NFS server logging provides records of NFS reads and writes, as well as operations that modify a file system. These records can be used to track access to information. In addition, the records can provide a quantitative way to measure interest in the information.
When a file system with logging enabled is accessed, the kernel writes raw data into a buffer file. This data includes the following:
Client IP address
UID of the requester
File handle of the file or directory object that is being accessed
Type of operation that occurred
The nfslogd daemon converts this raw data into ASCII records that are stored in log files. During the conversion, the IP addresses are modified to host names and the UIDs are modified to logins if the name service that is enabled can find matches. The file handles are also converted into path names. To accomplish the conversion, the daemon tracks the file handles and stores information in a separate file handle-to-path table. That way, the path does not have to be identified again each time a file handle is accessed. Because no changes to the mappings are made in the file handle-to-path table if nfslogd is disabled, you must keep the daemon running.