Chapter 1. Monitoring Directory Server activity

The Red Hat Directory Server tracks and records performance data using performance counters and directory server logs.

Performance counters provide a measurement of the Directory Server performance. Performance counters focus on the operations and information of the Directory Server, configured databases, and database links (chaining databases).

The directory server logs provide diagnosis to problem areas with server and LDAP operations and configuration. Following are the three types of log used for performance monitoring:

Access logs
Lists the connection attempts made by the client.
Error logs
Monitors errors, warnings, and records all error details.
Audit logs
Records the changes made to the Directory Server configurations.

The access and error logs run by default. The error log is a mandatory requirement for the server to run. Audit logs require manual enabling and can involve some minimal overhead resources.

The information on the current Directory Server activities is available through the web console or by using the command line. You can also monitor the cache activity of all databases.

Note

The access log is buffered and it enables full access logging even with highly loaded servers. However, there is a discrepancy between when the event occurs on the server and the time the event is recorded in the log.

1.1. Monitoring Directory Server using the command line

With the dsconf command, you can monitor the disk usage, query server statistics that are stored in the directory, and other metrics to track the performance.

Prerequisite

  • Ensure the server is running to use the dconf utility.

Procedure

  • To monitor the server performance using the command-line, run:

    # dsconf -D "cn=Directory Manager" ldap://server.example.com monitor server

    where:

    • D is the bindDN argument to connect to the LDAP directory.
    • cn=Directory Manager is the bindDN value for LDAP authentication.
    • ldap collects the server statistics using the specified Lightweight Directory Access Protocol (LDAP) URL.

1.2. Server monitoring attributes

The dsconf command returns the following attributes when monitoring Directory Server.

Table 1.1. Server monitoring attributes

AttributeDescription

version

Identifies the current directory version number.

threads

The current number of active threads handling requests. The internal server tasks, such as replication or chaining, can create additional threads when required.

connection

Provides the following summary information for each open connection when you bind to the directory as the Directory Manager:

fd: The file descriptor for a connection.

opentime: The time of opening a connection.

opscompleted: The number of complete operations.

binddn: The distinguished name to connect to the directory.

rw: A blocked connection on read or write privileges.

By default, this information is available to the Directory Manager. However, you can edit the Access Control Instruction (ACI) attribute in directory entries and configure additional users on access privileges to the information.

currentconnections

Identifies the number of connections currently in service by the directory.

totalconnections

Identifies the number of connections the server handles after it starts.

currentconnectionsatmaxthreads

Displays the connections currently in a max thread state.

maxthreadsperconnhits

Displays the number of times a connection hits the max thread state.

dtablesize

Shows the number of file descriptors available for the directory. Each connection requires one file descriptor for every open index, log file management, and for ns-slapd. Essentially, this value shows the number of additional concurrent connections that the directory can service. For more information on file descriptors, see the operating system documentation.

readwaiters

Identifies the number of threads waiting to read data from a client.

opsinitiated

Identifies the number of operations the server initiates after it starts.

opscompleted

Identifies the number of operations the server completes.

entriessent

Identifies the number of entries sent to clients after the server starts.

bytessent

Identifies the number of bytes sent to clients after the server starts.

currenttime

Identifies the server snapshot time. The time display is Greenwich Mean Time (GMT) in UTC format.

starttime

Identifies the time when the server starts. The time display is Greenwich Mean Time (GMT) in UTC format.

nbackends

Identifies the number of back ends (databases) the server services.

1.3. Monitoring Directory Server using the web console

The web console is a browser-based graphical user interface (GUI) that enables users to perform administrative tasks. The Directory Server packages automatically install the Directory Server user interface for the web console.

Procedure

  1. To open Directory Server in the web console, connect to the web console running on port 9090 on the Directory Server host.

    https://server.example.com:9090
  2. Log in as the root user or with sudo privileges.
  3. Under the Monitoring tab, select Server StatisticsServer Stats.

    Directory Server Statistics

1.4. Server information

The Directory Server displays the following fields under the Server Information menu.

Table 1.2. Server information

FieldDescription

Server Instance

Displays the name of the Directory Server instance.

Version

Identifies the current server version.

Server Started

The date and time the server is up and running.

Server Uptime

The measure of time the instance is up and running.

Worker Threads

The current number of active threads that handle requests. The internal server tasks, such as replication or chaining, can create additional threads when required.

Threads Waiting To Read

The total number of threads waiting to be read from the client. Threads may not be immediately read if the server receives new request from the client and halts the request transmission. Generally, waiting threads indicate a slow network or a slow client.

Conns At Max Threads

Displays all connections that are currently in a max thread state.

Conns Exceeded Max Threads

Displays the number of times a connection hits max thread state.

Total Connections

The total number of connections established to a Directory Server instance.

Current Connections

The total number of open connections. Each connection can start multiple operations and therefore multiple threads.

Operations Started

The number of operations initiated by a connection.

Operations Completed

The number of operations completed by the server for all connections.

Entries Returned to Clients

The number of entries sent to clients after the server starts.