Novell Doc: Novell Access Manager 3.0 SP4 Administration Guide

36.2 Monitoring Access Gateway Alerts

The Access Gateway has been programmed to issue events to various types of systems (such as a Novell® Audit server or a Syslog server) so that the administrator can be informed when significant changes occur that modify how the Access Gateway is performing. For information about auditing and audit events, see Section 31.0, Enabling Auditing. This section describes how to use the following types of alerts:

36.2.1 Reviewing Java Alerts

The Alerts page allows you to view information about current Java alerts and to clear them. An alert is generated whenever the Access Gateway detects a condition that prevents it from performing normal system services.

In the Administration Console, click Access Manager > Access Gateways > [Name of Server] > Alerts.
To acknowledge an alert, select the check box for the alert, then click Acknowledge Alert(s). When you acknowledge an alert, you clear the alert from the list.
Click Close.
(Optional) To verify that the problem has been solved, click Access Gateways > [Server Name] > Health > Update from Server.

The NetWare® Access Gateway currently sends the following severe alerts when it is not functioning correctly:

Alert Message	Solution
Access Gateway Embedded Service Provider failed to initialize	Click Access Gateways, select the Access Gateway, then click > Actions > Service Provider > Start Service Provider.
Access Gateway Server communication channel failed to start

36.2.2 Configuring Access Gateway Alerts

The configuration steps for Access Gateway Alerts are platform-specific, although both platforms support similar options. To set up notification for these types of alerts, see the following sections:

NetWare Access Gateway Alerts

For a NetWare® Access Gateway, the Legacy Alerts option allows you to send notification of generated system alerts to a Syslog server, to a list of e-mail recipients, or to both.

In the Administration Console, click Access Manager > Access Gateways > Edit > Legacy Alerts.
Enable the Syslog services by configuring the following fields:

Enable Syslog: Selecting this option enables syslog alerts. You must also configure a Syslog server and select some alerts. (See Step 3 and Step 5.)

Port: Specifies the port where the Syslog server listens for Syslog messages. The default value for the UDP port is 514. Make sure this port value matches the port configuration of your Syslog server.

Identifier: Specifies a string that identifies the Access Gateway as the generator of the alert.
If you enabled Syslog services, configure a Syslog server.
1. Click New under the Syslog Server List.
2. Specify the DNS name or IP address of the Syslog server and click OK.
To enable e-mail notification, select Enable Email.

You must also set up an e-mail server and a list of recipients and select some alerts before any alert notifications are sent
1. Click New under the Email Server List section and specify the DNS name or IP address of your e-mail server.
  
  Repeat this step if you have more than one e-mail server.
2. Click Email Address to activate all servers in the list, or click the box by individual servers to select only some servers in the list.
3. Click New under the Email Address List section and specify the e-mail address of the user you want to receive alert notifications.
  
  Repeat this step to add others to the list.
4. Click Email Address to activate notification for all users in the list, or click the box by individual users to select only some users in the list.

Select the alerts for notification.

Select All: Select this option for all alerts. Otherwise, select one or more of the following:

Alert	Description
Disk Space Shortage	Generated when disk space is low on the OS (sys:) or Log (log:) volumes.
TCP Synchronization Flooding	Generated when TCP/IP detects a flooding of synchronization packets. This often happens during a denial-of-service attack.
ECB Shortage	Generated when network receive buffers are low.
UDP Flooding	Generated when TCP/IP detects a flooding of UDP packets. This often happens during a denial-of-service attack.
Ping Flooding	Generated when TCP/IP detects a flooding of ping packets. This often happens during a denial-of-service attack.
Login Failure	Generated each time a login failure occurs from the management tool or from FTP. The alert contains the IP address of the client making the unsuccessful attempt.
System Up	Generated each time the Access Gateway is started.
System Down	Generated each time the Access Gateway is stopped.
Configuration Change	Generated each time the configuration of the Access Gateway is modified.

To save your modifications, click OK twice.
On the Access Gateways page, click Update.

Linux Access Gateway Alerts

For a Linux Access Gateway, this option allows you to send notification of generated system alerts to a Syslog server, to SNMP, to a system controller, to a log file, or to a list of e-mail recipients.

In the Administration Console, click Access Manager > Access Gateways > Edit > Alerts.
To add a new profile, click New.
Specify a name for the profile, then click OK.
Click the new profile to configure alert events.

To select the alerts for notification, select one or more of the following:

Alert	Description
Connection Refused	Generated when the connection is refused.
Proxy Initialization Failure	Generated when the embedded service provider fails to initialize.
System Up	Generated each time the Access Gateway is started.
System Down	Generated each time the Access Gateway is stopped.
Configuration Changed	Generated each time the configuration of the Access Gateway is modified.
DNS Server Not Responding	Generated each time the DNS server fails to respond.
DNS Server Is Now Responding	Generated each time the DNS server comes up.
DNS Parent Address Invalid	Generated when the IP address of DNS parent is invalid.
DNS Resolver Initialization Failure (10 seconds)	Generated when the DNS resolver initialization fails.
DNS Resolver Initialization Failure (2 minutes)	Generated when the DNS resolver initialization fails.

To send alerts to all destinations, click Enable All. Otherwise, select the action for each destination.
To send alerts to the Administration Console select the Send to Device Manager check box.
To send alerts to a log file, click New, then specify a name for the log profile.
1. Configure the following Log File details:
  - Log File Name: Specify a name for the log file and a path where the file should be stored.
  - Max File Size: Specify a maximum size in KB for the log file. The size can be from 50 to 100000 KB. Specify 0 to indicate that there is no maximum file size.
2. Click OK.
To enable e-mail notification click New, then specify a name for the e-mail profile.
1. Configure the following e-mail details:
  - E-mail Recipients: Specify the e-mail address of the recipient, then click Insert. You can add multiple e-mail addresses. Click Delete to delete any of the e-mail addresses, then click OK in the confirmation dialog box.
  - Mail Exchange Servers: Specify the IP address or the DNS name of the mail exchange server. Click Delete to delete any of the mail exchange servers addresses, then click OK in the confirmation dialog box.
2. Click OK.
To enable syslog alerts click New, then specify a name for the Syslog profile.
1. Configure the following syslog details:
  - Facility Name: Specify a facility name for the Syslog server. It can be any name from local0 to local7. If you specify local0 as your facility name, the alerts are stored at \var\logs\ics_dyn.log. The Linux Access Gateway uses local0 for normal logging information. Therefore, it is not recommended to specify local0 as your facility name.
2. Click OK.
3. To delete a syslog profile, click Delete. Click OK in the confirmation dialog box.
To delete an Alert Profile, select the profile, then click Delete. Click OK in the confirmation dialog box.
To save your modifications, click OK twice.
On the Access Gateways page, click Update.

Access Gateway Cluster Alerts

To view information about current alerts for all members of a cluster:

In the Administration Console, click Access Manager > Access Gateways > [Name of Cluster] > Alerts.

Analyze the data displayed in the table.

Column	Description
Server Name	Lists the name of the Access Gateway that sent the alert. To view additional information about the alerts for a specific Access Gateway, click the name of an Access Gateway.
Severe	Lists the number of critical alerts that have been sent and not acknowledged.
Warning	Lists the number of warning alerts that have been sent and not acknowledged.
Information	Lists the number of informational alerts that have been sent and not acknowledged.

To acknowledge all alerts for an Access Gateway, select the check box for the Access Gateway, then click Acknowledge Alert(s). When you acknowledge an alert, you clear the alert from the list.
To view information about a particular alert, click the server name. For information about a specific alert, see Section 36.2.1, Reviewing Java Alerts.

36.2.3 Enabling SNMP

(NetWare only) The SNMP page allows you configure the Access Gateway with basic SNMP information so the Access Gateway can communicate with your SNMP management workstations.

This SNMP implementation follows the ISO SNMP version 1 standard outlined in RFC 1067: A Simple Network Management Protocol.

When SNMP-enabled components of Access Gateway start, they register with the system. When the system receives a request for a specific SNMP parameter, it knows which component to contact to obtain the information.

The Access Gateway has an ichain.mib file in the sys:\etc\proxy\data directory. To see a list of standard SNMP parameters, use the FTP get command to retrieve this file, then compile it for use with your SNMP management software.

If you specify a trap community name and specify an SNMP management workstation on the SNMP page, all alerts you select in the Legacy Alerts page (see NetWare Access Gateway Alerts) are automatically sent as SNMP traps even if you have not configured syslog or e-mail alert notification on the Legacy Alerts page.

To set up SNMP:

In the Administration Console, click Access Manager > Access Gateways > Edit > SNMP.
Configure the following:

Monitor State: Specifies whether the community has Read access to monitor the Access Gateway. If it does, you need to specify the community name. Community names must contain only ASCII characters and must not have spaces.

Control State: Specifies whether the community has Write access to the control states of the Access Gateway. If it does, you need to specify the community name. Community names must contain only ASCII characters and must not have spaces.

Trap State: Specifies whether traps are sent. If they are sent, you can specify a community (location, IP octets, or other identifier) from which traps are sent to the management stations you designate. Community names must contain only ASCII characters and must not have spaces. You can also specify a Node Name for SNMP for management of the Access Gateway through SNMP.
Add an SNMP server.
1. In the SNMP Management Server IP Addresses section, click New.
2. Specify the IP address of the SNMP server, then click OK.
3. Repeat to add additional servers.
(Optional) Configure appliance information.

The Appliance Information fields allow you to enter additional information about the Access Gateway. You can describe the Access Gateway hardware and its location, and provide the name of the person responsible for the Access Gateway.
To save your modifications, click OK twice, then on the Access Gateways page, click Update.