Chapter 28 Directory Proxy Server Monitoring and Alerts

Monitoring detects failure of Directory Proxy Server and of data sources.

For a description of the monitoring framework for Directory Proxy Server, and for a detailed layout of the cn=monitor entry, see Monitoring Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.2 Reference. This chapter covers the following topics:

• Retrieving Monitored Data About Directory Proxy Server

• Retrieving Monitored Data About Data Sources

• Configuring Administrative Alerts for Directory Proxy Server

• Retrieving Monitored Data About Directory Proxy Server by Using the JVM

Retrieving Monitored Data About Directory Proxy Server

To retrieve monitored data about Directory Proxy Server, use the cn=monitor entry. This entry is managed by Directory Proxy Server in a local, in-memory database. You can retrieve attributes under cn=monitor by performing an LDAP search on the cn=monitor entry. You must bind as the Proxy Manager to search this entry.

For information about using the JVM to retrieve monitored data, see Retrieving Monitored Data About Directory Proxy Server by Using the JVM.

Retrieving Monitored Data About Data Sources

For a description of how Directory Proxy Server monitors the health of data sources, see Monitoring Data Sources in Sun Java System Directory Server Enterprise Edition 6.2 Reference. This section describes how to configure the monitoring of data sources.

To Monitor a Data Source by Listening for Errors

In this type of monitoring, Directory Proxy Server listens for errors on the traffic between Directory Proxy Server and the data sources. This type of monitoring is called reactive monitoring because Directory Proxy Server reacts if an error is detected, but does not actively test data sources.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

1. Set the monitoring mode for the data source to reactive.

   $ dpconf set-ldap-data-source-prop -h host -p port datasource monitoring-mode:reactive

2. Configure an alert to be sent when an error is detected or when a data source goes offline or online, as described in Configuring Administrative Alerts for Directory Proxy Server.

To Monitor a Data Source by Periodically Establishing Dedicated Connections

Directory Proxy Server creates a dedicated connection to a data source if there have been no requests to or responses from the data source for a specified interval.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

1. Set the monitoring mode for the data source to proactive.

   $ dpconf set-ldap-data-source-prop -h host -p port datasource monitoring-mode:proactive

2. Set the maximum time for which Directory Proxy Server detects no activity from a data source before establishing a dedicated connection.

   $ dpconf set-ldap-data-source-prop -h host -p port datasource \ monitoring-inactivity-timeout:time

   By default, the inactivity timeout is 120 seconds.

3. Configure an alert to be sent when a data source is detected as offline or online, as described in Configuring Administrative Alerts for Directory Proxy Server.

To Monitor a Data Source by Testing Established Connections

In this type of monitoring, Directory Proxy Server performs a search on each connection to each data source at a regular interval. In this way, Directory Proxy Server detects closed connections and prevents connections from being dropped because of inactivity.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

1. Set the monitoring mode for the data source to proactive.

   $ dpconf set-ldap-data-source-prop -h host -p port datasource monitoring-mode:proactive

2. Configure the monitoring search request that is performed by Directory Proxy Server.

   $ dpconf set-ldap-data-source-prop -h host -p port datasource \ monitoring-bind-timeout:timeout monitoring-entry-dn:dn \ monitoring-search-filter:filter monitoring-entry-timeout:timeout

   The following properties are used in the search request:

   monitoring-bind-timeout

   The length of time that Directory Proxy Server waits to establish a connection to the data source. By default, the value of this property is 5 seconds.

   monitoring-entry-dn

   The DN of the target entry in the search request. By default, this property is the root DSE entry ("").

   monitoring-search-filter

   The search filter.

   monitoring-entry-timeout

   The length of time that Directory Proxy Server waits for the search response. By default, the value of this property is 5 seconds.

3. Set the polling interval.

   $ dpconf set-ldap-data-source-prop -h host -p port datasource monitoring-interval:interval

   If a connection is down, Directory Proxy Server polls the connection at this interval to detect its recovery. By default, the monitoring interval is 30 seconds.

4. Configure an alert to be sent when a data source is detected as offline or online, as described in Configuring Administrative Alerts for Directory Proxy Server.

Configuring Administrative Alerts for Directory Proxy Server

For information about how to configure administrative alerts, see the following procedures.

To Enable Administrative Alerts

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

1. View the enabled alerts.

   % dpconf get-server-prop -h host -p port enabled-admin-alerts

2. Enable one or more administrative alerts.

   % dpconf set-server-prop -h host -p port enabled-admin-alerts:alert1 \ [enabled-admin-alerts:alert2 ...]

   For example, to enable all available alerts, run this command:

   % dpconf set-server-prop -h host -p port \ enabled-admin-alerts:error-configuration-reload-failure-with-impact \ enabled-admin-alerts:error-server-shutdown-abrupt \ enabled-admin-alerts:info-configuration-reload \ enabled-admin-alerts:info-data-source-available \ enabled-admin-alerts:info-server-shutdown-clean \ enabled-admin-alerts:info-server-startup \ enabled-admin-alerts:warning-configuration-reload-failure-no-impact \ enabled-admin-alerts:warning-data-source-unavailable \ enabled-admin-alerts:warning-data-sources-inconsistent \ enabled-admin-alerts:warning-listener-unavailable

   To disable all alerts, run this command:

   % dpconf set-server-prop -h host -p port enabled-admin-alerts:none

   To add an alert to an existing list of enabled alerts, run this command:

   % dpconf set-server-prop -h host -p port enabled-admin-alerts+:alert-name

   To remove an alert from an existing list of enabled alerts, run this command:

   % dpconf set-server-prop -h host -p port enabled-admin-alerts-:alert-name

   By default, no alerts are enabled.

See Also

For more information, see enabled-admin-alerts(5dpconf).

To Configure Administrative Alerts to Be Sent to Syslog

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

1. Select the alerts that will be sent to the syslog daemon, as described in To Enable Administrative Alerts.

2. Enable alerts to be sent to the syslog daemon.

   $ dpconf set-server-prop -h host -p port syslog-alerts-enabled:true

   All alerts are sent to the syslog with the facility of USER.

3. Set the host name of the syslog daemon to which alerts are to be sent.

   $ dpconf set-server-prop -h host -p port syslog_hostname:hostname

To Configure Administrative Alerts to Be Sent to Email

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

1. Select the alerts that will be sent to the syslog, as described in To Enable Administrative Alerts.

2. Configure the address and characteristics of the email.

   $ dpconf set-server-prop -h host -p port email-alerts-smtp-host:host-name \ email-alerts-smtp-port:port-number \ email-alerts-message-from-address:sender-email-address \ email-alerts-message-to-address:receiver-email-address \ [email-alerts-message-to-address:receiver-email-address ...] \ email-alerts-message-subject:email-subject

3. Enable alerts to be sent to email.

   $ dpconf set-server-prop -h host -p port email-alerts-enabled:true

4. (Optional) Set a flag to include the alert code in the email

   $ dpconf set-server-prop -h host -p port \ email-alerts-message-subject-includes-alert-code:true

To Configure Administrative Alerts to Run a Script

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

1. Select the alerts that will be sent to the syslog, as described in To Enable Administrative Alerts.

2. Enable alerts to run a script.

   $ dpconf set-server-prop -h host -p port scriptable-alerts-enabled:true

3. Set the name of the script that will be run.

   $ dpconf set-server-prop -h host -p port scriptable-alerts-command:script-name

Retrieving Monitored Data About Directory Proxy Server by Using the JVM

Directory Proxy Server runs inside a Java Virtual Machine (JVM) and depends on the memory of the JVM machine. To ensure that Directory Proxy Server is running correctly, you must monitor the memory consumption of the JVM machine.

For information about how to tune parameters for the JVM machine, see Hardware Sizing For Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.2 Deployment Planning Guide.

By default, the heap size of the JVM machine is 250 Mbytes. If Directory Proxy Server does not have enough physical memory, the heap size might be less than 250 Mbytes.

When Directory Proxy Server is running, you can monitor the heap size of the JVM machine to ensure that it is not running out of memory. To do this, use the standard tools delivered with the Java Development Kit (JDK). These tools are located in these directories: $JAVA_HOME/bin/jps and $JAVA_HOME/bin/jstat.

To View the Heap Size of the JVM

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

1. View the heap size of JVM.

   $ dpadm get-flags instance-path jvm-args jvm-args: -Xms250M -Xmx250M

To Monitor the Heap Size of JVM When Directory Proxy Server is Running

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

1. View the PID of your instance of Directory Proxy Server.

   $ jps

2. View the memory used by the JVM machine.

   $ jstat -gcutil PID

   • If the zero column is near to 100%, the JVM machine does not have enough memory.

   • FGC is the number of full garbage collection (GC) events. Garbage collection is expansive.

   • GCT (garbage collection time) is the amount of time spent by the GC.