This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
NDSTRACE Examples
NDSTRACE Examples

Version management

Difference between version and

At line 1 added 316 lines
!!! Overview
Some not as well known [Examples] for using the [Ndstrace] command. (Almost a [Cheat Sheet])
[{TableOfContents}]
!!! Basics
* "exit" will get you out of the screen.
! Load [ndstrace] in the UI/[Curses] mode.
{{{ndstrace }}}
! Using [ndstrace] in the [Command-line] mode
Load ndstrace in the command line mode, directing output to a file in the background. You can execute the command, tail -f file, from any terminal, to view the messages.
{{{ndstrace -l > /tmp/ndstrace.log &
or
ndstrace -l >> /dev/null &
}}}
To Exit [command-line] process use
{{{
ndstrace -u
}}}
! Using with [EDirectory Multiple Instance]
When using Multiple Instances, use the --config-file parameter.
{{{
ndstrace -c connections --config-file /data/nds/int/nds.conf
}}}
!! Unload IDM ([Vrdim])
%%warning
NOT Recommended to perform this without Novell Support Involved!
%%
To completely unload and load [DirXML] (Linux and Solaris):
We recently verified this still works in 3.6.1
{{{
ndstrace -c "unload vrdim"
ndstrace -c "load vrdim"
}}}
Of it running [EDirectory Multiple Instance] or a custom setup:
{{{
ndstrace -c "load vridm' --config-file /data/nds/idv/nds.conf
}}}
!! Show [NDS Threads] information
Here are a few more useful ndstrace commands (Linux and Solaris):
{{{
# ndstrace -c threads
Thread Pool Information
Summary : Spawned 24, Died 0
Pool Workers : Idle 8, Total 24, Peak 24
Ready Work : Current 1, Peak 5, maxWait 112425 us
Sched delay : Min 3314 us, Max 1022572 us, Avg: 727965 us
Waiting Work : Current 14, Peak 17
}}}
!! View Server [NDS Connection State]
To Find The Number of Connections to Server\\
! Good one-liner
Provides the [IP Address] and [UserId] for each connection.
{{{
ndstrace -c connections --config-file /data/nds/item/nds.conf|grep -E 'uniqueID|CN'|awk -F '[:=]' '{print $2 " "$4}'|sort|uniq -u
10.92.231.2 jwilleke
...
}}}
We then took the output of that file and used a [bash] script to obtain the [Domain Name System]:
%%prettify
{{{
#!/bin/bash
IPLIST="/home/jwilleke/tt.txt"
ndstrace -c connections --config-file /data/nds/unix/nds.conf|grep -E 'uniqueID|CN'|awk -F '[:=]' '{print $2 " "$4}'|sort|uniq -u > $IPLIST
while IFS='' read -r line || [[ -n "$line" ]]; do
# echo "Text read from file: $line"
ipx=`echo $line|cut -d' ' -f1`
uidName=`echo $line|cut -d' ' -f2`
#echo "$ipx"
domain=$(dig -x $ipx +short | head -1)
echo -e "$domain,$ipx,$uidName" >>t.txt
done < "$IPLIST"
}}}
/%
! 8.7.3.x
{{{
# ndstrace -c connections
Connection Table Information:
Allocated Connections: 64
1 VALID|AUTHEN tcp:10.129.110.80:39083 .UNKNOWN.svr.[Directory-Info.com].net
2 VALID tcp:10.129.110.80:39087
3 VALID|AUTHEN tcp:10.129.110.80:39088 .UNKNOWN.svr.[Directory-Info.com].net
4 VALID|AUTHEN tcp:10.129.110.80:39089 .UNKNOWN.svr.[Directory-Info.com].net
5 VALID|AUTHEN tcp:10.129.110.80:39090 .UNKNOWN.svr.[Directory-Info.com].net
6 VALID|AUTHEN tcp:10.129.110.80:39093 .UNKNOWN.svr.[Directory-Info.com].net
7 VALID tcp:10.129.110.80:39107
8 VALID tcp:10.129.110.80:39108
9 VALID tcp:10.129.110.80:39109
...
30 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
31 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
32 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
33 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
34 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
35 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
36 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
37 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
}}}
The connection showing "Local Connection" are LDAP connections. Those showing "TCP:..." are NCP connections.
! Different with 8.8.X
With 8.81 we see:
{{{
ndstrace -c connections
[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: francis.dc=svr.dc=willeke.dc=com.WILLEKETREE
Connection Table Information:
Allocated Connections: 64
1 VALID|AUTHEN tcp:192.168.1.4:33430 .francis.svr.willeke.com
2 VALID|AUTHEN tcp:192.168.1.4:33431 .francis.svr.willeke.com
3 VALID|AUTHEN tcp:192.168.1.4:33432 .anonymous.administration.willeke.com
4 VALID tcp:192.168.1.4:33434
5 VALID|AUTHEN tcp:192.168.1.4:43630 .admin.administration.willeke.com
6 VALID tcp:192.168.1.4:33436
7 VALID|AUTHEN tcp:192.168.1.4:45004 .admin.administration.willeke.com
8 VALID tcp:192.168.1.4:45007
9 VALID|AUTHEN tcp:192.168.1.2:1205 .SH.svr.willeke.com
10 VALID tcp:192.168.1.2:1206
13 VALID tcp:192.168.1.4:33450
}}}
Which is more depressing as the LDAP connections are shown only by the server IP address.
!! To see LDAP IP Connections try:
{{{
netstat -a|grep ldap
tcp 0 0 *:ldap *:* LISTEN
tcp 0 0 *:ldaps *:* LISTEN
tcp 0 0 francis.svr.willek:ldap 192.168.1.121:ratio-adp ESTABLISHED
tcp 0 0 francis.svr.wille:ldaps 192.168.:isoipsigport-2 ESTABLISHED
}}}
This will show the IP Addresses via LDAP to a Solaris or Linux server.
The *:ldap and *:ldaps shows that the server is listening for connections for LDAP and LDAPS.
Currently there is no method we are aware to see both the userid and the IP Address for connections via LDAP.
!! To Show [NDS Modules|Ndsmodules.conf] loaded
{{{
# ndstrace -c modules
[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: francis.dc=svr.dc=wil
leke.dc=com.WILLEKETREE
snmpinst Not Loaded
snmp-0 Not Loaded
repair Not Loaded
pkiinst Not Loaded
nmasldap Running
nmasinst Not Loaded
ndsinfo Not Loaded
ndsclone Not Loaded Directory Clone Agent For Novell eDirect
ory 8.8 SP1
merge Not Loaded
lsss Running
ldapxs Running
krbpwd Not Loaded
dstrace Not Loaded Trace For Novell eDirectory 8.8 SP1
dsr Not Loaded
dsi Not Loaded
dsbk Not Loaded
backupcr Running
auditds Running
ssncp Running
pkiserver Running Novell Certificate Server
sasl Running [ nldap ]
statuslg Running [ embox ]
embox Running eDirectory Management Tool Box Engine
sss Running [ ssldp ssncp ]
ssldp Running [ nldap ]
spmdclnt Running
nmas Running [ sasl ]
imon Running NDS iMonitor 2.4 for Novell eDirectory v20111.59
nldap Running LDAP Agent for Novell eDirectory 8.8 SP1
hconserv Running HTTP Console Server For Novell eDirectory 8.8 SP
1
snmp Running SNMP Trap Server for Novell eDirectory 8.8.1
gams Running Graded Authentication Management Service
niciext Running SDI/SASDFM Transport Service
httpstk Running HTTP Protocol Stack For Novell eDirectory 8.8 SP
1 [ nds hconserv imon embox ]
nds Running Directory Agent For Novell eDirectory 8.8 SP1
masv Running Mandatory Access Control Service [ gams ]
dsloader Running Loader Services For Novell eDirectory 8.8 SP1 [
httpstk hconserv nldap ]
dhlog Running DHost message logging module for Novell eDirecto
ry 8.8 SP1
ncpengine Running NCP Protocol Stack For Novell eDirectory 8.8 SP1
ndsd Running Novell eDirectory 8.8 SP1 Host Environment
}}}
!! Operations when command line
These commands will setup ndstrace to watch LDAP only:
{{{
ndstrace -l > /tmp/ndstrace.log &
ndstrace -c 'set dstrace=nodebug'
ndstrace -c 'set ndstrace=FILE ON'
ndstrace -c 'set ndstrace=*R'
ndstrace -c 'dstrace +time +tags +ldap'
less /tmp/ndstrace.log
}}}
For [EDirectory Multiple Instances] this may work.
%%prettify
{{{
ndstrace -l --config-file /data/nds/ext/nds.conf > /data/nds/ext/097-ndstrace.log &
ndstrace -c 'set dstrace=nodebug' --config-file /data/nds/ext/nds.conf
ndstrace -c 'set ndstrace=FILE ON' --config-file /data/nds/ext/nds.conf
ndstrace -c 'set ndstrace=*R' --config-file /data/nds/ext/nds.conf
ndstrace -c 'dstrace +time +tags +ldap' --config-file /data/nds/ext/nds.conf
}}} /%
These commands will setup ndstrace to watch DirXML only:
{{{
ndstrace -l > /tmp/ndstrace.log &
ndstrace -c 'set dstrace=nodebug'
ndstrace -c 'set ndstrace=FILE ON'
ndstrace -c 'set ndstrace=*R'
ndstrace -c 'dstrace +time +tags +dvrs'
less /tmp/ndstrace.log
}}}
These commands will setup ndstrace to check synchronization:
{{{
ndstrace -l > /tmp/ndstrace.log &
ndstrace -c 'set dstrace=nodebug'
ndstrace -c 'set ndstrace=FILE ON'
ndstrace -c 'dstrace +SKLK'
ndstrace -c 'set ndstrace=*H'
less /tmp/ndstrace.log |grep 'All processed = '
}}}
If there are no errors, all lines will display 'All Processed = Yes.'
These commands will setup ndstrace to check SCHEMA synchronization:
{{{
ndstrace -l > /tmp/ndstrace.log &
ndstrace -c 'set dstrace=nodebug'
ndstrace -c 'set ndstrace=FILE ON'
ndstrace -c 'dstrace +SCMA'
ndstrace -c 'dstrace +SCMD'
ndstrace -c 'set ndstrace=*SS'
less /tmp/ndstrace.log
}}}
If there are no errors, all lines will display 'All Processed = Yes.'
To Exit command-line process use
{{{
ndstrace -u
}}}
!! [LDAP] Trace Only
Chain commands to get what you want. This turns the screen on, all traces off and then turns LDAP on
{{{
ndstrace; ndstrace file on;set ndstrace =NODEBUG;set ndstrace =+LDAP
}}}
!! [ndstrace]
! Enable skulker messages
Enables skulker messages, and schedules the replica synchronization process to start immediately on the server.
{{{ndstrace -c "ndstrace +sklk; set ndstrace=*h"}}}
! [NMAS] Trace
For NMAS changes on a server:
http://www.novell.com/support/viewContent.do?externalId=3815371
! [Force Immediate Synchronization]
You can [Force Immediate Synchronization] with [ndstrace].
!! ndstrace.log
Refer to the /var/nds/ndstrace.log file for more information.
! Turn File [logging] On
{{{ndstrace; ndstrace file on}}}
! Set the log file size:
{{{set ndstrace=*M<size_in_bytes>}}}
! Reset Log file:
{{{set ndstrace=*R}}}
!! Checking [NDS Obituaries]
{{{
ndsrepair -C -Ad -A
}}}
!! Add more [Examples]
If you know of some ndstrace command that you found useful, please post it!
!! Category
%category [eDirectory]%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop