!Monitoring eDirectory with SNMP

eDirectory has a MIB (Management Information Base) that can help you monitor events. eDirectory events can be published as SNMP traps, which can be configured dynamically. The standard SNMP format is used and as many as 119 traps are supported.

The SNMP traps provide the following statistics:
* Protocols - NLDAP and LDAP
* Cache - Usage and configuration
* Server interactions for last "N" active interactions

The MIB can be used with any third-party monitoring console.

!Installing and Configuring SNMP for eDirectory

You need to use a supported SNMP package for eDirectory On Linux, that would be ncd-snmp-4.2.1-7.rpm or later. Be sure to install the package using YaST or rpm tools.

There are three basic parts to the configuration:
* Configuring the master agent
* Configuring the sub-agent
* Dynamic configuration

!!!Configuring the Master Agent
Steps for making SNMP work:
* Create the SNMP group object: 
{{{
ndsconfig add m <modulename> -a <userFDN> For example: ndsconfig add m snmp a admin.novell
}}}

* Edit /etc/snmp/snmp.conf
** Enter the host name. For example, trapsink myserver public
** Add the following line: master agentx
* Start the master agent: {{{ /etc/init.d/snmpd start }}}

!!Controlling SNMP Master Agent
!Starting
{{{ /etc/init.d/snmpd start }}}

!Stopping
{{{ /etc/init.d/snmpd stop }}}

!Status
{{{ /etc/init.d/snmpd status }}}
!Configuring the Subagent

# Configure /etc/ndssnmp/ndssnmp.conf. If you make changes to this file, you must restart the subagent.
# Make sure the following command is used: SERVER hostname/ipaddr. Note that only the locally installed eDirectory server is supported.
# Start the sub-agent: /usr/sbin/snmpd

!Dynamic Configuration
You can use dynamic configuration at any time after the directory service is running. The command to use is:
{{{ndssnmpconfig h [hostname[:port]] p <password> a <userFDN> c <command>}}}

With dynamic configuration, you can:
* Enable and disable traps
* Set a time interval for individual traps
* Set a default time interval
* List all traps enabled for failure operations
* List traps that meet certain criteria
* Reconfigure from ndstrap.cfg

!Sub-agent and Trap Modules

The subagent module is "NOVLsubag". It is installed as part of eDirectory installation, and it is configured using /etc/ndssnmp/ndssnmp.cfg. You must include the path of the trusted root certificate file SSLKEY.

The sub-agent monitors only the server on same machine. It limits additional network traffic, and it works with the master agent that is available with OS. Note that the SNMP version is subject to the supported version of the OS. The sub-agent also requires user credentials.

The trap module is "NOVLsnmp". It can:
* Configure traps using the SNMPGroup object
* Be configured to send on failures
* Be configured to send only once in a specified time interval

To set up the trap module, use iManager or the ndssnmpcfg utility. The configuration can be shared by multiple servers.

Here is an example:
{{{
Trap number 51

ndsChangePassword	TRAP-TYPE   
			ENTERPRISE  ndsMIB
			VARIABLES  
				{
					ndsTrapTime,
					ndsEventType, 
					ndsResult,
					ndsPerpetratorName,
					ndsTransportAddress,
					ndsProcessID,
					ndsVerbNumber,
					ndsEntryName,
					ndsServerName2
	                       	}
			DESCRIPTION
                                "Changing Password"
  			::= 51
}}}

In addtion, iManager can be used ot set the SNMP Traps.

!!Start and Stopping Sub-Agent
The SNMP server module can be manually loaded and unloaded. By default, the SNMP server module loads automatically on all platforms. However, you can manually load the server module on Windows and Linux and UNIX platforms.

!Starting
Linux, Solaris, AIX, and HP-UX In the DHOST remote management page, to load the SNMP trap server click on the SNMP Trap Server for Novell eDirectory 8.8 action icon to start. 

From a terminal session, enter:
{{{
/opt/novell/eDirectory/bin/ndssnmp -l
}}}

!Stopping
Linux, Solaris, AIX, and HP-UX In the DHOST remote management page, to unload the SNMP trap server, click the SNMP Trap Server for Novell eDirectory 8.8 action icon to stop.

From a terminal session, enter:
{{{
/opt/novell/eDirectory/bin/ndssnmp -u
}}}

!!! Logs and Troubleshooting
!!Novell's SNMP Sub-Agent
Novell's Sub Agent writes to the log file:
{{{
 /var/opt/novell/eDirectory/log/ndssnmpsa.log
}}}

You can also see the loading of the module in:
{{{
/var/opt/novell/eDirectory/log/ndsd.log

Jan 05 11:56:04  Information: SNMP Trap Server for Novell eDirectory 8.8.3 v20212.87 stopped.
Jan 05 11:56:08  Information: SNMP Trap Server for Novell eDirectory 8.8.3 v20212.87 started.
}}}

!!SNMP Master Agent
You might see something in:
{{{
/var/log/message
}}}

!Relevent Links
[CoolSolutions Article|http://www.novell.com/coolsolutions/feature/14896.html]

[Novell Documentation|http://www.novell.com/documentation/edir87/index.html?page=/documentation/edir87/edir87/data/ahfuv10.html]

[SNMP support in eDirectory 8.7 for Solaris and Linux  - Frequently Asked Questions|http://www.novell.com/coolsolutions/feature/5806.html]

[Sourceforge snmp command-line tool|http://groups-beta.google.com/group/novell.support.edirectory.netware/browse_frm/thread/86e8c9cfe2bda100/000f01e9586ae1f0?q=Edir.mib&rnum=3&hl=en#000f01e9586ae1f0]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]