Configuring a Driver Health Job

  • 7017643
  • 26-May-2016
  • 26-May-2016

Environment


NetIQ Identity Manager 4.5
NetIQ Identity Manager 4.0.X

Situation

How do you configure a Driver Health Job to send email notifications when a driver is not processing events or is down?

Resolution

This document discusses the process to create a Driver Health job to receive email notifications when the Driver Health is suspect, or down.

1. You need a mail server to relay messages through.  

For testing I found a simple email server called ArGoSoft Mail Server Freeware on download.cnet.com, which worked great for me.    Simply install it on a windows workstation / server then configure it to allow relay (you have to define the DNS Server, and Local Host in the settings as well as checking Allow Relay).     My firewall was turned off on the server for testing, so you may have to open a port as well, if your firewall is on.

2. Configure your email server settings in eDirectory

In iManager go to the Identity Manager Administration tab and select Email Server Options, under the email section.



 Define the Host Name running, a From email address, and the authentication information for your email server (if needed) to transfer the email message through.   For the ArGoSoft test email server I used, no authentication information was needed.   Then click OK to save.


3.  Next Configure a Email Server Template to provide you the state change of the Driver.

In iManager go to the Identity Manager Administration tab and select Email Templates, under the email section.
Click New, to create a new Email Template, and give it a name, such as "Driver Health Notification Email".

I like to see the state in the Subject, so I use: "Driver Health is $HealthState$"
Then I use the following as the message:  "The current health state of the $Driver$ driver running on $Server$ is
 $HealthState$." 
(remove quotes)
This gives you the health state in the message, along with the driver & server name in the details of the message.   (full path to the driver & server in the tree)



 


4.  Modify the Driver Health Job to send an email

In iManager, go to the Identity manager overview for your driver set.  Then click on the driver you want to receive health notifications for.  On the right it will pull up the driver, select Health configuration from the Actions menu.

By default the Driver Health Configuration have conditions setup to setup to monitor if the driver is down, not processing events, or is backed up.    If everything is good,  it reports a GREEN, if it is backed up but running, it reports a YELLOW, if it is down or not processing events, it defaults to RED.  The various states and conditions are pretty good by default.   So the only thing you have to do is to configure the Actions section for  EACH condition.  GREEN, YELLOW and RED.  

In the actions section (see the Red condition below), you need to select Send Email, then define a To email address, a Reply-to email address, and select the Email template we created in step 3 above.   The email template is found user the Default Notification Collection object in the Security container.  (DC Driver Health Template.Default Notification Collection.Security)

By default the email is only sent when the state changes.    For example if the job is ran and the state is green, then an email is sent out.   If the job is ran again, and the state is still green, no email is sent out.   If the job is ran and the state changes to yellow or red, then an email would be sent out.    For testing you may want to send an email out each time the job is executed.   To do this, check the box at the top of the action "Always execute actions when conditions are true".  Then each time the job executes an email will be sent out if the conditions for health state are true.

Default Green Conditions



Default Yellow Conditions



Red - No conditions by default.  
Add the Actions below to EACH state.   Green, Yellow, Red
Note:  If  you want to send emails to multiple users, seperate each email address with a comma ",".   This is different that the typical semi-colon in many email applications.





5.   Repeat Step 4 for each driver for which you want to monitor the health.

6.   Setup a Health Job under the Driver Set to get the current Driver Health State for your drivers.

In iManager under the Identity Manager Overview, select the Jobs tab.
Click New and create a Driver Health Job.  Select Health Job, as the type, and verify the server the job will run on is selected, and click OK to continue.




Under the General Tab, make sure the job is enabled and the server it should be ran on is selected.  For the email server, select the Default Notification Collection under the Security container.   The Default Notification Collection object holds the email server settings specified in step 2.





Under the schedule tab, define when the job will be ran.    You can set it to daily, weekly, monthly or a custom setting.   In this example it is a custom setting, set to run once each our on the hour.   (8:00, 9:00, etc)





Under the Scope tab, select the Driver Set.   This will determine the health of all drivers under the driver set and take the actions you have specified for them.   If you only want this to run on one driver, then you can select that driver(s).



Under the Parameters tab, select the user the job with authenticate with to run.   Note this needs to be specified in slash format.   Then set the user's password.   




In the Results tab, leave the actions all set to No Action.    This  is the action of the job, not the Driver Health.   So you can define an action here, it will just send notifications if the job executed or had problems executing.   It may be a good idea to setup a notification if the job failed to execute with some type of a job failure email template.   Configure at your discretion.  



Click OK to save all the changes.


7.   Test the job. 

In iManager, under the Jobs tab in the Driver Set Overview.   Select the job and click Run Now.   You should get a popup stating the job was started (unless you checked to not show that popup)    And you should receive your email.
If not, look at your email server log or server communications from the IDM server running the job to the email server.    In the ArGoSort mail server I used for testing it shows a flowing log of the connection and process of sending out the email.   I had enabled all the logging options (check boxes in the options).






Additional Information

There is no caching of job emails, if the mail server does not accept the job email message for transfer.   The job email will be simply lost.   So it may be a good idea to configure a mail server on the IDM server running the job itself in production.