Sun Java(TM) System Directory Server 5.2 2005Q1 Administration Guide |
Chapter 14
Monitoring Directory Server Using SNMPThe Simple Network Management Protocol (SNMP) is a standardized management protocol for monitoring and managing devices and applications in real time. Directory Server provides a subagent interface so that it can be monitored by an SNMP manager application. This allows network applications to determine the status of the directory server and obtain information about its activity.
The Directory Server SNMP subagent contains read-only values. SNMP management applications cannot perform actions on the server.
In general, the access and error logs described in Chapter 13, "Monitoring Directory Server Using Log Files," provide much more detailed information about the server, and LDAP is the protocol of choice for securely accessing and modifying the server configuration. However, the SNMP subagent does allow Directory Server instances to participate in existing network management systems.
This chapter contains the following topics:
SNMP in Sun Java System ServersSNMP allows a management application to query applications and devices which run an agent or subagent application. The SNMP agent or subagent gathers information from the application or device in response to a query from the SNMP manager. This information is structured as variables in tables which are defined by a management information base (MIB) for the agent.
Usually, the network manager queries the SNMP variables in the subagent, and the subagent returns the requested value. SNMP also defines a mechanism that allows an agent to report an event by sending a trap message to all network managers. If the subagent and master agent are running before the Directory Server daemon is launched, the Directory Server subagent sends a SMUX trap to the master agent on Directory Server startup or shutdown. The master agent converts this to an SNMP trap.
Multiple subagents can be installed on a host machine. For example, if Directory Server, Application Server, and Messaging Server all installed on the same host, the subagents for each of these servers communicate with the same master agent.
In the UNIX environment, an SNMP master agent (MAGT) is provided for Directory Server and other Sun Java System products when the Administration Server is installed.
For more information on using SNMP to monitor servers, see the Administration Server Administration Guide.
The general procedure for setting up your server to be monitored through SNMP is the following:
- Compile the Directory Server MIB and integrate it into your SNMP management system. Refer to your system documentation.
- Set up SNMP on your machine, as described in Setting Up SNMP.
- Configure the SNMP subagent through Directory Server Console. Refer to Configuring SNMP in Directory Server.
- Start the SNMP subagent through Directory Server Console. See Starting and Stopping the SNMP Subagent.
- Access the SNMP managed objects defined by the MIB and exposed through the agents. This step is entirely dependent on your SNMP management system.
The steps that are specific to Directory Server configuration are described in the following sections.
Overview of the Directory Server MIBThe Directory Server MIB has the following object identifier:
iso.org.dod.internet.private.enterprises.netscape.nsldap
(nsldapd OBJECT IDENTIFIER ::= { 1.3.6.1.4.1.1450.7 })It is defined in the following file:
ServerRoot/plugins/snmp/netscape-ldap.mib
The MIB defines the variables that can be monitored through SNMP and the type of values they contain. The directory MIB is broken into four distinct tables of managed objects:
- Operations table - Contains statistics about binds, operations, referrals and errors in the directory. Values for these variables are also available in the attributes of the cn=snmp,cn=monitor entry of the directory. See the Directory Server Administration Reference.
- Entries Table - Contains counts of entries in the directory and entry cache hits. Values for these variables are also mixed in with operation variables in the attributes of the cn=snmp,cn=monitor entry of the directory. See the Directory Server Administration Reference.
- Interactions Table - Contains statistics about the last 5 directory servers with which this directory server has communicated. See the Directory Server Administration Reference.
- Entity Table - Contains variables that describe this instance of Directory Server, such as its server ID and version. See the Directory Server Administration Reference.
Before you can use the directory's MIB, you must compile it along with the MIBs that you will find in the following directory:
ServerRoot/plugins/snmp/mibs
For information on how to compile MIBs, see your SNMP product documentation.
Setting Up SNMPOn Solaris Platforms
The recommended configuration on Solaris is to plug the Directory Service master agent (MPS/MAGT) into the Solaris native agent framework. In this configuration, the Solaris agent snmpdx is responsible for starting the MPS agent and forwarding Directory Server SNMP requests on to the MPS agent. This means that all SNMP management clients can contact the Solaris agent on the standard port 161, regardless of whether the requests are Directory Server related or not.
You must reconfigure the MPS agent to run on a different port (1161 is suggested) so that it does not conflict with the Solaris agent. The example procedure given below includes that step. There are further instructions for configuring the MPS agent in the Administration Server Administration Guide. Note however this configuration requires that the MPS agent is started by the Solaris agent, so you would not use the Administration Server to start or stop the MPS agent.
Plugging into the snmpdx SNMP master agent - Solaris example
Follow this procedure to plug into Solaris snmpdx agent (man snmpdx(1M)). The Solaris snmpdx agent can be run on the standard port 161, and will forward Directory SNMP requests to Directory Server.
Substitute slapd-instance with your directory instance name.
- Login as root.
- Create a registration file for the MPS agent: /etc/snmp/conf/mps.reg
Add the following contents to the file:
#
# Registration file for MPS Agent.
#
##########
# agents #
##########
agents = {
{
name = "mps"
subtrees = {
# Directory Server
1.3.6.1.4.1.1450.7,
# Web Server
1.3.6.1.4.1.1450.1.60
}
timeout = 2000000
watch-dog-time = 86400
port = 1161
}
}
- Create a resource file for the MPS agent: /etc/snmp/conf/mps.rsrc
Add the following contents to the file:
#
# Resource file for MPS Agent.
#
resource =
{
{
registration_file = "/etc/snmp/conf/mps.reg"
policy = "spawn"
type = "legacy"
command = "install-dir/plugins/snmp/magt/magt
install-dir/plugins/snmp/magt/CONFIG
install-dir/plugins/snmp/magt/INIT"}
}
- Add the following lines of code to the end of: install-dir/plugins/snmp/magt/CONFIG
TRANSPORT extraordinary SNMP
OVER UDP SOCKET
AT PORT 1161
- Reboot, and then check that the magt process is running on port 1161. For example:
$ pgrep magt
21954
$ netstat -a | grep 1161
*.1161 Idle
*.1161 Idle
- Configure the Directory Server subagent as described in Configuring SNMP in Directory Server. Use the default port 199.
You can create a startup script in /etc/init.d containing the following lines in order to start the subagent automatically at boot time. The subagent will only start if the MPS agent has already been started.
$ cd install-dir/bin/slapd/server
[ -x ./64/ns-slapd ] && [ "`/bin/isainfo -b 2> /dev/null`" = 64 ] && cd ./64
./ns-ldapagt -d install-dir/slapd-instance
- Check that the subagent is running. For example:
$ pgrep ns-ldapagt
22411
On Linux Platforms
- On Red Hat Linux Advanced Server, check to make sure the native snmpd is not running. Use the command:
$ pgrep snmpd
If the native snmpd is running, stop it using the command:
/etc/rc.d/init.d/snmpd stop
- If you are going to run the native snmpd, change the port number of the native snmpd. This is because by default both the Directory Server MPS (MAGT) master agent and the native snmpd use port 161.
To change the port number, modify the OPTIONS variable in /etc/rc.d/init.d/snmpd as follows:
OPTIONS="-s -l /dev/null -P /var/run/snmpd.pid -a -p 1161" adding -p 1161
This changes the snmpd port to 1161.
- Start the native snmpd by running:
/etc/rc.d/init.d/snmpd start
Hints for SNMP on Linux
When configuring SNMP on Linux, take the following points into account:
- When configuring the Directory Server SNMP subagent as described in Configuring SNMP in Directory Server, use the default port 199.
- If you would like to use a script for starting, stopping, and restarting the Directory Server, its MAGT (MPS) SNMP master agent, and SNMP subagent, use the code in Code Example 14-1. Create a script in /etc/init.d with filename directorysnmp.
Code Example 14-1 SNMP Linux Script directorysnmp
#!/bin/sh
DIR=""
BASEDIR=`/bin/rpm -qa --queryformat '%{INSTPREFIXES}' sun-directory\* | head -1`
[ -r "$BASEDIR/directory-server/5.2/shared/config/serverroot.conf" ] || exit 0
VAR=`/bin/cat $BASEDIR/directory-server/5.2/shared/config/serverroot.conf`
for di in $VAR/slapd-*
do
[ -d "$di" ] && DIR="$DIR $di"
done
start() {
[ ! -z "$DIR" ] || exit 0
# Start the Directory Server or Servers
for di in $DIR; do
$di/start-slapd
done
# Start the master agent
cd $VAR/plugins/snmp/magt
./magt ./CONFIG ./INIT >/dev/null 2>&1 &
# Give the master agent a chance to start.
#
loop_counter=1
max_count=10
while [ $loop_counter -le $max_count ]; do
n=`/usr/bin/pgrep -f magt | /usr/bin/wc -l`
if [ $n -gt 0 ]; then break; fi
loop_counter=`expr $loop_counter + 1`
sleep 1
done
if [ $n -eq 0 ]; then
echo "Directory Server agents not started."
exit 1
fi
# Start the subagent
cd $VAR/bin/slapd/server
for di in $DIR; do
./ns-ldapagt -d $di >/dev/null 2>&1 &
done
}
stop() {
[ ! -z "$DIR" ] || exit 0
# Stop the subagent
for di in $DIR; do
lkfile=${di}/logs/NSLDAPAGT.LK
if [ -r $lkfile ]; then
pid=`/usr/bin/cut -f 1 -d' ' $lkfile`
kill $pid >/dev/null 2>&1
fi
done
# Stop the master agent
/usr/bin/pkill magt
# Stop the Directory Server
for di in $DIR; do
$di/stop-slapd
done
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
cd /etc/rc3.d
ln -s ../init.d/directorysnmp S98directorysnmp
cd /etc/rc5.d
ln -s ../init.d/directorysnmp S98directorysnmp
This will run directorysnmp in both run levels 3 and 5, which are the multi-user run levels. Systems that use X-Windows, or a GUI login run at level 5, level 3 is for systems not using X-Windows.
Configuring SNMP in Directory ServerAfter setting up the SNMP agent or service on your platform, you must configure the SNMP parameters in your Directory Server instance. To configure SNMP settings from Directory Server Console:
- On the top-level Configuration tab of Directory Server Console, select the server node at the root of the configuration tree, then select the SNMP tab in the right-hand panel.
- Select the "Enable statistics collection" checkbox. By default, statistics for SNMP variables are not collected in order to improve resource usage. If you do not use SNMP and do not monitor the attributes of the cn=snmp,cn=monitor entry through LDAP, you should leave this checkbox disabled.
- Enter the hostname and port number of the master agent in the corresponding text fields.
The defaults are localhost and port 199, respectively.
- Enter information in the text fields of the Descriptive Properties box. These values will be reflected in the SNMP Entity table exposed by this server:
- Description - Enter a description of your directory server, similar to the description field for this instance in the topology tree of Server Console.
- Organization - Enter the name of the company or internal organization to which the directory server belongs.
- Location - Enter a geographical location for the directory server host.
- Contact - Enter the email address or contact information of the directory server administrator.
- Click Save to store your changes.
- Start or restart the SNMP subagent, as described in the following section.
Starting and Stopping the SNMP SubagentThe following procedures describe how to start, restart or stop the SNMP subagent from Directory Server Console.
Note
If you add another server instance on the same host, and you want the instance to be part of the SNMP network, you must restart the SNMP subagent.
To start, stop, and restart the SNMP subagent:
- On the top-level Configuration tab of Directory Server Console, select the server node at the root of the configuration tree, then select the SNMP tab in the right-hand panel.
- Use the subagent control buttons below the Descriptive Properties box to start stop, or restart the subagent.
Stopping the directory does not stop the directory subagent. If you want to stop the subagent, you must do so from this tab.