Novell Home

Monitoring eDirectory

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 18 May 2005
 

Note: This article is adapted from the BrainShare 2005 presentation TUT280.

Monitoring eDirectory with SNMP

eDirectory has a MIB (Management Information Base) that can help you monitor events. eDirectory events can be published as SNMP traps, which can be configured dynamically. The standard SNMP format is used and as many as 119 traps are supported.

The SNMP traps provide the following statistics:

  • Protocols - NLDAP and LDAP
  • Cache - Usage and configuration
  • Server interactions for last "N" active interactions

The MIB can be used with any third-party monitoring console.

Figure 1 - SNMP flow for monitoring eDirectory

Installing and Configuring SNMP for eDirectory

You need to use a supported SNMP package for eDirectory On Linux, that would be ncd-snmp-4.2.1-7.rpm or later. Be sure to install the package using YaST or rpm tools.

There are three basic parts to the configuration:

  • Configuring the master agent
  • Configuring the sub-agent
  • Dynamic configuration

Configuring the Master Agent

  1. Create the SNMP group object: ndsconfig add ?m <modulename> -a <userFDN> For example: ndsconfig add ?m snmp ?a admin.novell
  2. Configure snmp.conf
  3. Enter the host name. For example, trapsink myserver public
  4. Add the following line: master agentx
  5. Start the master agent: /usr/sbin/snmpd

Configuring the Subagent

  1. Configure /etc/ndssnmp/ndssnmp.conf. If you make changes to this file, you must restart the subagent.
  2. Make sure the following command is used: SERVER hostname/ipaddr. Note that only the locally installed eDirectory server is supported.
  3. Start the sub-agent: /usr/sbin/snmpd

Dynamic Configuration

You can use dynamic configuration at any time after the directory service is running. The command to use is:

ndssnmpconfig ?h [hostname[:port]] ?p <password> ?a <userFDN> ?c <command>

With dynamic configuration, you can:

  • Enable and disable traps
  • Set a time interval for individual trap
  • s
  • Set a default time interval
  • List all traps enabled for failure operations
  • List traps that meet certain criteria
  • Reconfigure from ndstrap.cfg

Sub-agent and Trap Modules

The subagent module is "NOVLsubag". It is installed as part of eDirectory installation, and it is configured using /etc/ndssnmp/ndssnmp.cfg. You must include the path of the trusted root certificate file SSLKEY.

The sub-agent monitors only the server on same machine. It limits additional network traffic, and it works with the master agent that is available with OS. Note that the SNMP version is subject to the supported version of the OS. The sub-agent also requires user credentials.

The trap module is "NOVLsnmp". It can:

  • Configure traps using the SNMPGroup object
  • Be configured to send on failures
  • Be configured to send only once in a specified time interval

To set up the trap module, use iManager or the ndssnmpcfg utility. The configuration can be shared by multiple servers.

Here is an example:

Trap number 51

ndsChangePassword	TRAP-TYPE   
			ENTERPRISE  ndsMIB
			VARIABLES  
				{
					ndsTrapTime,
					ndsEventType, 
					ndsResult,
					ndsPerpetratorName,
					ndsTransportAddress,
					ndsProcessID,
					ndsVerbNumber,
					ndsEntryName,
					ndsServerName2
	                       	}
			DESCRIPTION
                                "Changing Password"
  			::= 51

The figure below illustrates the SNMP setup in iManager.

Figure 2 - SNMP setup screen in iManager

iMonitor

iMonitor is a tool for diagnosing and monitoring eDirectory. Its architecture is built on the following three components:

  • NDS Information Gathering Agent - Queries eDirectory to retrieve raw data
  • HTTP Stack - No additional web server needed
  • HTML Emitter - Presents data to browser

Modes of Operation

There are two basic operation modes for iMonitor: proxy mode and direct mode. Proxy mode gathers data from the server and eDirectory versions not running iMonitor. It does not access all features, as some are server-centric. There is a single point of access for remote monitoring. You get server-centric information only where iMonitor installed.

In direct mode, all information displayed is for the server being accessed. This includes data from features such as DSTrace, DSRepair, and the Background Process Schedule.

Configuration

There are two parts to configure for iMonitor - NDSIMON and NDSIMONHEALTH.

NDSIMON (/usr/lib/imon/ndsimon.conf) is used to do the following things:

  • Configure file locations for documentation, traces, etc.
  • Set the HTTP port
  • Trace file size
  • Make NIC address assignments
  • Determine timeouts for interactive connections
  • Set the maximum number of concurrent trace files

NDSIMONHEALTH (/usr/lib/imon/ndsimon.conf) is used to do the following things:

  • Configure settings for the Agent Health page
  • Set reporting levels and ranges
  • Set server reporting levels

To test configurations on a temporary basis, use this command:

http://:/ndsimon/config/set?parameter=value

To list available parameters, use this command:

http://:/ndsimon/config/get

The available iMonitor options are listed below. Warning: Use these with caution, as they may cause damage to your tree.

  • Send entry to Replicas
  • Mutate Entry
  • Remove Entry
  • Timestamp Entry
  • Reset Schema
  • Request Schema


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell