beautypg.com

Consolidating log information of zones, Monitoring zone workload, Extended accounting with zones – Sun Microsystems SOLARIS 10 User Manual

Page 63: Auditing operations in the zone

background image

Version 3.1-en

Solaris 10 Container Guide - 3.1 4. Best Practices

Effective: 30/11/2009

4.5.2. Consolidating log information of zones
[dd] The use of zones as a runtime environment for services leads to an increase in the number of
operating system environments that are part of an architecture. Although this is intended for reasons
of enclosure or modularization of applications, it can lead to another problem.

Since each zone and its applications maintain their own log files, these are now present in larger
quantities. As a result, the analysis of log files for the entire architecture as a whole can be achieved
only with increased effort.

Log information can be consolidated by NFS, with a syslog server, by file synchronization or with
application-specific means.

1. To summarize log information by NFS, the following procedure can be used:

1. Log files are written directly in the local file system via the applications in the local zones

(if applicable, observe or organize the rotation of log files).

2. The relevant log files forming all local zones of a system are collected centrally in the

global zone. They can be collected on an NFS directory that is mounted in the global
zone only. The transparent remote access to zone data can be achieved by means of the
zone concept (e.g. access to //root/var/log/logfile.log).

3. All log files belonging to an architecture can be accessed where one or all NFS

directories of all global zones are available.

2. Log files are first copied to a local file system like in 1. and then transferred to a remote

system by means of rcp, rdist, scp or ssh. This variant can have security risks due to
the use of the copy mechanism.

3. The syslogd can send log information directly to a remote system which can be the global

zone or a central system in the network.

4.5.3. Monitoring zone workload
[ug] With the prstat command (since Solaris 8), processes with the highest workload can be
viewed similar to the command top, which is well-known on other platforms. In Solaris 10, the
command prstat has been extended by the option -Z, which allows the user to see a summary
display of the workload for each zone (even the global zone). Thus, zone status is easy to monitor.

4.5.4. Extended accounting with zones
[ug] Extended accounting was introduced with Solaris 9 as a complement to the traditional Unix
accounting. In extended accounting the data fields to be recorded can be selected from a superset of
fields. Solaris 10 also provides the name of the zone as an additional optional data field.

Therefore, extended accounting can be configured in the global zone such that the zone name is
written together with each accounting data set. The data (e.g. CPU time used) can be summarized
separately according to zones and can be fed into capacity planning or accounting.

4.5.5. Auditing operations in the zone
[dd] Auditing can be used to monitor system activities. A system audit takes place in the global zone.
The audit can also be configured to monitor activities in a local zone. Additionally the administrator of
a zone is able to monitor a zone's user processes. Auditing in local zones cannot monitor kernel
activities but user activities within the zones.

56