Monitoring eDirectory with SNMP#

eDirectory has a MIB (Management Information Base) that can help you monitor events. eDirectory events can be published as SNMP traps, which can be configured dynamically. The standard SNMP format is used and as many as 119 traps are supported.

The SNMP traps provide the following statistics:

  • Protocols - NLDAP and LDAP
  • Cache - Usage and configuration
  • Server interactions for last "N" active interactions

The MIB can be used with any third-party monitoring console.

Installing and Configuring SNMP for eDirectory#

You need to use a supported SNMP package for eDirectory On Linux, that would be ncd-snmp-4.2.1-7.rpm or later. Be sure to install the package using YaST or rpm tools.

There are three basic parts to the configuration:

  • Configuring the master agent
  • Configuring the sub-agent
  • Dynamic configuration

Configuring the Master Agent#

Steps for making SNMP work:
  • Create the SNMP group object:
ndsconfig add m <modulename> -a <userFDN> For example: ndsconfig add m snmp a admin.novell
  • Edit /etc/snmp/snmp.conf
    • Enter the host name. For example, trapsink myserver public
    • Add the following line: master agentx
  • Start the master agent: /etc/init.d/snmpd start

Controlling SNMP Master Agent#

Starting#

 /etc/init.d/snmpd start 

Stopping#

 /etc/init.d/snmpd stop 

Status#

 /etc/init.d/snmpd status 

Configuring the Subagent#

  1. Configure /etc/ndssnmp/ndssnmp.conf. If you make changes to this file, you must restart the subagent.
  2. Make sure the following command is used: SERVER hostname/ipaddr. Note that only the locally installed eDirectory server is supported.
  3. Start the sub-agent: /usr/sbin/snmpd

Dynamic Configuration#

You can use dynamic configuration at any time after the directory service is running. The command to use is:
ndssnmpconfig h [hostname[:port]] p <password> a <userFDN> c <command>

With dynamic configuration, you can:

  • Enable and disable traps
  • Set a time interval for individual traps
  • Set a default time interval
  • List all traps enabled for failure operations
  • List traps that meet certain criteria
  • Reconfigure from ndstrap.cfg

Sub-agent and Trap Modules#

The subagent module is "NOVLsubag". It is installed as part of eDirectory installation, and it is configured using /etc/ndssnmp/ndssnmp.cfg. You must include the path of the trusted root certificate file SSLKEY.

The sub-agent monitors only the server on same machine. It limits additional network traffic, and it works with the master agent that is available with OS. Note that the SNMP version is subject to the supported version of the OS. The sub-agent also requires user credentials.

The trap module is "NOVLsnmp". It can:

  • Configure traps using the SNMPGroup object
  • Be configured to send on failures
  • Be configured to send only once in a specified time interval

To set up the trap module, use iManager or the ndssnmpcfg utility. The configuration can be shared by multiple servers.

Here is an example:

Trap number 51

ndsChangePassword	TRAP-TYPE   
			ENTERPRISE  ndsMIB
			VARIABLES  
				{
					ndsTrapTime,
					ndsEventType, 
					ndsResult,
					ndsPerpetratorName,
					ndsTransportAddress,
					ndsProcessID,
					ndsVerbNumber,
					ndsEntryName,
					ndsServerName2
	                       	}
			DESCRIPTION
                                "Changing Password"
  			::= 51

In addtion, iManager can be used ot set the SNMP Traps.

Start and Stopping Sub-Agent#

The SNMP server module can be manually loaded and unloaded. By default, the SNMP server module loads automatically on all platforms. However, you can manually load the server module on Windows and Linux and UNIX platforms.

Starting#

Linux, Solaris, AIX, and HP-UX In the DHOST remote management page, to load the SNMP trap server click on the SNMP Trap Server for Novell eDirectory 8.8 action icon to start.

From a terminal session, enter:

/opt/novell/eDirectory/bin/ndssnmp -l

Stopping#

Linux, Solaris, AIX, and HP-UX In the DHOST remote management page, to unload the SNMP trap server, click the SNMP Trap Server for Novell eDirectory 8.8 action icon to stop.

From a terminal session, enter:

/opt/novell/eDirectory/bin/ndssnmp -u

Logs and Troubleshooting#

Novell's SNMP Sub-Agent#

Novell's Sub Agent writes to the log file:
 /var/opt/novell/eDirectory/log/ndssnmpsa.log

You can also see the loading of the module in:

/var/opt/novell/eDirectory/log/ndsd.log

Jan 05 11:56:04  Information: SNMP Trap Server for Novell eDirectory 8.8.3 v20212.87 stopped.
Jan 05 11:56:08  Information: SNMP Trap Server for Novell eDirectory 8.8.3 v20212.87 started.

SNMP Master Agent#

You might see something in:
/var/log/message
CoolSolutions Article

Novell Documentation

SNMP support in eDirectory 8.7 for Solaris and Linux - Frequently Asked Questions

Sourceforge snmp command-line tool

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-8) was last changed on 31-Jan-2012 14:08 by jim