicable to earlier Solaris versions and some other UNIX-based operating systems. Sun includes a number of utilities that can be used to monitor and.

Iostat syntax Basic synctax is iostat interval count option – let you specify the device for which information is needed like disk, cpu or terminal. Mirrorop Activation Key. (-d, -c, -t or -tdc ).

X options gives the extended statistics. Interval – is time period in seconds between two samples. Iostat 4 will give data at each 4 seconds interval. Count – is the number of times the data is needed.

Solaris System Logs May the source be with you, but remember the KISS principle;-) Solaris System Logs /var/cron/log A system log is a recording of certain events. The kind of events found in a system log is determined by the nature of the particular log and any configurations used to control those events that are logged. System logs are usually text files containing a timestamp and other information specific to the message or subsystem. One issue with log files is the difference between how Windows and UNIX each maintain open files.

In UNIX, although it is not possible to remove a file that is currently open, it is possible to rename that file. In Windows, it is necessary to manipulate the access control list (ACL) of the file before renaming the file; a simple rename fails. Both Windows and UNIX do share the behavior, if the file is open, and it is renamed, the process continues to write to that renamed file. In order for a process that keeps a file open to write to the original name, it must be restarted. Upon restart, the process creates a new file with the original name.

This is in contrast with processes, which open a file, write to it, and then close it. If the file was open at the time of the rename, the process continues to finish the write operation before closing the file descriptor. When the process is ready to write again, it writes to the original name, thus creating a new file.

Logs are rotated using -- a special utility introduced in Solaris 9. Top Visited Your browser does not support iframes. • 200000: • 200000: • 200000:;-) I vote for /var/log/cron.19990220, /var/log/ftp.19990220, /var/log/authlog.199902, etc. Do you have so many logs online that they need more than one flat directory? Then go one more level down, but not 4. Also, putting the timestamp in the filename makes restores and greps of the files less confusing. But I think the problem is even bigger than that.

Some log files grow VERY RAPIDLY -- many megabytes per day. Some grow very slowly. Authlog comes to mind. It's best to keep individual log files under some certain size. 1MB is great. 50MB is getting kinda big. But with these different growth rates, the tendency is to age some of them daily, others weekly, others yearly(!).

Then there's the annoying ones like wtmp that are binary. And let's not forget that some processes need to be restarted after a logfile move, while others don't. And some programs follow the paradigm 'my logfile must exist and be writable by me or else I will silently log nothing'. I've always considered writing some tool that would allow you to manage and age all your log files from one config file. Maybe the config file would be a table that lists the base logfile name, the interval at which it gets aged, the number of logs or amount of space to keep online before deleting them, etc. Anybody know of any such program?

It might be too much work for too little gain. The ultimate would be an ADAPTIVE process that keeps fewer old logs online if space is getting tight, etc. Personally I think an adaptive news expire program would be nice, too. I'll get right on these, as soon as I get this other stuff done for my boss.:-) Todd Williams Manager, Computer and Communication Systems MacNeal-Schwendler Corp.

('MSC'), 815 Colorado Blvd., Los Angeles, CA 90041 todd.williams@macsch.com (323)259-4973 geek n.: a carnival performer often billed as a wild man whose act usu. Includes biting the head off a live chicken or snake -Webster's New Collegiate Solaris systems use the /var directory to store logs and other local files so that the operating system can support other directories being mounted as read only, sometimes from file servers elsewhere on the network. The /var directory is thus often on a partition that is local to the system. All of the log files described below can be found in subdirectories under /var. There may be other application-specific log files that you will also need to inspect. However, it is beyond the scope of this implementation to describe all of the log files that you might want to inspect for your specific Solaris installation.

Because log files often provide the only indication of an intrusion, intruders often attempt to erase any evidence of their activities by removing or modifying the log files. For this reason, it is very important that your log files be adequately protected to make it as difficult as possible for intruders to change or remove then. See the practice for more information on this topic.

[PDF] Log Files Log file are used by the system and applications to record actions, errors, warnings, and problems. They are often quite useful for investigating system quirks, for discovering the root causes of tricky problems, and for watching attackers.

There are typically two types of log files in the Solaris Operating Environment: system log files which are typically managed by the syslog daemon and application logs which are created by the application. Set sys:coredumpsize = 0 Log Files Managed by syslog The syslog daemon receives log messages from several sources and directs them to the appropriate location based on the configured facility and priority. There is a programmer interface, syslog(), and a system command, logger, for creating log messages. The facility (or application type) and the priority are configured in the /etc/syslog.conf file to direct the log messages. The directed location can be a log file, a network host, specific users, or all users logged into the system. By default, the Solaris Operating Environment defines two log files in the /etc/syslog.conf file. The /var/adm/messages log files contains a majority of the system messages.

The /var/log/syslog file contains mail system messages. A third log file is defined but commented out by default.

It logs important authentication log messages to the /var/log/authlog file. Uncomment the following line in /etc/syslog.conf to enable logging these messages: Save the file and use the following command to force syslogd to re-read its configuration file: All of these files should be examined regularly for errors, warnings, and signs of an attack. This task can be automated by using log analysis tools or a simple grep command. Application Log Files Application log files are created and maintained by commands and tools without using the syslog system. The Solaris Operating Environment includes several commands that maintain their own log files. Here is a list of some of the Solaris Operating Environment log files: /var/adm/sulog messages from /usr/bin/su /var/adm/vold.log messages from /usr/sbin/vold /var/adm/wtmpx user information from /usr/bin/login /var/cron/log messages from /usr/sbin/cron The /var/adm/wtmpx file should be viewed with the last command.

#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) # kill -HUP `cat /etc/syslog.pid` The /var/adm/loginlog file does not exist in the default of the Solaris Operating Environment installation, but it should be created. If this file exists, the login program records failed login attempts. All of these logs should also be monitored for problems. Man Pages • last(1) • loginlog(4) • login(1) • logger(1) • sulog(4) • sysidtool(1M) • syslog(3) • syslogd(1) • syslog.conf(4) • sys-unconfig(1M) • vold(1M) This file is a catch-all log file for a number of messages from the UNIX kernel as well as for other logging applications such as syslogd. The file is formatted as an ASCII text file and entries are usually one record per line with new entries appended to the end of the file. The following is a sample excerpt from a messages file. Each pair of lines shown below appears as one line in the file: Oct 31 04:05:01 unix.fghij.net syslogd:restart Oct 31 04:05:02 unix.fghij.net named[112]: unapproved query from [10.10.0.1].32768 for 'loghost.local.net' Oct 31 04:05:02 unix.fghij.net named[112]: unapproved query from [10.10.0.1].32768 for 'loghost.local.net' Oct 31 04:05:42 unix.fghij.net printd[207]: send_job failed job 203 (lw_land@lw.fghij.net)check status Oct 31 04:06:00 unix.fghij.net sendmail[14602]: EAA14602: from=ih_cron, size=456, class=0, pri=30456.

Oct 31 04:06:01 unix.fghij.net sendmail[14604]: EAA14602: to=ih_cron, delay=00:00:01, xdelay=00:00:00. Oct 31 04:06:42 unix.fghij.net printd[207]: send_job failed job 203 (lw_land@lw.fghij.net) check status Oct 31 04:07:42 unix.fghij.net printd[207]: send_job failed job 203 (lw_port@lw.jghij.net)check status Note that the messages file can get very large quickly and should be rotated regularly to ensure that it does not consume too much local disk space.

Refer to for more information. The sulog file, /var/adm/sulog, is a log containing all attempts (whether successful or not) of the su command.

An entry is added to the sulog file every time the su command is executed. The fields in sulog are: date, time, successful (+) or unsuccessful (-), port, user executing the su command, and user being switched to. In the preceding example, all su attempts were successful, except for the attempt on 2/23 at 20:51, when user pete unsuccessfully attempted to su to user root. Look for entries where an unauthorized user has used the command inappropriately. The following entry shows a successful (indicated by +) su from user userid to root.

SU 03/31 12:52 + pts/0 -root Look for failed su attempts. SU 03/31 12:52 - pts/0 -root Look for su occurring at unusual times during the day (e.g., after hours, very early in the morning). SU 03/31 02:12 + pts/0 -root SU 11/04 09:43 +???