Previous Contents Index Next |
iPlanet Directory Server 5.1 Administrator's Guide |
Chapter 12 Monitoring Server and Database Activity
This chapter describes monitoring database and server logs. This chapter contains the following sections:
Viewing and Configuring Log Files
For information on using SNMP to monitor your server, see Chapter 13, "Monitoring Directory Server Using SNMP."
Viewing and Configuring Log Files
iPlanet Directory Server provides three types of logs to help you better manage your directory and tune performance. These logs include:The following aspects are common to the configuration of all types of logs:
The following sections describe how to define your log file creation and deletion policy, and how to view and configure each type of log.
Defining a Log File Rotation Policy
If you want the directory to periodically archive the current log and start a new one, you can define a log file rotation policy from Directory Server Console. You can configure the following parameters:
The total number of logs you want the directory to keep. When the directory reaches this number of logs, it deletes the oldest log file in the folder before creating a new log. The default is 10 logs. Do not set this value to 1. If you do, the directory will not rotate the log and the log will grow indefinitely.
The maximum size (in MB) for each log file. If you don't want to set a maximum size, type -1 in this field. The default is 100 MB. Once a log file reaches this maximum size (or the maximum age defined in the next step), the directory archives the file and starts a new one. If you set the maximum number of logs to 1, the directory ignores this attribute.
How often the directory archives the current log file and creates a new one by entering a number of minutes, hours, days, weeks, or months. The default is every day. If you set the maximum number of logs to 1, the directory ignores this attribute.
Defining a Log File Deletion Policy
If you want the directory to automatically delete old archived logs, you can define a log file deletion policy from Directory Server Console.
You can configure the following parameters:
The maximum size of the combined archived logs. When the maximum size is reached, the oldest archived log is automatically deleted. If you don't want to set a maximum size, type -1 in this field. The default is 500 MB. This parameter is ignored in the number of log files is set to 1.
The minimum amount of free disk space. When the free disk space reaches this minimum value, the oldest archived log is automatically deleted. The default is 5 MB. This parameter is ignored in the number of log files is set to 1.
The maximum age of log files. When a log file reaches this maximum age, it is automatically deleted. The default is 1 month. This parameter is ignored in the number of log files is set to 1.
Access Log
The access log contains detailed information about client connections to the directory.This section contains the following procedures:
"Viewing the Access Log"
Viewing the Access Log
To view the access log:
On the Directory Server Console, select the Status tab, then in the navigation tree, expand the Logs folder and select the Access Log icon.
To refresh the current display, click Refresh. Select the Continuous checkbox if you want the display to refresh automatically every ten seconds.
- A table displays a list of the last 25 entries in the access log.
To view an archived access log, select it from the Select Log pull-down menu.
To display a different number of messages, enter the number you want to view in the "Lines to show" text box and then click Refresh.
You can display messages containing a string you specify. To do this, enter the string in the "Show only lines containing" text box and then click Refresh.
Configuring the Access Log
You can configure a number of settings to customize the access log, including where the directory stores the access log and the creation and deletion policies.You can also disable access logging for the directory. You may do this because the access log can grow very quickly (every 2,000 accesses to your directory will increase your access log by approximately 1 MB). However, before you turn off access logging, consider that the access log provides beneficial troubleshooting information.
To configure the access log for your directory:
On the Directory Server Console, select the Configuration tab. Then, in the navigation tree, expand the Logs folder and select the Access Log icon.
To enable access logging, select the Enable Logging checkbox.
- The access log configuration attributes are displayed in the right pane.
In the Log File field, enter the full path and filename you want the directory to use for the access log. The default is file is:
- Clear this checkbox if you do not want the directory to maintain an access log.
- Access logging is enabled by default.
Solaris 9 platform
/var/ds5/slapd-serverID/logs/access Other platforms
/usr/iplanet/servers/slapd-serverID/logs/access Set the maximum number of logs, log size, and periodicity of archiving.
Set the maximum size of combined archived logs, minimum amount of free disk space, and maximum age for a log file.
- For information on these parameters, see "Defining a Log File Rotation Policy".
When you have finished making changes, click Save.
- For information on these parameters, see "Defining a Log File Deletion Policy".
Error Log
The error log contains detailed messages of errors and events the directory experiences during normal operations.This section contains the following procedures:
"Viewing the Error Log"
Viewing the Error Log
To view the error log:
On the Directory Server Console, select the Status tab, then in the navigation tree, expand the Logs folder and select the Error Log icon.
To refresh the current display, click Refresh. Select the Continuous checkbox if you want the display to refresh automatically every ten seconds.
- A table displays a list of the last 25 entries in the error log.
To view an archived error log, select it from the Select Log pull-down menu.
To specify a different number of messages, enter the number you want to view in the "Lines to show" text box and click Refresh.
You can display messages containing a string you specify. To do this, enter the string in the "Show only lines containing" text box and click Refresh.
Configuring the Error Log
You can change several settings for the error log, including where the directory stores the log and what you want the directory to include in the log.
On the Directory Server Console, select the Configuration tab. Then, in the navigation tree, expand the Logs folder and select the Error Log icon.
Select the Error Log tab in the right pane.
- The error log configuration attributes are displayed in the right pane.
To enable error logging, select the Enable Logging checkbox.
In the Log File field, enter the full path and filename you want the directory to use for the error log. The default is file is:
- Clear this checkbox if you do not want the directory to maintain an error log.
- Error logging is enabled by default.
Solaris 9 platform
/var/ds5/slapd-serverID/logs/error Other platforms
/usr/iplanet/servers/slapd-serverID/logs/error Set the maximum number of logs, log size, and periodicity of archiving.
Set the maximum size of combined archived logs, minimum amount of free disk space, and maximum age for a log file.
- For information on these parameters, see "Defining a Log File Rotation Policy".
If you want to set the log level, Ctrl+click the options you want the directory to include in the Log Level list box.
- For information on these parameters, see "Defining a Log File Deletion Policy".
When you have finished making changes, click Save.
- For more information about log level options, see "Log Level" in the iPlanet Directory Server Configuration, Command, and File Reference.
- Changing these values from the defaults may cause your error log to grow very rapidly, so it is recommended that you do not change your logging level unless you are asked to do so by iPlanet Customer Support.
Audit Log
The audit log contains detailed information about changes made to each database as well as to server configuration.This section contains the following procedures:
"Viewing the Audit Log"
Viewing the Audit Log
Before you can view the audit log, you must enable audit logging for the directory. See "Configuring the Audit Log" for information.
On the Directory Server Console, select the Status tab. Then, in the navigation tree, expand the Logs folder and select the Audit Log icon.
To refresh the current display, click Refresh. Select the Continuous checkbox if you want the display to refresh automatically every ten seconds.
- A table displays a list of the last 25 entries in the audit log.
To view an archived audit log, select it from the Select Log pull-down menu.
To display a different number of messages, enter the number you want to view in the "Lines to show" text box and click Refresh.
You can display messages containing a string you specify. To do this, enter the string in the "Show only lines containing" text box and click Refresh.
Configuring the Audit Log
You can use the Directory Server Console to enable and disable audit logging and to specify where the audit log file is stored.
On the Directory Server Console, select the Configuration tab. Then, in the navigation tree, expand the Logs folder and select the Audit Log icon.
To enable audit logging, select the Enable Logging checkbox.
- The audit log configuration attributes are displayed in the right pane.
In the Log File field, enter the full path and filename you want the directory to use for the audit log. The default is file is:
- To disable audit logging, clear the checkbox. By default, audit logging is disabled.
Solaris 9 platform
/var/ds5/slapd-serverID/logs/audit Other platforms
/usr/iplanet/servers/slapd-serverID/logs/audit Set the maximum number of logs, log size, and periodicity of archiving.
Set the maximum size of combined archived logs, minimum amount of free disk space, and maximum age for a log file.
- For information on these parameters, see "Defining a Log File Rotation Policy".
When you have finished making changes, click Save.
- For information on these parameters, see "Defining a Log File Deletion Policy".
Manual Log File Rotation
The directory server supports automatic log file rotation for all three logs. However, you can manually rotate log files if you have not set automatic log file creation or deletion policies. By default, access, error, and audit log files can be found in the following directory:
Solaris 9 platform
/var/ds5/slapd-serverID/logs Other platforms
/usr/iplanet/servers/slapd-serverID/logs
Shut down the server. See "Starting and Stopping the Directory Server," on page 35 for instructions.
Move or rename the log file you are rotating in case you need the old log file for future reference.
Restart the server. See "Starting and Stopping the Directory Server," on page 35 for instructions.
Monitoring Server Activity
You can monitor your directory server's current activities from either the Directory Server Console or the command line. You can also monitor the activity of the caches for all of your database. This section contains the following information:
"Monitoring Your Server From the Directory Server Console"
Monitoring Your Server From the Directory Server Console
This section contains information about using the Directory Server Console to monitor your server and the information available to you in the performance monitor.
Viewing the Server Performance Monitor
To monitor your server's activities using Directory Server Console:
On the Directory Server Console, select the Status tab. In the navigation tree, select Performance Counters.
Click Refresh to refresh the current display. If you want the server to continuously update the displayed information, select the Continuous checkbox.
- The Status tab in the right pane displays current information about server activity. If the server is currently not running, this tab will not provide performance monitoring information.
Overview of Server Performance Monitor Information
The server provides monitoring information as described in the following sections:
General Information (Server)
General Information (Server)
The server provides the following general information:
Server version
Configuration DN
- Identifies the current server version.
Data version
- Identifies the distinguished name that you must use as a search base to obtain these results using the ldapsearch command-line utility. This field should read cn=monitor.
- Provides identification information for the server's data. Usually the information shown here is only relevant if your server supplies replicas to consumer servers. The data version information is supplied as follows:
Server host name.
Startup time on serverDatabase generation number. Possibly obsolete: A unique identifier that is created only when you create your directory database without a machine data entry in the LDIF file.
Current change log number. This is the number corresponding to the last change made to your directory. This number starts at one and increments by one for each change made to the database.
Current time on server
- Date and time the server was started.
- Displays the current date and time on the server.
Resource Summary
The Resource Summary table displayed by the console provides the following resource-specific information:
Current Resource Usage
The Resource Summary table in Directory Server Console provides the following resource-specific information
Connection Status
The Connection Status table in Directory Server console provides the following information about the amount of resources in use by each currently open connection:
Global Database Cache Information
The Global Database Cache Information table in the Directory Server Console contains the following information:
Monitoring Your Server From the Command Line
You can monitor your directory server's current activities from any LDAP client by performing a search operation with the following characteristics:For example:
ldapsearch -h directory.siroe.com -s base -b "cn=monitor" "(objectclass=*)"
For information on searching the Directory Server, see "Using ldapsearch," on page 504.
The monitoring attributes for your server are found in the cn=monitor,cn=config entry.
When you monitor your server's activities using ldapsearch, you see the following information:
version: Identifies the directory's current version number.
threads: Current number of active threads used for handling requests. Additional threads may be created by internal server tasks, such as replication or chaining.
connection:fd:opentime:opsinitiated:opscompleted:binddn:[rw]: Provides the following summary information for each open connection (only available if you bind to the directory as the Directory Manager ):
fd - The file descriptor used for this connection.
opentime - The time this connection was opened.
opsinitiated - The number of operations initiated by this connection.
opscompleted - The number of operations completed.
binddn - The distinguished name used by this connection to connect to the directory.
rw - The field shown if the connection is blocked for read or write.
currentconnections - Identifies the number of connections currently in service by the directory.
- By default, this information is available to you only if you bind to the directory as the Directory Manager. However, you can change the ACI associated with this information to allow others to access the information.
totalconnections - Identifies the number of connections handled by the directory since it started.
dtablesize - Shows the number of file descriptors available to the directory. Each connection requires one file descriptor: one for every open index, one for log file management, and one for ns-slapd itself. Essentially, this value lets you know about how many more concurrent connections can be serviced by the directory. For more information on file descriptors, refer to your operating system documentation.
readwaiters - Identifies the number of threads waiting to read data from a client.
opsinitiated - Identifies the number of operations the server has initiated since it started.
opscompleted - Identifies the number of operations the server has completed since it started.
entriessent - Identifies the number of entries sent to clients since the server started.
bytessent - Identifies the number of bytes sent to clients since the server started.
currentime - Identifies the time when this snapshot of the server was taken. The time is displayed in Greenwich mean time (GMT) in UTC format.
starttime - Identifies the time when the server started. The time is displayed in Greenwich mean time (GMT) in UTC format.
nbackends - Identifies the number of back ends (databases) the server services.
concurrency - Solaris 2.x only. Indicates the current level of thread concurrency.
backendmonitordn - Identifies the DN of each directory database.
Monitoring Database Activity
You can monitor your database's current activities from Directory Server Console or from the command line. This section contains the following information:
"Monitoring Database Activity From the Server Console"
Monitoring Database Activity From the Server Console
This section describes how you can use Directory Server Console to view the database performance monitors and what sort of information the performance monitors provide.
Viewing Database Performance Monitors
To monitor your database's activities:
On the Directory Server Console, select the Status tab. In the navigation tree, expand the Performance Counters folder and select the database that you want to monitor.
Click Refresh to refresh the currently displayed information. If you want the directory to continuously update the displayed information, select the Continuous checkbox and then click Refresh.
- The tab displays current information about database activity. If the server is currently not running, this tab will not provide performance monitoring information.
Overview of Database Performance Monitor Information
The directory provides database monitoring information as described in the following sections:
General Information (Database)
General Information (Database)
The directory provides the following general database information:
Database
Configuration DN
- Identifies the type of database that you are monitoring.
- Identifies the distinguished name that you must use as a search base to obtain these results using the ldapsearch command-line utility.
Summary Information Table
The Summary Information table provides the following information:
Table 12-5    Database Performance Monitoring - Summary Information
Performance Metric
Current Total
Indicates whether the database is currently in read-only mode. Your database is in read-only mode when the readonly attribute is set to on.
Indicates the total number of successful entry cache lookups. That is, the total number of times the server could process a search request by obtaining data from the cache rather than by going to disk.
Indicates the total number of entry cache lookups since the directory was last started. That is, the total number of search operations performed against your server since server startup.
Ratio that indicates the number of entry cache tries to successful entry cache lookups. This number is based on the total lookups and hits since the directory was last started. The closer this value is to 100% the better. Whenever a search operation attempts to find an entry that is not present in the entry cache, the directory has to perform a disk access to obtain the entry. Thus, as this ratio drops towards zero, the number of disk accesses increases and directory search performance drops.
To improve this ratio, you can increase the number of entries that the directory maintains in the entry cache by increasing the value of the "Maximum Entries in Cache" attribute. See "Tuning Database Performance," on page 430 for information on changing this value using the Server Console.
Indicates the total size of directory entries currently present in the entry cache.
Indicates the size of the entry cache maintained by the directory. This value is managed by the "Maximum Cache Size" attribute. See "Tuning Database Performance," on page 430 for information on changing this value using the Server Console.
Indicates the total number of directory entries currently present in the entry cache.
Indicates the maximum number of directory entries that can be maintained in the entry cache. This value is managed by the "Maximum Entries in Cache" attribute. See "Tuning Database Performance," on page 430 for information on changing this value using the Server Console.
Database Cache Information Table
The Database Cache Information table provides the following caching information:
Table 12-6    Database Performance Monitoring - Database Cache Information
Performance Metric
Current Total
Indicates the number of times the database cache successfully supplied a requested page. A page is a buffer of the size 2K.
Indicates the number of times the database cache was asked for a page.
Indicates the ratio of database cache hits to database cache tries. The closer this value is to 100%, the better. Whenever a directory operation attempts to find a portion of the database that is not present in the database cache, the directory has to perform a disk access to obtain the appropriate database page. Thus, as this ratio drops towards zero, the number of disk accesses increases and directory performance drops.
To improve this ratio, you can increase the amount of data that the directory maintains in the database cache by increasing the value of the "Maximum Cache Size" attribute. See "Tuning Database Performance," on page 430 for information on changing this value using the Server Console.
Indicates the number of pages read from disk into the database cache.
Indicates the number of pages written from the cache back to disk. A database page is written to disk whenever a read-write page has been modified and then subsequently deleted from the cache. Pages are deleted from the database cache when the cache is full and a directory operation requires a database page that is not currently stored in cache.
Indicates the number of read-only pages discarded from the cache to make room for new pages.
Indicates the number of read-write pages discarded from the cache to make room for new pages. This value differs from Pages Written Out in that these are discarded read-write pages that have not been modified.
Database File-Specific Table
The directory displays a table for each index file that makes up your database. Each of the tables provides the following information:
Monitoring Databases From the Command Line
You can monitor your directory's database activities from any LDAP client by performing a search operation with the following characteristics:
Search for attribute objectClass=*
For example:Search base: cn=monitor,cn=database_instance,cn=ldbm database, cn=plugins, cn=config, where database is the name of the database that you want to monitor
ldapsearch -h directory.siroe.com -s base -b "cn=monitor,cn=Siroe,cn=ldbm database,cn=plugins, cn=config" "objectclass=*"
In this example, the ldapsearch operation looks for the Siroe database. For information on searching the directory, see "Using ldapsearch," on page 504.
When you monitor your server's activities, you see the following information:
database - Identifies the type of database you are currently monitoring.
Next the following information for each file that makes up your database is displayed:readonly - Indicates whether the database is in read-only mode. 0 indicates that the server is not in read-only mode, 1 indicates that it is in read-only mode.
entrycachehits - Provides the same information as described in Entry cache hits in Table 12-5.
entrycachetries - Provides the same information as described in Entry cache tries in Table 12-5.
entrycachehitratio - Provides the same information as described in "Entry cache hit ratio" in Table 12-5.
currententrycachesize - Provides the same information as described in "Current entry cache size (in entries)" in Table 12-5.
maxentrycachesize - Provides the same information as described in "Maximum entry cache size (in entries)" in Table 12-5.
dbchehits - Provides the same information as described in Hits in Table 12-6.
dbcachetries - Provides the same information as described in Tries in Table 12-6.
dbcachehitratio - Provides the same information as described in Hit ratio in Table 12-6.
dbcachepagein - Provides the same information as described in Pages read in in Table 12-6.
dbcachepageout - Provides the same information as described in Pages written out in Table 12-6.
dbcacheroevict - Provides the same information as described in Read-only page evicts in Table 12-6.
dbcacherwevict - Provides the same information as described in Read-write page evicts in Table 12-6.
dbfilename-number - Indicates the name of the file. number provides a sequential integer identifier (starting at 0) for the file. All associated statistics for the file are given this same numerical identifier.
dbfilecachehit-number - Provides the same information as described in Cache hits in Table 12-7.
dbfilecachemiss-number - Provides the same information as described in Cache misses in Table 12-7.
dbfilepagein-number - Provides the same information as described in Pages read in in Table 12-7.
dbfilepageout-number - Provides the same information as described in Pages written out in Table 12-7.
Monitoring Database Link Activity
You can monitor the activity of your database links from the command line using the monitoring attributes. Use the ldapsearch command-line utility to return the attribute values that interest you. The monitoring attributes are stored in the following entry: cn=monitor,cn=database_link_name,cn=chaining database,cn=plugins,cn=config.For example, you can use the ldapsearch command-line utility to retrieve the number of add operations received by a particular database link called DBLink1. First, change to the directory containing the utility:
Solaris 9 platform
# cd /usr/iplanet/ds5/shared/bin Other platforms
# cd installDir/shared/bin Then, run ldapsearch as follows:
ldapsearch -h server.siroe.com -p 389 \
-D "cn=Directory Manager" -w password -s sub -b \
"cn=monitor,cn=DBLink1,cn=chaining database,cn=plugins,cn=config" \
"(objectclass=*)" nsAddCount
Note The above command should be typed on a single line. It does not appear on one line here because of page size constraints.
You can search for the following database link monitoring attributes:
Table 12-8    Database Link Monitoring Attributes
Attribute Name
Description
For more information about ldapsearch, see the iPlanet Directory Server Configuration, Command, and File Reference.
Previous Contents Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated October 29, 2001