6443N/A<?
xml version="1.0" encoding="UTF-8"?>
6443N/A ! This work is licensed under the Creative Commons 6443N/A ! Attribution-NonCommercial-NoDerivs 3.0 Unported License. 6443N/A ! To view a copy of this license, visit 6443N/A ! or send a letter to Creative Commons, 444 Castro Street, 6443N/A ! Suite 900, Mountain View, California, 94041, USA. 6443N/A ! You can also obtain a copy of the license at 6443N/A ! See the License for the specific language governing permissions 6443N/A ! and limitations under the License. 6443N/A ! If applicable, add the following below this CCPL HEADER, with the fields 6443N/A ! enclosed by brackets "[]" replaced with your own identifying information: 6443N/A ! Portions Copyright [yyyy] [name of copyright owner] 7321N/A ! Copyright 2011-2015 ForgeRock AS. 6443N/A<
chapter xml:
id='chap-monitoring' 6443N/A <
title>Monitoring, Logging, & Alerts</
title>
6443N/A <
para>This chapter describes the monitoring capabilities that OpenDJ
6443N/A implements, and shows how to configure them.</
para>
6443N/A <
indexterm><
primary>Monitoring</
primary></
indexterm>
6443N/A <
para>OpenDJ Control Panel provides basic monitoring capabilities under
6443N/A Monitoring > General Information, Monitoring > Connection Handler, and
6443N/A Monitoring > Manage Tasks. This chapter covers the other options for
6443N/A <
section xml:
id="ldap-monitoring">
6443N/A <
title>LDAP-Based Monitoring</
title>
6443N/A <
para>OpenDJ exposes monitoring information over LDAP under the entry
6443N/A <
literal>cn=monitor</
literal>. Many different types of information are
6443N/A exposed. The following example shows monitoring information about the
7321N/A <
para>Interface stability: <
link xlink:
href="reference#interface-stability" 7097N/A$ <
userinput>ldapsearch --port 1389 --baseDN cn=monitor "(cn=userRoot backend)"</
userinput>
7097N/A<
computeroutput>dn: cn=userRoot backend,cn=Disk Space Monitor,cn=monitor
6443N/AobjectClass: ds-monitor-entry
6443N/AobjectClass: extensibleObject
6443N/Adn: cn=userRoot Backend,cn=monitor
6443N/AobjectClass: ds-monitor-entry
6443N/AobjectClass: ds-backend-monitor-entry
6443N/Ads-backend-is-private: FALSE
6443N/Ads-backend-writability-mode: enabled
6443N/Ads-base-dn-entry-count: 163 dc=example,dc=com
7097N/Ads-backend-base-dn: dc=example,dc=com</
computeroutput>
6443N/A <
para>You can set global ACIs on the Access Control Handler if you want
6443N/A to limit read access under <
literal>cn=monitor</
literal>.</
para>
6443N/A <
section xml:
id="snmp-monitoring">
6443N/A <
title>SNMP-Based Monitoring</
title>
6443N/A <
indexterm><
primary>SNMP</
primary></
indexterm>
6443N/A <
para>OpenDJ lets you monitor the server over the Simple Network Management
6443N/A Protocol (SNMP), with support for the Management Information Base described
6443N/A Server Monitoring MIB</
link>.</
para>
6443N/A <
para>OpenDJ SNMP-based monitoring depends on OpenDMK, which you must
6443N/A separately</
link>. Install the <
link xlink:
show="new" 6443N/A >Full Binary Bundle</
link> by using the graphical installer, which requires
6443N/A that you accept the <
link xlink:
show="new" 6443N/A >Binary License for Project OpenDMK</
link>. OpenDJ directory server that you
6443N/A download from ForgeRock is built with OpenDMK, but due to licensing OpenDMK
6443N/A is not part of OpenDJ. SNMP is therefore not enabled by default.</
para>
6443N/A <
para>To run the OpenDMK installer, use the self-extracting .jar.</
para>
6443N/A <
para>If you install under <
filename>/
path/
to</
filename>, then the runtime
6443N/A <
para>Once you have installed OpenDMK, you can set up a connection handler
6443N/A for SNMP by enabling the connection handler, and pointing OpenDJ to your
7097N/A set-connection-handler-prop \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --handler-name "SNMP Connection Handler" \
6443N/A <
para>By default, the SNMP Connection Handler listens on port 161 and uses
6443N/A port 162 for traps. On UNIX and Linux systems, only root can normally open
6443N/A these ports. Therefore if you install as a normal user, you might want
6443N/A to change the listen and trap ports.</
para>
7097N/A set-connection-handler-prop \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --handler-name "SNMP Connection Handler" \
6443N/A <
para>Restart the SNMP Connection Handler to take the port number changes
6443N/A <
para> To restart the connection handler, you disable it, then enable
7097N/A set-connection-handler-prop \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --handler-name "SNMP Connection Handler" \
7097N/A set-connection-handler-prop \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --handler-name "SNMP Connection Handler" \
6443N/A <
para>Use a command such as <
command>snmpwalk</
command> to check that the
6443N/A SNMP listen port works.</
para>
7097N/A$ <
userinput>snmpwalk -v 2c -c OpenDJ@OpenDJ localhost:11161</
userinput>
7097N/ASNMPv2-SMI::mib-2.66.1.1.1.1 = STRING: "OpenDJ ${docTargetVersion}..."
6443N/A <
section xml:
id="jmx-monitoring">
6443N/A <
title>JMX-Based Monitoring</
title>
6443N/A <
indexterm><
primary>JMX</
primary></
indexterm>
6443N/A <
para>OpenDJ provides Java Management eXtensions (JMX) based monitoring. A
6443N/A number of tools support JMX, including <
command>jconsole</
command> and
6443N/A <
command>jvisualvm</
command>, which are bundled with the
Sun/
Oracle Java
6443N/A platform. JMX is not configured by default. Use the
6443N/A <
command>dsconfig</
command> command to configure the JMX connection
7321N/A <
para>Interface stability: <
link xlink:
href="reference#interface-stability" 7097N/A set-connection-handler-prop \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --handler-name "JMX Connection Handler" \
6443N/A <
para>By default, no users have privileges to access the JMX connection. The
6443N/A following command adds JMX privileges for Directory Manager.</
para>
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --add default-root-privilege-name:jmx-notify \
7097N/A --add default-root-privilege-name:jmx-read \
7097N/A --add default-root-privilege-name:jmx-write \
6443N/A <
para>You must also configure security to login remotely. See the section on
6443N/A <
citetitle>Using SSL</
citetitle> in <
link 6443N/A xlink:
show="new"><
citetitle>Monitoring and Management Using
6443N/A JMX</
citetitle></
link> for hints.</
para>
6443N/A <
para>Alternatively, you can connect to a local server process by using the
6443N/A server process identifier.</
para>
7097N/A<
computeroutput>3363</
computeroutput>
7097N/A$ <
userinput>jvisualvm --openpid 3363 &</
userinput>
6443N/A <
section xml:
id="monitoring-status-and-tasks">
6443N/A <
title>Server Operation & Tasks</
title>
7255N/A OpenDJ comes with two commands for monitoring server processes and tasks.
7321N/A xlink:
href="reference#status-1" 7255N/A ><
command>status</
command></
link> command
7255N/A displays basic information about the local server,
7255N/A similar to what is seen in the default window of the Control Panel.
7321N/A xlink:
href="reference#manage-tasks-1" 7255N/A ><
command>manage-tasks</
command></
link> command
7255N/A lets you manage tasks scheduled on a server, such as nightly backup.
6443N/A <
para>The <
command>status</
command> command takes administrative credentials
6443N/A to read the configuration, as does the Control Panel.</
para>
7097N/A$ <
userinput>status --bindDN "cn=Directory Manager" --bindPassword password</
userinput>
6443N/AAdministrative Users: cn=Directory Manager
7097N/AVersion: OpenDJ ${docTargetVersion}
7097N/AJava Version: <
replaceable>version</
replaceable>
6443N/AAdministration Connector: Port 4444 (LDAPS)
6443N/A --- Connection Handlers ---
6443N/AAddress:Port : Protocol : State
6443N/A-------------:----------:---------
6443N/A0.0.0.0:636 : LDAPS : Disabled
6443N/A0.0.0.0:1389 : LDAP : Enabled
6443N/A0.0.0.0:1689 : JMX : Disabled
7097N/AReplication: Disabled</
computeroutput>
6443N/A <
para>The <
command>manage-tasks</
command> command connects over the
6443N/A administration port, and so can connect to both local and remote
7097N/A --bindDN "cn=Directory Manager" \
6443N/A--------------------------------------------------------
7097N/Aexample-20110623030000000 Backup Waiting on start time</
computeroutput>
6443N/A <
indexterm><
primary>Logs</
primary></
indexterm>
6443N/A <
primary>Replication</
primary>
6443N/A <
para>By default OpenDJ stores access and errors logs as well as a
6443N/A server process ID file under the <
filename>logs/</
filename> directory.
6443N/A For the replication service, OpenDJ also keeps a replication log there.
6443N/A You can also configure a debug log. Furthermore, you can configure policies
6443N/A about how logs are rotated, and how they are retained. You configure logging
6443N/A using the <
command>dsconfig</
command> command.</
para>
6443N/A <
para>The <
firstterm>access log</
firstterm> traces the operations the
6443N/A server processes including timestamps, connection information, and
6443N/A information about the operation itself. The access log can therefore
6443N/A grow quickly, as each client request results in at least one new log
6443N/A <
para>The following access log excerpt shows a search operation from the
6443N/A local host, with the first three lines wrapped for readability.</
para>
7097N/A <
programlisting language="none">
6443N/A to=127.0.0.1:1389 protocol=LDAP
6443N/A base="dc=example,dc=com" scope=wholeSubtree filter="(uid=bjensen)" attrs="ALL"
6443N/A result=0 nentries=1 etime=3
7067N/A Notice that by default OpenDJ directory server logs a message
7067N/A for the search request, and a message for the search response.<
footnote>
7067N/A You can also configure the access logger to combine log messages
7067N/A by setting the property <
literal>log-format:combined</
literal>.
7067N/A The setting is useful when filtering messages based on response criteria.
7067N/A It causes the server to log one message per operation,
7067N/A rather than one message for the request and another for the response.
7067N/A The server also logs request and response messages for other operations
7067N/A that have responses, such as bind and modify operations.
7067N/A The server does not, however, log response messages for all operations,
7067N/A as some operations, such as persistent searches, abandon operations,
7067N/A unbind operations, and abandoned operations, do not have responses.
7067N/A Here, you see also that the log message for the unbind request
7067N/A is followed by a log message for the disconnection.
6443N/A <
para>The <
firstterm>errors log</
firstterm> traces server events, error
6443N/A conditions, and warnings, categorized and identified by severity.</
para>
6443N/A <
para>The following errors log excerpt shows log entries about a
6443N/A backup task, with lines wrapped for readability.</
para>
7097N/A <
programlisting language="none">
6443N/A[
22/
Jun/
2011:12:32:23 +0200] category=BACKEND severity=NOTICE msgID=9896349
6443N/A msg=Backup task 20110622123224088 started execution
6443N/A[
22/
Jun/
2011:12:32:23 +0200] category=TOOLS severity=NOTICE msgID=10944792
6443N/A msg=Starting backup for backend userRoot
6443N/A[
22/
Jun/
2011:12:32:24 +0200] category=TOOLS severity=NOTICE msgID=10944795
6443N/A msg=The backup process completed successfully
6443N/A[
22/
Jun/
2011:12:32:24 +0200] category=BACKEND severity=NOTICE msgID=9896350
7097N/A msg=Backup task 20110622123224088 finished execution
6443N/A <
para>If you use the HTTP Connection Handler, OpenDJ maintains a separate
6443N/A default configured as the File Based HTTP Access Log Publisher, uses
6443N/A a different format than the LDAP access log. This HTTP access log uses
6443N/A >Extended Log File Format</
link> with fields described in <
link 6443N/A >Microsoft's implementation</
link> as well. The following default
6443N/A fields are shown here in the order they occur in the log file.</
para>
7321N/A <
para>Interface stability: <
link xlink:
href="reference#interface-stability" 6443N/A <
term><
literal>cs-host</
literal></
term>
6443N/A <
para>Client host name</
para>
6443N/A <
term><
literal>c-ip</
literal></
term>
6443N/A <
para>Client IP address</
para>
6443N/A <
term><
literal>cs-username</
literal></
term>
6443N/A <
para>Username used to authenticate</
para>
6443N/A <
term><
literal>x-datetime</
literal></
term>
6443N/A <
para>Completion timestamp for the HTTP request, which you can configure
6443N/A using the <
literal>log-record-time-format</
literal> property</
para>
6443N/A <
term><
literal>cs-method</
literal></
term>
6443N/A <
para>HTTP method requested by the client</
para>
6443N/A <
term><
literal>cs-uri-query</
literal></
term>
6443N/A <
para>Path and query string requested by the client</
para>
6443N/A <
term><
literal>cs-version</
literal></
term>
6443N/A <
para>HTTP version requested by the client</
para>
6443N/A <
term><
literal>sc-status</
literal></
term>
6443N/A <
para>HTTP status code for the operation</
para>
6443N/A <
term><
literal>cs(User-Agent)</
literal></
term>
6443N/A <
para>User-Agent identifier</
para>
6443N/A <
term><
literal>x-connection-id</
literal></
term>
6443N/A <
para>Connection ID used for OpenDJ internal operations</
para>
6443N/A <
para>When using this field to match HTTP requests with internal
6443N/A operations in the LDAP access log, first set the access log advanced
6443N/A property, <
literal>suppress-internal-operations</
literal>, to
6443N/A <
literal>false</
literal>. By default, internal operations do not appear
6443N/A in the LDAP access log.</
para>
6443N/A <
term><
literal>x-etime</
literal></
term>
6443N/A <
para>Execution time in milliseconds needed by OpenDJ to service the
6443N/A <
para>Missing values are replaced with <
literal>-</
literal>. Tabs separate
6443N/A the fields, and if a field contains a tab character, then the field is
6443N/A surrounded with double quotes. OpenDJ then doubles double quotes in the
6443N/A field to escape them.</
para>
6443N/A <
para>The following example shows an excerpt of an HTTP access log with
6443N/A the default configuration. Lines are folded and space reformatted for the
7097N/A <
programlisting language="none">
6443N/A <
para>You can configure the <
literal>log-format</
literal> for the access log
6443N/A using the <
command>dsconfig</
command> command. In addition to the default
6443N/A fields, the following standard fields are supported.</
para>
6443N/A <
term><
literal>c-port</
literal></
term>
6443N/A <
para>Client port number</
para>
6443N/A <
term><
literal>s-computername</
literal></
term>
6443N/A <
para>Server name where the access log was written</
para>
6443N/A <
term><
literal>s-ip</
literal></
term>
6443N/A <
para>Server IP address</
para>
6443N/A <
term><
literal>s-port</
literal></
term>
6443N/A <
para>Server port number</
para>
6443N/A <
para>The <
firstterm>replication log</
firstterm> traces replication
6443N/A events, with entries similar to the errors log. The following excerpt has
6443N/A lines wrapped for readability.</
para>
7097N/A <
programlisting language="none">
6443N/A[
22/
Jun/
2011:14:37:34 +0200] category=SYNC severity=NOTICE msgID=15139026
6443N/A msg=Finished total update: exported domain "dc=example,dc=com" from this
6443N/A directory server DS(24065) to all remote directory servers.
6443N/A[
22/
Jun/
2011:14:37:35 +0200] category=SYNC severity=MILD_WARNING msgID=14745663
6443N/A closed the connection to this directory server DS(24065). This directory
6443N/A server will now try to connect to another replication server in order to
6443N/A receive changes for the domain "dc=example,dc=com"
6443N/A[
22/
Jun/
2011:14:37:35 +0200] category=SYNC severity=NOTICE msgID=15138894
7097N/A msg=The generation ID for domain "dc=example,dc=com" has been reset to 3679640
6443N/A <
para>Notice that the replication log does not trace replication operations.
6443N/A Use the external change log instead to get notifications about changes to
6443N/A directory data over protocol. You can alternatively configure an audit
6443N/A log, which is a type of access log that dumps changes in LDIF.</
para>
6443N/A <
para>A <
firstterm>debug log</
firstterm> traces details needed to
6443N/A troubleshoot a problem in the server. Debug logs can grow large quickly,
6443N/A and therefore no debug logs are enabled by default.</
para>
6443N/A <
para>Each log depends on a <
firstterm>log publisher</
firstterm>, whose
6443N/A type corresponds to the type of log. OpenDJ uses file-based log publishers.
6443N/A The design allows for custom log publishers, however, which could publish
6443N/A the logs elsewhere besides a file.</
para>
6443N/A <
para>For debug logging, you also set a <
firstterm>debug target</
firstterm>
6443N/A to control what gets logged.</
para>
6443N/A <
section xml:
id="log-rotation">
6443N/A <
title>Log Rotation & Retention</
title>
6443N/A <
para>Each file-based log can be associated with a <
firstterm>log rotation
6443N/A policy</
firstterm>, and a <
firstterm>log retention policy</
firstterm>. The
6443N/A former can specify when, after how much time, or at what maximum size a log
6443N/A is rotated. The latter can specify a maximum number or size of logs to
6443N/A retain, or an amount of free disk space to maintain. The design allows
6443N/A for custom policies as well.</
para>
6443N/A <
para>By default the file-based logs are subject to rotation and retention
6443N/A policies that you can list with <
command>dsconfig
6443N/A list-log-rotation-policies</
command> and <
command>dsconfig
6443N/A list-log-retention-policies</
command>.</
para>
6443N/A <
para>For example, view the log rotation policies with the following
7097N/A list-log-rotation-policies \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --bindPassword password</
userinput>
6443N/ALog Rotation Policy : Type : file-size-limit : rotation-interval : time-of-day
6443N/A------------------------------------:------------:-----------------:-------------------:------------
6443N/A24 Hours Time Limit Rotation Policy : time-limit : - : 1 d : -
6443N/A7 Days Time Limit Rotation Policy : time-limit : - : 1 w : -
6443N/AFixed Time Rotation Policy : fixed-time : - : - : 2359
7097N/ASize Limit Rotation Policy : size-limit : 100 mb : - : -</
computeroutput>
6443N/A <
para>View the log retention policies with the following command.</
para>
7097N/A list-log-retention-policies \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --bindPassword password</
userinput>
6443N/ALog Retention Policy : Type : disk-space-used : free-disk-space : number-of-files
6443N/A---------------------------------:-----------------:-----------------:-----------------:----------------
6443N/AFile Count Retention Policy : file-count : - : - : 10
6443N/AFree Disk Space Retention Policy : free-disk-space : - : 500 mb : -
7097N/ASize Limit Retention Policy : size-limit : 500 mb : - : -</
computeroutput>
6443N/A <
para>Use the <
command>dsconfig get-log-publisher-prop</
command> command to
6443N/A examine the policies that apply to a particular logger.</
para>
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --publisher-name "File-Based Access Logger" \
7097N/A --property retention-policy \
7097N/A --property rotation-policy</
userinput>
7097N/A<
computeroutput>Property : Value(s)
6443N/A-----------------:-------------------------------------------------------------
6443N/Aretention-policy : File Count Retention Policy
6443N/Arotation-policy : 24 Hours Time Limit Rotation Policy, Size Limit Rotation
6443N/A <
para>In other words, by default OpenDJ keeps 10 access log files, rotating
6443N/A the access log each day, or when the log size reaches 100 MB.</
para>
6443N/A <
para>The <
command>dsconfig</
command> command offers a number of subcommands
6443N/A for creating and deleting log rotation and retention policies, and for
6443N/A setting policy properties. You can update which policies apply to a logger
6443N/A by using the <
command>dsconfig set-log-publisher-prop</
command>
6443N/A <
section xml:
id="log-filtering">
6443N/A <
title>Log Filtering</
title>
6443N/A <
secondary>Filtering</
secondary>
6443N/A <
para>Each time a client application sends a request to OpenDJ, the server
6443N/A writes to its access log. As shown above, a simple search operation results
6443N/A in five messages written to the access log. This volume of logging gives you
6443N/A the information to analyze overall access patterns, or to audit access when
6443N/A you do not know in advance what you are looking for.</
para>
6443N/A <
para>Yet when you do know what you are looking for, log filtering
6443N/A lets you limit what the server logs, and focus on what you want to see.
6443N/A You define the filter criteria, and also set the filtering policy.</
para>
6443N/A <
para>You can filter both access and also audit logs.</
para>
6443N/A <
para>Log filtering lets you define rules based these criteria.</
para>
6443N/A <
para>Client IP address, bind DN, group membership</
para>
6443N/A <
para>Protocol used (such as LDAP, LDAPS, JMX)</
para>
6443N/A <
para>Response times</
para>
6443N/A <
para>Result codes (only log error results, for example)</
para>
6443N/A <
para>Search response criteria (number of entries returned, whether the
6443N/A <
para>Type of operation (connect, bind, add, delete, modify, rename,
6443N/A <
para>The filtering policy in the log publisher configuration specifies
6443N/A whether to include or exclude log messages that match the criteria you
6443N/A define. OpenDJ does not filter logs until you update the log publisher
6443N/A <
example xml:
id="log-filtering-exclude-control-panel">
6443N/A <
title>Example: Exclude Control Panel-Related Messages</
title>
6443N/A <
para>A common development troubleshooting technique consists of sending
6443N/A client requests while tailing the access log:</
para>
6443N/A <
para>Trouble is, when OpenDJ Control Panel is running, or when you are
6443N/A also adapting your configuration using the <
command>dsconfig</
command>
6443N/A command, OpenDJ writes access log messages related to administration.
6443N/A These might prevent you from noticing the messages that interest
6443N/A <
para>This example demonstrates how to filter out access log messages
6443N/A due to administrative connections over LDAPS on ports 1636 and 4444.</
para>
6443N/A <
para>Create access log filtering criteria rules.</
para>
7097N/A create-access-log-filtering-criteria \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --publisher-name "File-Based Access Logger" \
7097N/A --criteria-name "Exclude LDAPS on 1636 and 4444" \
7097N/A --set connection-port-equal-to:1636 \
7097N/A --set connection-port-equal-to:4444 \
7097N/A --set connection-protocol-equal-to:ldaps \
6443N/A <
para>Activate filtering to exclude messages from the default access log
6443N/A according to the criteria you specified.</
para>
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --publisher-name "File-Based Access Logger" \
7097N/A --set filtering-policy:exclusive \
6443N/A <
para>At this point, OpenDJ filters out connections over LDAPS to ports
6443N/A 1636 and 4444. While performing operations in OpenDJ Control Panel, if
6443N/A you perform a simple <
command>ldapsearch --port 1389 --baseDN
6443N/A dc=example,dc=com uid=bjensen cn</
command>, then all you see in the access
6443N/A log is the effect of the <
command>ldapsearch</
command> command.</
para>
7097N/A<
computeroutput>[
19/
Oct/
2011:16:37:16 +0200] CONNECT conn=8 from=127.0.0.1:54165
6443N/A to=127.0.0.1:1389 protocol=LDAP
6443N/A base="dc=example,dc=com" scope=wholeSubtree filter="(uid=bjensen)" attrs="cn"
6443N/A[
19/
Oct/
2011:16:37:16 +0200] SEARCH RES conn=8 op=0 msgID=1 result=0 nentries=1
7097N/A[
19/
Oct/
2011:16:37:16 +0200] DISCONNECT conn=8 reason="Client Unbind"</
computeroutput>
6443N/A <
para>In addition to the filtering policy, you can also adjust how OpenDJ
6443N/A writes log messages. By default, OpenDJ writes one log message for a
6443N/A request, and another for a response. You can set the log publisher
6443N/A property <
literal>log-format</
literal> to <
literal>combined</
literal>
6443N/A to have OpenDJ write a single message per operation. This can be helpful,
6443N/A for example, when evaluating response times. In addition, you can change
6443N/A the log message time stamps with <
literal>log-record-time-format</
literal>,
6443N/A and specify whether to log LDAP control OIDs for operations by setting
6443N/A <
literal>log-control-oids</
literal> to <
literal>true</
literal>.</
para>
6443N/A <
section xml:
id="alert-notifications">
6443N/A <
title>Alert Notifications</
title>
6443N/A <
indexterm><
primary>Alerts</
primary></
indexterm>
6443N/A <
para>OpenDJ can send alerts to provide notifications of significant server
6443N/A events. Yet alert notifications are not enabled by default. You can use
6443N/A the <
command>dsconfig</
command> command to enable alert notifications.</
para>
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --handler-name "JMX Alert Handler" \
6443N/A <
para>OpenDJ can also send mail over SMTP instead of JMX notifications.
6443N/A Before you set up the SMTP-based alert handler, you must identify an SMTP
6443N/A server to which OpenDJ sends messages.</
para>
7097N/A set-global-configuration-prop \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --handler-name "SMTP Alert Handler" \
7097N/A --set message-subject:"OpenDJ Alert, Type: %%alert-type%%, ID: %%alert-id%%" \
7097N/A --set message-body:"%%alert-message%%" \
7097N/A --set recipient-address:kvaughan@example.com \
7097N/A --set sender-address:opendj@example.com \
6443N/A <
variablelist xml:
id="alert-types">
6443N/A <
para>OpenDJ directory server uses the following types when sending
6443N/A alerts. For alert types that indicate server problems, check
6443N/A <
para>The access control handler has been disabled.</
para>
6443N/A <
para>The access control handler has been enabled.</
para>
6443N/A <
para>The dseecompat access control subsystem failed to correctly parse
6443N/A one or more ACI rules when the server first started.</
para>
6443N/A <
para>The JE backend has thrown a <
literal>RunRecoveryException</
literal>.
6443N/A The directory server needs to be restarted.</
para>
6443N/A <
para>A problem has occurred while attempting to create copies of the
6443N/A existing schema configuration files before making a schema update, and the
6443N/A schema configuration has been left in a potentially inconsistent
6443N/A <
para>The directory server is unable to rename the current tasks backing
6443N/A file in the process of trying to write an updated version.</
para>
6443N/A <
para>The directory server is unable to rename the new tasks backing file
6443N/A <
para>The directory server is unable to schedule an iteration of a
6443N/A <
para>The directory server is unable to write its updated configuration
6443N/A for some reason and therefore the server may not exhibit the new
6443N/A configuration if it is restarted.</
para>
6443N/A <
para>A problem has occurred while attempting to write new versions of the
6443N/A server schema configuration files, and the schema configuration has been
6443N/A left in a potentially inconsistent state.</
para>
6443N/A <
para>The directory server is unable to write an updated tasks backing
6443N/A file for some reason.</
para>
6443N/A <
para>The directory server has begun the process of shutting down.</
para>
6443N/A <
para>The directory server has completed its startup process.</
para>
6443N/A <
para>Free disk space has reached the full threshold.</
para>
6443N/A <
para>Default is 20 MB.</
para>
6443N/A <
para>Free disk space has reached the low threshold.</
para>
6443N/A <
para>Default is 100 MB.</
para>
6443N/A <
para>The directory server is entering lockdown mode, in which only root
6443N/A users are allowed to perform operations and only over the loopback
6443N/A <
para>Consecutive failures have occurred in the LDAP connection handler
6443N/A and have caused it to become disabled.</
para>
6443N/A <
para>Uncaught errors in the LDAP connection handler that have caused it
6443N/A <
para>An LDIF backend was unable to store an updated copy of the LDIF file
6443N/A after processing a write operation.</
para>
6443N/A <
para>The LDIF connection handler encountered an I/O error that prevented
6443N/A it from completing its processing.</
para>
6443N/A <
para>The LDIF connection handler encountered an unrecoverable error while
6443N/A attempting to parse an LDIF file.</
para>
6443N/A <
para>The directory server is leaving lockdown mode.</
para>
6443N/A <
para>The directory server detects that its configuration has been
6443N/A manually edited with the server online and those changes were overwritten
6443N/A by another change made through the server. The manually-edited
6443N/A configuration will be copied to another location.</
para>
6443N/A <
para>The directory server detects that its configuration has been
6443N/A manually edited with the server online and those changes were overwritten
6443N/A by another change made through the server. The manually-edited
6443N/A configuration could not be preserved due to an unexpected error.</
para>
6443N/A <
para>Multimaster replication cannot resolve a conflict
6443N/A <
para>A directory server thread has encountered an uncaught exception that
6443N/A caused that thread to terminate abnormally. The impact that this problem
6443N/A has on the server depends on which thread was impacted and the nature
6443N/A <
para>A unique attribute conflict has been detected during synchronization
6443N/A <
para>An error occurred while attempting to perform unique attribute
6443N/A conflict detection during synchronization processing.</
para>