21.10. Monitoring Directory Server Using SNMP
21.10.1. About SNMP
21.10.2. Enabling and Disabling SNMP Support
nsSNMPEnabled
parameter to on
or off
. For example, to disable SNMP in a Directory Server instance:
# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x dn: cn=SNMP,cn=config changetype: modify replace: nsSNMPEnabled nsSNMPEnabled: on
21.10.3. Setting Parameters to Identify an Instance Using SNMP
nsSNMPOrganization
nsSNMPLocation
nsSNMPContact
nsSNMPDescription
nsSNMPLocation
parameter to Munich, Germany
:
# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x dn: cn=SNMP,cn=config changetype: modify replace: nsSNMPLocation nsSNMPLocation: Munich, Germany
21.10.4. Setting up an SNMP Agent for Directory Server
- Install the 389-ds-base-snmp and net-snmp packages:
# dnf install 389-ds-base-snmp net-snmp
- To configure the SNMP master agent, edit the
/etc/snmp/snmpd.conf
file, adding the following entry to enable the agent extensibility (AgentX) protocol:master agentx
For further details about the AgentX protocol, see RFC 2741. - To configure the SNMP subagent, edit the
/etc/dirsrv/config/ldap-agent.conf
file, adding a server parameter for each Directory Server instance you want to monitor. For example:server slapd-instance_name
- Optionally, create an SNMP user account:
- Stop the
snmpd
service:# systemctl stop snmpd
- Create the SNMP user account. For example:
# net-snmp-create-v3-user -A authentication_password -a SHA \ -X private_password -x AES user_name
For details about the parameters used in the command, see the net-snmp-create-v3-user(1) man page. - Start the
snmpd
service:# systemctl start snmpd
- Optionally, set the Directory Server descriptive properties. For details, see Section 21.10.3, “Setting Parameters to Identify an Instance Using SNMP”.
- Start the
dirsrv-snmp
service:# systemctl start dirsrv-snmp
- Optionally, to verify the configuration:
- Install the net-snmp-utils package:
# dnf install net-snmp-utils
- Query the Directory Server Object Identifiers (OID). For example:
# snmpwalk -v3 -u user_name -M /usr/share/snmp/mibs:/usr/share/dirsrv/mibs/ \ -l AuthPriv -m +RHDS-MIB -A authentication_password -a SHA -X private_password -x AES server.example.com .1.3.6.1.4.1.2312.6.1.1
21.10.5. Configuring SNMP Traps
Entity Table
, which contains information specific to the Directory Server instance, such as its name and version number. The Entity Table
is described in Section 21.10.6.3, “Entity Table”. This means that the action the master agent takes when it receives a trap is flexible, such as sending an email to an email address defined in the dsEntityContact
variable for one instance while sending a notification to a pager number in the dsEntityContact
variable for another instance.
- DirectoryServerDown. This trap is generated whenever the subagent detects the Directory Server is potentially not running. This trap will be sent with the Directory Server instance description, version, physical location, and contact information, which are detailed in the
dsEntityDescr
,dsEntityVers
,dsEntityLocation
, anddsEntityContact
variables. - DirectoryServerStart. This trap is generated whenever the subagent detects that the Directory Server has started or restarted. This trap will be sent with the Directory Server instance description, version, physical location, and contact information, which are detailed in the
dsEntityDescr
,dsEntityVers
,dsEntityLocation
, anddsEntityContact
variables.
21.10.6. Using the Management Information Base
redhat-directory.mib
stored in the /usr/share/dirsrv/mibs
directory. This MIB contains definitions for variables pertaining to network management for the directory. These variables are known as managed objects. Using the directory MIB and Net-SNMP, you can monitor your directory like all other managed devices on your network. For more information on using the MIB, see Section 21.10.4, “Setting up an SNMP Agent for Directory Server”.
Note
21.10.6.1. Operations Table
Operations Table
provides statistical information about Directory Server access, operations, and errors. Table 21.1, “Operations Table: Managed Objects and Descriptions” describes the managed objects stored in the Operations Table
of the redhat-directory.mib
file.
Table 21.1. Operations Table: Managed Objects and Descriptions
Managed Object | Description |
---|---|
dsAnonymousBinds | The number of anonymous binds to the directory since server startup. |
dsUnauthBinds | The number of unauthenticated binds to the directory since server startup. |
dsSimpleAuthBinds | The number of binds to the directory that were established using a simple authentication method (such as password protection) since server startup. |
dsStrongAuthBinds | The number of binds to the directory that were established using a strong authentication method (such as TLS or a SASL mechanism like Kerberos) since server startup. |
dsBindSecurityErrors | The number of bind requests that have been rejected by the directory due to authentication failures or invalid credentials since server startup. |
dsInOps | The number of operations forwarded to this directory from another directory since server startup. |
dsReadOps | The number of read operations serviced by this directory since application start. The value of this object will always be 0 because LDAP implements read operations indirectly using the search operation. |
dsCompareOps | The number of compare operations serviced by this directory since server startup. |
dsAddEntryOps | The number of add operations serviced by this directory since server startup. |
dsRemoveEntryOps | The number of delete operations serviced by this directory since server startup. |
dsModifyEntryOps | The number of modify operations serviced by this directory since server startup. |
dsModifyRDNOps | The number of modify RDN operations serviced by this directory since server startup. |
dsListOps | The number of list operations serviced by this directory since server startup. The value of this object will always be 0 because LDAP implements list operations indirectly using the search operation. |
dsSearchOps | The total number of search operations serviced by this directory since server startup. |
dsOneLevelSearchOps | The number of one-level search operations serviced by this directory since server startup. |
dsWholeSubtreeSearchOps | The number of whole subtree search operations serviced by this directory since server startup. |
dsReferrals | The number of referrals returned by this directory in response to client requests since server startup. |
dsSecurityErrors | The number of operations forwarded to this directory that did not meet security requirements. |
dsErrors | The number of requests that could not be serviced due to errors (other than security or referral errors). Errors include name errors, update errors, attribute errors, and service errors. Partially serviced requests will not be counted as an error. |
21.10.6.2. Entries Table
Entries Table
provides information about the contents of the directory entries. Table 21.2, “Entries Table: Managed Objects and Descriptions” describes the managed objects stored in the Entries Table
in the redhat-directory.mib
file.
Table 21.2. Entries Table: Managed Objects and Descriptions
Managed Object | Description |
---|---|
dsMasterEntries | The number of directory entries for which this directory contains the master entry. The value of this object will always be 0 (as no updates are currently performed). |
dsCopyEntries | The number of directory entries for which this directory contains a copy.The value of this object will always be 0 (as no updates are currently performed). |
dsCacheEntries | The number of entries cached in the directory. |
dsCacheHits | The number of operations serviced from the locally held cache since application startup. |
dsSlaveHits | The number of operations that were serviced from locally held replications (shadow entries). The value of this object will always be 0 . |
21.10.6.3. Entity Table
Entity Table
contains identifying information about the Directory Server instance. The values for the Entity Table
are set in cn=SNMP,cn=config
entry as described in Section 21.10.3, “Setting Parameters to Identify an Instance Using SNMP”.
Entity Table
of the redhat-directory.mib
file.
Table 21.3. Entity Table: Managed Objects and Descriptions
Managed Object | Description |
---|---|
dsEntityDescr | The description set for the Directory Server instance. |
dsEntityVers | The Directory Server version number of the Directory Server instance. |
dsEntityOrg | The organization responsible for the Directory Server instance. |
dsEntityLocation | The physical location of the Directory Server instance. |
dsEntityContact | The name and contact information for the person responsible for the Directory Server instance. |
dsEntityName | The name of the Directory Server instance. |
21.10.6.4. Interaction Table
Note
Interaction Table
is not supported by the subagent. The subagent can query the table, but it will not ever be updated with valid data.
Interaction Table
of the redhat-directory.mib
file.
Table 21.4. Interaction Table: Managed Objects and Descriptions
Managed Object | Description |
---|---|
dsIntTable | Details, in each row of the table, related to the history of the interaction of the monitored Directory Servers with their respective peer Directory Servers. |
dsIntEntry | The entry containing interaction details of a Directory Server with a peer Directory Server. |
dsIntIndex | Part of the unique key, together with applIndex , to identify the conceptual row which contains useful information on the (attempted) interaction between the Directory Server (referred to by applIndex ) and a peer Directory Server. |
dsName | The distinguished name (DN) of the peer Directory Server to which this entry belongs. |
dsTimeOfCreation | The value of sysUpTime when this row was created. If the entry was created before the network management subsystem was initialized, this object will contain a value of zero. |
dsTimeOfLastAttempt | The value of sysUpTime when the last attempt was made to contact this Directory Server. If the last attempt was made before the network management subsystem was initialized, this object will contain a value of zero. |
dsTimeOfLastSuccess | The value of sysUpTime when the last attempt made to contact this Directory Server was successful. This entry will have a value of zero if there have been no successful attempts or if the last successful attempt was made before the network management subsystem was initialized. |
dsFailuresSinceLastSuccess | The number of failures since the last time an attempt to contact this Directory Server was successful. If there has been no successful attempts, this counter will contain the number of failures since this entry was created. |
dsFailures | Cumulative failures since the creation of this entry. |
dsSuccesses | Cumulative successes since the creation of this entry. |
dsURL | The URL of the Directory Server application. |