edirmon – NWMON-like eDirectory monitor for Linux



By: tjbayly

March 26, 2010 3:25 pm

Reads: 290

License:
Distributable

Download novell-edirmon-1.0-12.noarch

Overview

edirmon is a tool designed to provide nwmon.nlm functionality for eDirectory on linux. It collects information, evaluates eDirectory health based on the information, and places the information in its data logs.

edirmon can be run in interactive mode (with a screen showing data and health) or in daemon mode where it only logs information and health. The data logs are placed in the configured edirmon data directory. Program information and changes in health are sent to the system logger for processing. You can also optionally create an html health screen (edirmon does not contain a web server).

edirmon mimics nwmon in functionality and output.

Installation and Configuration

Install the RPM.

edirmon can pretty much run out of the box if eDirectory is installed using the default paths. The only setup that has to occur after installing the rpm is supplying credentials to use when pulling iMonitor data in /etc/opt/novell/edirmon/conf/secret. You may also want to make changes to /etc/opt/novell/edirmon/conf/edirmon.conf, depending on your setup.

Alerting

All program information is sent to the system logger for processing, so it is possible for the sysadmin to route information based on the syslog configuration. This allows edirmon to integrate with existing infrastructure for centralized logging or alerting.

All messages are sent as LOG_USER facility.
Program debug messages are LOG_DEBUG level.
Health status changes to HEALTHY are LOG_INFO level.
Health status changes to SUSPECT are LOG_WARNING level.
Health status changes to UNHEALTHY are LOG_ERR level.

Screen shots

HEALTHY

HEALTHY

SUSPECT

SUSPECT

UNHEALTHY

UNHEALTHY

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Cool Tools, eDirectory

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

29 Comments

  1. By:stegillard

    One thing I don’t like is the auto setting of the log interval to a hard-coded 30 seconds if the server isn’t “Healthy”. Couldn’t this be configurable?

    Its also a little unpleasant to have the admin password stored in a clear text file.

    Other than that, very useful!

    • By:tjbayly

      Version 1.0.8 will have a configuration option for the “unhealthy” interval – thanks for the idea.

      As far as the credentials go, they have to be stored somewhere – and this file is readable only to root. This doesn’t have to be the admin of your tree, though. It works with as little as a plain old user who has been put into the Operators role for the NCP server. No eDirectory rights beyond that are required. Version 1.0.8 will document this in the secret file.

  2. By:rpiercey

    Great information.

    It would be nice to have a startup script top run as a daemon.

    I have tried using “edirmon -D &” but it stops updating after a few intervals.

    Also a single loop option would be helpful then edirmon could be integrated with Hobbit Server.

    • By:tjbayly

      It appears that when edirmon is placed in the background it is eventually stopped by bash. As far as a daemon use case or script do something like this:

      Edit the /etc/init.d/post_ndsd_start script and append:

      /bin/openvt -c8 edirmon

      Edit the edirmon.conf and enabled html output (available in 1.0.8), specified my apache document directory and set the edirmon.screen.interval to 5.

      The net effect of these changes is that when ndsd starts edirmon launches in interactive mode on virtual terminal 8. You can access the edirmon screen directly from the server console at tty8. From any shell you can get the last logged data via report mode by executing edirmon. You can get the “live” interactive data by accessing the edirmon web page (served by Apache in this case) via a web browser – this page automatically refreshes at the screen interval to stay current.

      • By:Bambid

        If you put
        /bin/openvt -c8 edirmon

        in the

        /etc/init.d/post_ndsd_start script , then you should put in

        /etc/init.d/post_ndsd_stop

        killall edirmon ( I´m not Linux guru. Maybe, there is better way to stop edirmon )

        When you don´t this you get this error after restarting eDir

        “openvt: vt 8 is in use; command aborted
        use `openvt -f’ to force.
        Validation failed in post_ndsd_start script.
        Please refer to /etc/init.d/post_ndsd_start.”

        David

    • By:stegillard

      Redirecting stdin prevents it from being stopped. Here’s how I’m running it:

      nohup edirmon -D </dev/null >/dev/null 2>&1 &

    • By:tjbayly

      I changed edirmon v 1.0.9 to automatically close STDIN and ignore SIGHUP when in daemon mode, so now you can just put it in the background like you were attempting. Thanks to Steven for solving this particular puzzle.

  3. By:Dieseloreo

    try adding a file edirmon in /etc/xinet.d with all the needed args to run as a server from xinet.d

    then restart xinet.d

    or start the binary

    edirmon -D /dev/null 2>&1 &

    hit contrl -z
    use command bg to send to background

    then use disown -h to disown the process.

    logout and the program will stay running.

  4. By:mkoeppl

    Hello,

    it would be fine to use CASA to store the username/password if running as daemon.

    But really a nice tool.

  5. By:aterea

    any possiblity of allowing the log facility to be configurable?

  6. By:aterea

    is it possible to make hte logging facility configurable?
    Instead of using LOG_USER we would like LOG_LOCAL0 or something like that so we can configure syslog to send these messages to a separate file from the main log file.

  7. By:tjbayly

    It would certainly be possible to make it configurable in a new version but since it’s specified in only one place in code, it’s also easy to change directly for yourself. Edit /opt/novell/edirmon/lib/environment.pl. The line in question is openlog(“edirmon”,”ndelay,pid”,”LOG_USER”). Change LOG_USER to whatever valid facility you’d like.

    Also, you didn’t mention what flavor of Linux you are using, but if your distro uses syslog-ng it’s pretty trivial to get edirmon messages into a separate file even if using the LOG_USER facility along with other processes. Something along the lines of:

    filter f_edirmon { program(‘^edirmon); };
    destination edirmon { file(“/var/log/edirmon”); };
    log { source(src); filter(f_edirmon); destination(edirmon); };

    That would put them into a new /var/log/edirmon file. Eliminating it from the /var/log/messages file would be a question of modifying the filter f_messages to include:

    and not filter(f_edirmon)

  8. By:Bambid

    Even with oldie but goodie eDir 8.7.3 works this perfectly, good job.

    David

  9. By:samthendsgod

    How difficult would it be to have an email sent when suspect or unhealthy state is reached? Maybe specify an smtp server, and an address to send an alert to? (I’m not a programmer – this may be trivial to do, or may cause a huge amount of rewrite….) I’ve got about 200 servers and 900 replicas to monitor, so checking all of the proactively would be unfeasible. But to get an email when a monitored server got itself into a bad state would be most-excellent.

    Great product by the way!

    Sam

  10. By:tjbayly

    It wouldn’t be terribly difficult to add a sendmail module and have edirmon send e-mail directly, but it would violate one of the design principles. edirmon is written to be very minimal – it only uses stock perl so that the sysadmin doesn’t have to install and compile a bunch of extras to use it.

    In your case I’d look at accomplishing e-mail through the syslog: setting up a pipe to mail, implementing swatch, Novell Sentinel, etc.

    Glad to hear that you find the tool useful.

  11. By:davidkrotil

    Hi,
    are they any development news ? If not, I found after running this tool for a long time major design problem. You use ndsrepair to catch problems of edir, but you don’t care about ndsrepair.log which is after long run very huge. I needed to delete this log while it has 15 GB.
    You should change name of the log and put some rollover mechanism, that this log doesn’t fill entire partition.

    Regards

  12. By:tjbayly

    This version addresses the ndsrepair.log file problem (by redirecting the output from ndsrepair -E to /dev/null) and also changes the upper memory limit for 64-bit eDirectory.

  13. By:MystikWeb

    Howdy,

    Unable to install on SLES 10 SP2, dependancy failed: rpmlib(PayloadIsLzma).

    From what I am reading, this will not install on SLES 10, due to “the package is in LZMA compressed format, and your rpm utility is too old to handle this format.”

    We are not in a position to upgrade all our servers to SLES 11 which supports, this, is there a way I can get this running on SLES 10 without to much issue?

  14. By:davidkrotil

    It can´t be installed there.

    Error message, when trying to install it on SLES9 SP4.

    rpmlib(PayloadIsLzma) < = 4.4.6-1 is needed by novell-edirmon-1.0-11

    Thanks a lot.

  15. By:tjbayly

    Sorry about the IsLzma issue – that was a function of my build host being SLES11 and not a requirement of the rpm. I just repackaged it on a SLES9 host and attached a version which should fix these issues.

    • By:Thnielsen

      I think a lot of people need this – and I am too ‘limited’ :-) to find the attachment on the coolsolution if it is there. Otherwise I would suggest to up the version count and publish the version built without using lsLzma.

  16. By:Thnielsen

    Thank you :-)

  17. By:DouglaGM

    Cool tool, does it work with Multiple Instances of eDir?

  18. By:brucetimberlake

    I just installed 1.0-12 on a server; upon running, it shows:


    Monitoring Statistics for : SVR1 [32-bit eDir on x86_64] v1.0.11
    05/12/10 12:06:01 PM - (LIVE)

    Yet ndsd is 64-bit:


    [root@svr1 /]# file /opt/novell/eDirectory/sbin/ndsd
    /opt/novell/eDirectory/sbin/ndsd: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.4, dynamically linked (uses shared libs), for GNU/Linux 2.6.4, not stripped

  19. By:peterhine

    Hi,
    getting the following when multiple ip addresses are present.
    “edirmon[19549]: WARNING: Couldn’t resolve host ’10.251.1.118:8030,10.251.1.99′ when getting verb information from iMonitor”

    In the master server’s case, it is hard coded in /etc/sysconfig/network/ifcfg-eth0
    other servers use “ifconfig eth0 add …” and it seems ok on those at the moment.

    eg:
    DEVICE=eth0
    STARTMODE=onboot
    USERCONTROL=no
    BOOTPROTO=static
    NETMASK=255.255.128.0
    IPADDR=10.251.1.118
    IPADDR_time=’10.251.1.98′
    NETMASK_time=’255.255.128.0′
    LABEL_time=’time’
    PREFIXLEN=”
    PREFIXLEN_time=”
    IPADDR_master=’10.251.1.99′
    NETMASK_master=’255.255.128.0′
    LABEL_master=’master’
    PREFIXLEN_master=”

  20. By:peterhine

    this could be enabled by using the operating system’s mail command (/usr/bin/mail in SLES) and perl’s system command.

    so
    cat /tmp/file/.txt | mail -s “the subject” recipient@nice.com -r from@server.naughty.com

    should be acceptable to many
    if you have a template for the format of the email, people can fiddle with the format to their hearts content, just provided they leave your variables in place. shouldn’t be too much work (honest !!!)

    eg : to replace the server name
    sed -i “s:SERVER_NAME/$HOSTNAME/g” /tmp/file.txt
    might be all that is needed to put the server’s name into the template file prior to sending the alert. There is probably a more suitable perl way of doing it.

    (did you like the santa reference ??)
    p

  21. By:peterhine

    OES2SP2 now uses /opt/novell/eDirectory/sbin/post_ndsd_*
    /etc/init.d/ndsd has a section for migrating them out of /etc/init.d (where they should not have been in the first place, IMHO).

    might want to update your README

    Also, to avoid the “openvt: vt 8 is in use; command aborted, use `openvt -f’ to force.” should we stop and start the edirmon daemon too ?? or do you recommend to leave it in memory during ndsd restarts ???

    p

  22. By:mpjames

    Hi, nice tool. Thanks for all the work. I downloaded and installed novell-edirmon-1.0-12.noarch.rpm and it is working great on OES2 SP3 64-bit.

    I noted that it says v 1.0.11 at the top instead of 1.0.12. Obviously does not change the beauty of the app!

Comment