Netscape logo Administrator's Guide
Netscape Directory Server
Previous      Contents      Index      DocHome      Next     

Chapter 13   Monitoring Directory Server Using SNMP


The server and database activity monitoring log setup described in Chapter 12 "Monitoring Server and Database Activity" is specific to Netscape Directory Server (Directory Server). You can also monitor your Directory Server using the Simple Network Management Protocol (SNMP) which is a management protocol used for monitoring network activity which can be used to monitor a wide range of devices in real time.

SNMP has become interoperable on account of its widespread popularity. It is this interoperability combined with the fact that SNMP can take on numerous jobs specific to a whole range of different device classes, that make SNMP the ideal standard mechanism for global network control and monitoring. SNMP allows network administrators to unify all network monitoring activities, with Directory Server monitoring just part of the broader picture.

This chapter contains the following topics:

About SNMP

SNMP is a protocol used to exchange data about network activity. With SNMP, data travels between a managed device and a network management station (NMS) where users remotely manage the network. A managed device is anything that runs SNMP, such as hosts, routers, and your Directory Server. An NMS is usually a powerful workstation with one or more network management applications installed. A network management application graphically shows information about managed devices (which device is up or down, which and how many error messages were received, and so on).

Information is transferred between the NMS and the managed device through the use of two types of agents: the subagent and the master agent. The subagent gathers information about the managed device and passes the information to the master agent. Directory Server has a subagent. The master agent exchanges information between the various subagents and the NMS. The master agent runs on the same host machine as the subagents it talks to.

You can have multiple subagents installed on a host machine. For example, if you have Directory Server, Netscape Enterprise Server, and Netscape Messaging Server all installed on the same host, the subagents for each of these servers communicates with the same master agent. In the Windows environment, the master agent is the SNMP service provided by the Windows operating system. In the UNIX environment, the master agent is installed with the Netscape Administration Server.

Values for SNMP attributes, otherwise known as variables, that can be queried are kept on the managed device and reported to the NMS as necessary. Each variable is known as a managed object, which is anything the agent can access and send to the NMS. All managed objects are defined in a management information base (MIB ), which is a database with a tree-like hierarchy. The top level of the hierarchy contains the most general information about the network. Each branch underneath is more specific and deals with separate network areas.

SNMP Overview

SNMP exchanges network information in the form of protocol data unit (PDUs). PDUs contain information about variables stored on the managed device. These variables, also known as managed objects, have values and titles that are reported to the NMS as necessary. Communication between an NMS and a managed device takes place in one of two ways:

NMS-Initiated Communication

NMS-initiated communication is the most common type of communication between an NMS and a managed device. In this type of communication, the NMS either requests information from the managed device or changes the value of a variable stored on the managed device.

These are the steps that make up an NMS-initiated SNMP session:

  1. The NMS determines which managed devices and objects need to be monitored.
  2. The NMS sends a protocol data unit to the managed device's subagent through the master agent. This protocol data unit either requests information from the managed device or tells the subagent to change the values for variables stored on the managed device.
  3. The subagent for the managed device receives the protocol data unit from the master agent.
  4. If the protocol data unit from the NMS is a request for information about variables, the subagent gives information to the master agent and the master agent sends it back to the NMS in the form of another protocol data unit. The NMS then displays the information textually or graphically.
    5. If the protocol data unit from the NMS requests that the subagent set variable values, the subagent sets these values.
     

Managed Device-Initiated Communication

This type of communication occurs when the managed device needs to inform the NMS of an event that has occurred. A managed device initiates communication with an NMS to inform the NMS of a shut down or start up. Communication initiated by a managed device is also known as a trap. Directory Server sends a trap to the NMS whenever the Directory Server starts or stops.

These are the steps that make up a managed device-initiated SNMP session:

  1. An event occurs on the managed device.
  2. The subagent informs the master agent of the event.
  3. The master agent sends a PDU to the NMS to inform the NMS of the event.
  4. The NMS displays the information textually or graphically.

Overview of the Directory Server Management Information Base

Each Netscape server has its own MIB. The Directory Server's MIB is a file called netscape-ldap.mib. This MIB contains definitions for variables pertaining to network management for the directory. These variables are known as managed objects. Using the directory MIB and network management software, such as HP OpenView, you can monitor your directory like all other managed devices on your network.

The directory MIB has the following object identifier:

iso.org.dod.internet.private.enterprises.netscape.nsldap (nsldapd OBJECT IDENTIFIER ::= { 1.3.6.1.4.1.1450.7 })

The object identifier is located in this directory:

serverRoot/plugins/snmp

You can see administrative information about your directory and monitor the server in real-time using the directory MIB. The directory MIB is broken into three distinct tables of managed objects:

For information on how to compile MIBs, see your SNMP product documentation. The following sections describe each table in detail.

Operations Table

The Operations Table provides statistical information about Directory Server access, operations, and errors. Table 13-1 describes the managed objects stored in the Operations Table of the netscape-ldap.mib file.


Table 13-1    Operations Table - Managed Objects and Descriptions  


Managed Object

Description

dsAnonymousBinds

The number of anonymous binds to the directory since server startup.

dsUnauthBinds

The number of unauthenticated binds to the directory since server startup.

dsSimpleAuthBinds

The number of binds to the directory that were established using a simple authentication method (such as password protection) since server startup.

dsStrongAuthBinds

The number of binds to the directory that were established using a strong authentication method (such as SSL or an SASL mechanism like Kerberos) since server startup.

dsBindSecurityErrors

The number of bind requests that have been rejected by the directory due to authentication failures or invalid credentials since server startup.

dsInOps

The number of operations forwarded to this directory from another directory since server startup.

dsReadOps

The number of read operations serviced by this directory since application start. The value of this object will always be 0 because LDAP implements read operations indirectly via the search operation.

dsCompareOps

The number of compare operations serviced by this directory since server startup.

dsAddEntryOps

The number of add operations serviced by this directory since server startup.

dsRemoveEntryOps

The number of delete operations serviced by this directory since server startup.

dsModifyEntryOps

The number of modify operations serviced by this directory since server startup.

dsModifyRDNOps

The number of modify RDN operations serviced by this directory since server startup.

dsListOps

The number of list operations serviced by this directory since server startup. The value of this object will always be 0 because LDAP implements list operations indirectly via the search operation.

dsSearchOps

The total number of search operations serviced by this directory since server startup.

dsOneLevelSearchOps

The number of one-level search operations serviced by this directory since server startup.

dsWholeSubtreeSearchOps

The number of whole subtree search operations serviced by this directory since server startup.

dsReferrals

The number of referrals returned by this directory in response to client requests since server startup.

dsSecurityErrors

The number of operations forwarded to this directory that did not meet security requirements.

dsErrors

The number of requests that could not be serviced due to errors (other than security or referral errors). Errors include name errors, update errors, attribute errors, and service errors. Partially serviced requests will not be counted as an error.



Entries Table

The Entries Table provides information about the contents of the directory entries. Table 13-2 describes the managed objects stored in the Entries Table in the netscape-ldap.mib file.


Table 13-2    Entries Table - Managed Objects and Descriptions  


Managed Object

Description

dsMasterEntries

The number of directory entries for which this directory contains the master entry. The value of this object will always be 0 (as no updates are currently performed).

dsCopyEntries

The number of directory entries for which this directory contains a slave copy. The value of this object will always be 0 (as no updates are currently performed).

dsCacheEntries

The number of entries cached in the directory.

dsCacheHits

The number of operations serviced from the locally held cache since application startup.

dsSlaveHits

The number of operations that were serviced from locally held replications (shadow entries). The value of this object will always be 0.



Interaction Table

The Interaction Table provides statistical information about the interaction of this Directory Server with peer Directory Servers. This table:

Table 13-3 describes the managed objects stored in the Interaction Table of the netscape-ldab.mib file.


Table 13-3    Interaction Table - Managed Objects and Descriptions  


Managed Object

Description

dsIntTable

Each row of this table contains some details related to the history of the interaction of the monitored Directory Servers with their respective peer Directory Servers.

dsIntEntry

The entry containing interaction details of a Directory Server with a peer Directory Server.

dsIntIndex

Together with applIndex it forms the unique key to identify the conceptual row which contains useful information on the (attempted) interaction between the Directory Server (referred to by applIndex) and a peer Directory Server.

dsName

The distinguished name (DN) of the peer Directory Server to which this entry belongs.

dsTimeOfCreation

The value of sysUpTime when this row was created. If the entry was created before the network management subsystem was initialized, this object will contain a value of zero.

dsTimeOfLastAttempt

The value of sysUpTime when the last attempt was made to contact this Directory Server. If the last attempt was made before the network management subsystem was initialized, this object will contain a value of zero.

dsTimeOfLastSuccess

The value of sysUpTime when the last attempt made to contact this Directory Server was successful. This entry will have a value of zero if there have been no successful attempts or if the last successful attempt was made before the network management subsystem was initialized.

dsFailuresSinceLastSuccess

The number of failures since the last time an attempt to contact this Directory Server was successful. If there has been no successful attempts, this counter will contain the number of failures since this entry was created.

dsFailures

Cumulative failures since the creation of this entry.

dsSuccesses

Cumulative successes since the creation of this entry.

dsURL

The URL of the Directory Server application.



Setting Up SNMP

The steps for configuring SNMP monitoring for your directory depend on whether you run your directory on Windows or UNIX. This section contains the following procedures :

Setting Up SNMP on Windows

To set up SNMP support for Directory Server on a Windows machine:

  1. Install the SNMP service on your Windows server.
    2. Refer to your Windows operating system documentation for instructions.
     
  2. Enable Directory Server statistics collection.
    3. See "Configuring SNMP for the Directory Server" for information.
     
  3. Restart the Windows SNMP service.
    4. See "Starting and Stopping the SNMP Service on Windows" for information.
     

Setting Up SNMP on UNIX

To set up SNMP support for your Directory Server on a UNIX machine:

  1. Configure and start the master agent using the Administration Server Console.
    2. If you are using the default port settings (161 for SNMP and 199 for SMUX) then you need to be root user. If you reconfigure the master agent configuration and have ports with values higher than 1000, then it is not necessary to be root user.
     
    For information on setting up the master agent, refer to Managing Servers with Netscape Console.
     
  2. On AIX machines, configure the AIX SNMP Daemon.
    3. See "Configuring the AIX SNMP Daemon" for information.
     
  3. Enable the directory subagent.
    4. See "Configuring SNMP for the Directory Server" for information.
     
  4. Start the directory subagent.
    5. See "Starting and Stopping the SNMP Subagent on UNIX" for information.
     

Configuring the AIX SNMP Daemon

If your SNMP daemon is running on AIX, it supports SMUX. For this reason, you do not need to install a master agent. However, you need to change the AIX SNMP daemon configuration.

AIX uses several configuration files to filter its communications. One of them, snmpd.conf, needs to be changed so that the SNMP daemon accepts the incoming messages from the SMUX subagent. For more information, see the online manual page for snmpd.conf. You need to add a line to define each subagent.

For example, you might add this line to the snmpd.conf:

smux 1.3.6.1.4.1.1.1450.7 "" IP_address net_mask

where IP_address is the IP address of the host the subagent is running on, and net_mask is the network mask of the host.

Note  

Do not use the loopback address 127.0.0.1; use the real IP address instead.



If you need more information, see your related system documentation.

Starting and Stopping the SNMP Subagent on UNIX

To start, stop, and restart the SNMP subagent for a directory running on UNIX:

  1. In the Directory Server Console, select the Configuration tab and then select the top most entry in the navigation tree in the left pane.
  2. Select the SNMP tab in the right pane.
  3. Click Start to start the subagent, click Stop to stop the subagent, or click Restart to restart the subagent.
    4. Stopping the directory does not stop the directory subagent. If you want to stop the subagent, you must do so from this tab.
     

    Note  

    If you add another server instance and you want the instance to be part of the SNMP network, you must restart the subagent. (On Solaris, you can only monitor one Directory Server instance at a time with SNMP).



Starting and Stopping the SNMP Service on Windows

It is important to note that the master agent on Windows is the SNMP Service and not the SNMP subagent as is the case on other platforms. The SNMP Service is installed and configured via the Windows control panel. For a directory running on Windows, the SNMP subagent is a DLL which the SNMP service invokes, and it is by using the information stored in the registry that the SNMP Service knows which subagent to load.

To start, stop and restart the SNMP subagent for a directory running on Windows:

  1. Open the Control Panel and select Services.
  2. Select SNMP from the Service list.
  3. Click Start to start the SNMP Service, click Stop to stop the SNMP Service, or click Stop then Start to restart the SNMP Service.
    4. Stopping the directory does not stop the directory subagent. If you want to stop the subagent, you must do so from the Control Panel.
     

    Note  

    If you add another server instance and you want the instance to be part of the SNMP network, you must restart the subagent.



Configuring SNMP for the Directory Server

To configure SNMP settings from the Directory Server Console:

  1. Make sure the Directory Server is running.
  2. In the Directory Server Console, select the Configuration tab and then select the topmost entry in the navigation tree in the left pane.
  3. Select the SNMP tab in the right pane.
  4. Select the "Enable Statistics Collection" checkbox to enable Directory Server statistics collection. Clear the checkbox to disable it.
  5. For UNIX servers, enter the hostname on which the master agent resides and the port number used to communicate with the master agent in the Master Host and Master Port text boxes.

    6. Note  

    The hostname and port number are required.



    The defaults are localhost and 199 respectively.
     
  6. Enter a description that uniquely describes the directory instance in the Description text box.
  7. Type the name the company or organization to which the directory belongs in the Organization text box.
  8. Type the location within the company or organization where the directory resides in the Location text box.
  9. Type the email address of the person responsible for maintaining the directory in the Contact text box.
  10. Click Save.
  11. Restart the subagent (UNIX), or restart the SNMP service (Windows).
    12. See "Starting and Stopping the SNMP Subagent on UNIX" or "Starting and Stopping the SNMP Service on Windows" for information as appropriate.
     


Previous      Contents      Index      DocHome      Next     

© 2001 Sun Microsystems, Inc. Portions copyright 1999, 2002-2003 Netscape Communications Corporation. All rights reserved.
Read the Full Copyright and Thrid-Party Acknowledgments.


Last Updated October 30, 2003