Chapter 16 Managing SNMP

You can monitor your directory server in real time using the Simple Network Management Protocol (SNMP).

This chapter contains the following topics:

• "Understanding SNMP"
• "The Directory Server MIB"
• "Setting Up SNMP"
• "Configuring SNMP for the Directory Server"

A managed device is anything that runs SNMP, such as hosts, routers, and your directory server.

An NMS is usually a powerful workstation with one or more network management applications installed. A network management application graphically shows information about managed devices (which device is up or down, which and how many error messages were received, and so on).

Information is transferred between the NMS and the managed device through the use of two types of agents: the subagent and the master agent. The subagent gathers information about the managed device and passes the information to the master agent. The Netscape Directory Server has a subagent. The master agent exchanges information between the various subagents and the NMS. The master agent runs on the same host machine as the subagents it talks to.

You can have multiple subagents installed on a host machine. For example, if you have the directory server, the Enterprise Server, and the Messaging Server all installed on the same host, the subagents for each of these servers communicates with the same master agent. In the Windows NT environment, the master agent is the SNMP service provided by the Windows NT operating system. In the Unix environment, the master agent is installed with the Netscape Administration Server.

Values for variables that can be queried are kept on the managed device and reported to the NMS as necessary. Each variable is known as a managed object, which is anything the agent can access and send to the NMS. All managed objects are defined in a management information base (MIB), which is a database with a tree-like hierarchy. The top level of the hierarchy contains the most general information about the network. Each branch underneath is more specific and deals with separate network areas.

SNMP Overview

SNMP exchanges network information in the form of protocol data unit (PDUs). PDUs contain information about variables stored on the managed device. These variables, also known as managed objects, have values and titles that are reported to the NMS as necessary. Communication between an NMS and a managed device takes place in one of two forms:

• NMS-Initiated Communication
• Managed Device-Initiated Communication

NMS-initiated communication is the most common type of communication between an NMS and a managed device. In this type of communication, the NMS either requests information from the managed device or changes the value of a variable stored on the managed device.

These are the steps that make up an NMS-initiated SNMP session:

1. The NMS determines which managed devices and objects need to be monitored.
2. The NMS sends a PDU to the managed device's subagent through the master agent. This PDU either requests information from the managed device or tells the subagent to change the values for variables stored on the managed device.
3. The subagent for the managed device receives the PDU from the master agent.
4. If the PDU from the NMS is a request for information about variables, the subagent gives information to the master agent and the master agent sends it back to the NMS in the form of another PDU. The NMS then displays the information textually or graphically.

If the PDU from the NMS requests that the subagent set variable values, the subagent sets these values.

This type of communication occurs when the managed device needs to inform the NMS of an event that has occurred. A managed device initiates communication with an NMS to inform the NMS of a shut down or start up. Communication initiated by a managed device is also known as a "trap." The directory server sends a trap to the NMS whenever the directory server starts or stops.

These are the steps that make up a managed device-initiated SNMP session:

1. An event occurs on the managed device.
2. The subagent informs the master agent of the event.
3. The master agent sends a PDU to the NMS to inform the NMS of the event.
4. The NMS displays the information textually or graphically.

The directory server MIB has an object identifier of iso.org.dod.internet.private.enterprises.netscape.nsldap (that is, nsldap OBJECT IDENTIFIER ::= { 1.3.6.1.4.1.1450.7 }) and is located in the <NSHOME>/plugins/snmp directory.

You can see administrative information about your directory server and monitor the server in real time using the directory server MIB. The directory server MIB is broken into three distinct tables of managed objects:

• The Operations Table
• The Entries Table
• The Interaction Table

<NSHOME>/plugins/snmp/mibs

For information on how to compile MIBs, see your SNMP product documentation.

The Operations Table

The Operations Table provides statistical information about directory server access, operations, and errors. Table  16.1 describes the managed objects stored in the Operations Table of the netscape-ldap.mib file.

Table 16.1 netscape-ldap.mib Operations Table managed objects and descriptions  

Managed object	Description
dsAnonymousBinds	The number of anonymous binds to the directory since server startup.
dsUnauthBinds	The number of unauthenticated binds to the directory since server startup.
dsSimpleAuthBinds	The number of binds to the directory server that were established using a simple authentication method such as password protection since server startup.
dsStrongAuthBinds	The number of binds to the directory server that were established using a strong authentication method such as SSL or a SASL mechanism such as Kerberos since server startup.
dsBindSecurityErrors	The number of bind requests that have been rejected by the directory server due to authentication failures or invalid credentials since server startup.
dsInOps	The number of operations forwarded to this directory server from another directory server since server startup.
dsReadOps	The number of read operations serviced by this directory server since application start. The value of this object will always be 0 because LDAP implements read operations indirectly via the search operation.
dsCompareOps	The number of compare operations serviced by this directory server since server startup.
dsAddEntryOps	The number of add operations serviced by this directory server since server startup.
dsRemoveEntryOps	The number of delete operations serviced by this directory server since server startup.
dsModifyEntryOps	The number of modify operations serviced by this directory server since server startup.
dsModifyRDNOps	The number of modify RDN operations serviced by this directory server since server startup.
dsListOps	The number of list operations serviced by this directory server since server startup. The value of this object will always be 0 because LDAP implements list operations indirectly via the search operation.
dsSearchOps	The total number of search operations serviced by this directory server since server startup.
dsOneLevelSearchOps	The number of one-level search operations serviced by this directory server since server startup.
dsWholeSubtreeSearchOps	The number of whole subtree search operations serviced by this directory server since server startup.
dsReferrals	The number of referrals returned by this directory server in response to client requests since server startup.
dsChainings	The number of operations forwarded by this directory server to other directory servers since server startup. The value of this object will always be 0.
dsSecurityErrors	The number of operations forwarded to this directory server that did not meet security requirements.
dsErrors	The number of requests that could not be serviced due to errors (other than security or referral errors). Errors include name errors, update errors, attribute errors, and service errors. Partially serviced requests will not be counted as an error.

The Entries Table provides statistical information about the contents of the directory server entries. Table  16.2 describes the managed objects stored in the Entries Table of the netscape-ldap.mib file.

Table 16.2 netscape-ldap.mib Entries Table managed objects and descriptions  

Managed object	Description
dsMasterEntries	The number of directory entries for which this directory server contains the master entry. The value of this object will always be 0.
dsCopyEntries	The number of directory entries for which this directory server contains a slave copy. The value of this object will always be 0.
dsCacheEntries	The number of entries cached in the directory server.
dsCacheHits	The number of operations serviced from the locally held cache since application startup.
dsSlaveHits	The number of operations that were serviced from locally held replications (shadow entries). The value of this object will always be 0.

The Interaction Table provides statistical information about the interaction of this directory server with peer directory servers. This table contains statistical information for the last 5 directory servers with which this directory server has attempted to communicate. This table provides useful information about how the interaction with peer directory servers affects the performance of this directory server. Table  16.3 describes the managed objects stored in the Interaction Table of the netscape-ldab.mib file.

Table 16.3 netscape-ldap.mib Interaction Table managed objects and descriptions

Managed object	Description
dsIntIndex	Statistical data is kept for the last 5 peer directory servers with which this directory server has attempted to communicate. This object provides a unique identifier used to delimit the information about the interaction with a specific peer directory server.
dsName	The distinguished name of the peer directory server identified by the corresponding dsIntIndex object.
dsTimeOfCreation	The amount of time since this directory server first attempted to contact the peer directory server identified by the corresponding dsIntIndex object. If this attempt was made before the NMS was initialized, the object will contain a value of 0.
dsTimeOfLastAttempt	The amount of time since this directory server last attempted to contact the peer directory server identified by the corresponding dsIntIndex object. If this attempt was made before the NMS was initialized, the object will contain a value of 0.
dsTimeOfLastSuccess	The amount of time since this directory server last successfully contacted the peer directory server identified by the corresponding dsIntIndex object. If this contact was made before the NMS was initialized, the object will contain a value of 0.
dsFailuresSinceLastSuccess	The number of times this directory server has failed to contact the peer directory server identified in the corresponding dsIntIndex object since the last successful contact.
dsFailures	The total number of times this directory server has failed to contact the peer directory server identified by the corresponding dsIntIndex object.
dsSuccesses	The total number of times this directory server has successfully contacted the peer directory server identified by the corresponding dsIntIndex object.
dsURL	The URL of the peer directory server identified in the corresponding dsIntIndex object.

Setting Up SNMP on Windows NT

To set up SNMP support for your directory server on a Windows NT machine:

1. Install the SNMP service on your NT server.

Refer to your Windows NT operating system documentation for instructions.

2. Enable directory server statistics collection. See "Configuring SNMP for the Directory Server" for information.
3. Restart the Windows NT SNMP service.

To set up SNMP support for your directory server on a Unix machine:

1. Configure and start the master agent using the administration server interface.

For information on setting up the Master Agent, refer to Managing Servers with Netscape Console.

2. AIX Only. Configure the AIX SNMP Daemon.

See "Configuring the AIX SNMP Daemon (AIX Only)" for information.

3. Enable the directory server subagent.

See "Configuring SNMP for the Directory Server" for information.

4. Start the directory server subagent.

See "Starting and Stopping the SNMP Subagent on Unix" for information.

If your SNMP daemon is running on AIX, it supports SMUX. For this reason, you do not need to install a master agent. However, you do need to change the AIX SNMP daemon configuration.

AIX uses several configuration files to screen its communications. One of them, snmpd.conf, needs to be changed so that the SNMP daemon accepts the incoming messages from the SMUX subagent. For more information, see the online manual page for snmpd.conf. You need to add a line to define each subagent.

For example, you might add this line to the snmpd.conf:

smux 1.3.6.1.4.1.1.1450.7 "" <IP_address> <net_mask>

where <IP_address> is the IP address of the host the subagent is running on, and <net_mask> is the network mask of that host.

Note. Do not use the loopback address 127.0.0.1; use the real IP address instead.

If you need more information, see your related system documentation for details.

1. On the Directory Server Console, select the Configuration tab and then select the root entry in the navigation tree in the left pane.
2. Select the SNMP tab in the right pane.
3. Click Start to start the subagent, click Stop to stop the subagent, or click Restart to restart the subagent.

Stopping the directory server does not stop the directory subagent. If you want to stop the subagent, you must do so from this tab.

If you add another server instance and you want the instance to be part of the SNMP network, you must restart the subagent.

1. Make sure the directory server is running.
2. On the Directory Server Console, select the Configuration tab and then select the root entry in the navigation tree in the left pane.
3. Select the SNMP tab in the right pane.
4. Select the "Enable Statistics Collection" checkbox to enable directory server statistics collection. Clear the checkbox to disable it.
5. For Unix servers, enter the hostname on which the master agent resides and the port number used to communicate with the master agent in the Master Host and Master Port text boxes.

The defaults are localhost and 199 respectively.

6. Enter a description that uniquely describes the directory server instance in the Description text box.
7. Type the name the company or organization to which the directory server belongs in the Organization text box.
8. Type the location within the company or organization where the directory server resides in the Location text box.
9. Type the email address of the person responsible for maintaining the directory server in the Contact text box.
10. Click Save.
11. Restart the subagent (Unix), or restart the SNMP service (Windows NT). See "Starting and Stopping the SNMP Subagent on Unix" for information.