Monitoring with SNMP feature is introduced in NetIQ Access Manager 4.0. Although, there could be many usecases derived out this feature, one such usecase is to monitor service status of NetIQ Identity provider and send email notification to administrator whenever service goes down. This is achieved with the help of Nagios as NMS (Network Management Software) using SNMP protocol.
Now that Identity Providers (IDP) and Access Gateways (AG) components can be monitored using SNMP with any of external monitoring softwares such as Nagios, it becomes a easy integration point. Based on the architecture diagram shown below, the access is centralized to Administration Console, from which all of NAM devices can be monitored, that includes more than 100+ attributes altogether, such as free memory, incoming and outgoing requests, sessions details, etc. Each of these attributes can be queried using SNMP with unique identifier (OID).
In the background, IDP and AG devices keeps sending periodic monitoring statistics to Administration Console and same is available through SNMP master agent as well. Any external monitoring software can monitor IDP or AG devices by communicating to master agent using SNMP protocol.
In this document, we will talk about how to monitor service status of Identity provider using SNMP.
For more information regarding supported SNMP objects, querying with OID, configurations, etc please refer to Administration Console guide.
Make sure SNMP is enabled in Administration Console, below are few steps to do in case not enabled.
<vcdnModule name=”snmp” className=”com.volera.vcdn.platform.snmp.SnmpAgentInit” sequence=”3″> <stringParam name=”enable” value=”true”/> <stringParam name=”masterAgentIp” value=”127.0.0.1″/> <stringParam name=”masterAgentPort” value=”705″/> </vcdnModule> |
Download configuration (nam.cfg)
As a prerequisite, Nagios server (http://www.nagios.org) is required to be installed in any Linux box. Additionally, net-snmp command line utility and Nagios SNMP plugin i.e check_snmp is required, if not present please install it, information is available at https://www.nagios-plugins.org
Also, make sure proper email address is configured as part of default email notification in Nagios contact configuration.
Additionally, few configurations are required in Nagios server and steps are mentioned below.
_adminconsole_ip_address 164.99.86.188 ; IP address of Primary Administration Console _snmp_community_name netiq ;Community name of the SNMP service |
define host { host_name Identity Provider 1 use nam_base_host address 10.240.100.27 # IP address of Identity Provider } |
Email will get triggered to default admin contact when IDP status goes RED. To test this, IDP can manually stopping from Administration. Here is how to do that.
Here is a Nagios screen shot, note that IDP service is stopped but Linux box is up.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.