Sun Microsystems 10 manual Consolidating log information of zones, Monitoring zone workload

4.5.2. Consolidating log information of zones

[dd]The use of zones as a runtime environment for services leads to an increase in the number of operating system environments that are part of an architecture. Although this is intended for reasons of enclosure or modularization of applications, it can lead to another problem.

Since each zone and its applications maintain their own log files, these are now present in larger quantities. As a result, the analysis of log files for the entire architecture as a whole can be achieved only with increased effort.

Log information can be consolidated by NFS, with a syslog server, by file synchronization or with application-specific means.

1.To summarize log information by NFS, the following procedure can be used:

1.Log files are written directly in the local file system via the applications in the local zones (if applicable, observe or organize the rotation of log files).

2.The relevant log files forming all local zones of a system are collected centrally in the global zone. They can be collected on an NFS directory that is mounted in the global zone only. The transparent remote access to zone data can be achieved by means of the zone concept (e.g. access to /<zonepath>/root/var/log/logfile.log).

3.All log files belonging to an architecture can be accessed where one or all NFS directories of all global zones are available.

2.Log files are first copied to a local file system like in 1. and then transferred to a remote system by means of rcp, rdist, scp or ssh. This variant can have security risks due to the use of the copy mechanism.

3.The syslogd can send log information directly to a remote system which can be the global zone or a central system in the network.

4.5.3.Monitoring zone workload

[ug] With the prstat command (since Solaris 8), processes with the highest workload can be viewed similar to the command top, which is well-known on other platforms. In Solaris 10, the command prstat has been extended by the option -Z, which allows the user to see a summary display of the workload for each zone (even the global zone). Thus, zone status is easy to monitor.

4.5.4. Extended accounting with zones

[ug] Extended accounting was introduced with Solaris 9 as a complement to the traditional Unix accounting. In extended accounting the data fields to be recorded can be selected from a superset of fields. Solaris 10 also provides the name of the zone as an additional optional data field.

Therefore, extended accounting can be configured in the global zone such that the zone name is written together with each accounting data set. The data (e.g. CPU time used) can be summarized separately according to zones and can be fed into capacity planning or accounting.

4.5.5. Auditing operations in the zone

[dd]Auditing can be used to monitor system activities. A system audit takes place in the global zone. The audit can also be configured to monitor activities in a local zone. Additionally the administrator of a zone is able to monitor a zone's user processes. Auditing in local zones cannot monitor kernel activities but user activities within the zones.

56