You can programmatically access statistics of Access Gateways, Identity Servers, and ESP. This section includes the following topics:
For programmatic access to Identity Server statistics, you must enable the Representational State Transfer (REST) API.
To enable the REST API:
Place the nidpmonitor.txt file in to the WEB-INF directory of Identity Server and ESP webapp.
For Identity Server:
/opt/novell/nam/idp/webapps/nidp/WEB-INF/
For ESP:
/opt/novell/nam/mag/webapps/nesp/WEB-INF/
Add the following line in nidpmonitor.txt:
urn:novell:nidp:monitor:anyaccess
After this line, you must add the IP addresses of the servers from which you will be making calls to the REST API. Example content of the nidpmonitor.txt file:
urn:novell:nidp:monitor:anyaccess
10.0.0.0
172.16.0.0
Restart Identity Server.
IMPORTANT:Frequent requests to get the statistics impact the system performance. It is recommended to keep a five minutes interval between every probe for the statistics.
Identity Server uses this REST endpoint: https://<DNS FQDN of NIDP>:<port>/nidp/app/monitor.
ESP uses this REST endpoint: https://<DNS FQDN of ESP>:<port>/nesp/app/monitor.
The endpoint takes the following three parameters:
Parameter |
Value |
Description |
---|---|---|
displayType |
XML |
This parameter specifies the output display type. Currently it supports only XML. |
command |
See Supported Commands and Their Outputs for details of the commands that support this parameter. |
This specifies the monitored statistics that are to be displayed. |
reset |
This parameter can take only "True" as value. See Supported Commands and Their Outputs for details of the commands which support reset. |
This specifies the monitored statistics that is to be reset. |
The following list includes supported commands:
NOTE:When using the curl command, place the URL inside double quotes (""). Otherwise, the XML data does not render. For example, curl -k "https://<domain>:<port>/nidp/app/monitor?command=inUrlTypes&displayType=xml".
This command supports reset. This command displays the monitored statistics of incoming HTTP requests to Identity Server.
Example output:
<?xml version="1.0" encoding="UTF-8"?><InComingHTTPRequests> <ThreadIntervals> <NamedValues> <NamedValue name="Total" value="61" /> <NamedValue name="Current Requests" value="1" /> </NamedValues> <ActiveObjects abandoned="0"> <ActiveObject name="ajp-bio-/127.0.0.1-9019-exec-23" age="3"> </ActiveObject> </ActiveObjects> <Historical> <Spectrometer dataPoints="22" totalCount="60" maxDataPoints="500"> <max>145</max> <min>1</min> <mean>18</mean> </Spectrometer> </Historical> </ThreadIntervals></InComingHTTPRequests>
This command supports reset. This command displays counts of the URL types and services that have been requested to Identity Server.
Example output:
<UrlTypes> <NamedValues> <NamedValue name="CMD: /app/, monitor" value="15" /> <NamedValue name="CMD: /app/, ping" value="13" /> <NamedValue name="CMD: /idff, soap" value="1" /> <NamedValue name="CMD: /idff, sso" value="4" /> <NamedValue name="JSP: content.jsp" value="1" /> </NamedValues></UrlTypes>
This command supports reset. This command displays the monitored statistics of outgoing HTTP requests from Identity Server.
Example output:
<?xml version="1.0" encoding="UTF-8"?><OutGoingHTTPRequests> <ThreadIntervals> <NamedValues> <NamedValue name="Total" value="25" /> </NamedValues> <Historical> <Spectrometer dataPoints="10" totalCount="25" maxDataPoints="500"> <max>51</max> <min>2</min> <mean>12</mean> </Spectrometer> </Historical> </ThreadIntervals></OutGoingHTTPRequests>
This command does not support reset. This command displays the setup details of Identity Server configuration store and the user store.
Example output:
<UserStoreManager id="MGf373f25e-5a95-484e-85fe-2d3f073e3c28"> <TrustConfigDataStore> <UserStore id="USef25d609-7577-4bab-a705-f00b5406f2cc" systemId="cn=SCC7u0ouw,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell" displayName="" directoryName="Novell eDirectory" adminUserName="ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell" idleTimeout="10000" bindTimeout="0" allowRebind="true" maxWaitReservations="-1"> <Replicas> <Replica id="0c498978-2d16-4b25-ae41-484fca62fc36" systemId="PseudoXMLBasedUserStoreReplicaDN0" displayName="Replica 1" host="ldaps:// 10.0.0.0" port="636" maxConnections="5" doSSL="true"> <ConnectionPool id="PL8928e311-6a84-494a-b61a-5ff43005dd6f:0c498978-2d16-4b25-ae41-484fca62fc36" adminUserName="ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell" maxConnections="5" skipCount="10" waitResTimeout="60000" waitResSleep="20" waitResSleepIterCount="3000" load="0"> <AdminConnections> <Connection id="0adff495-9321-485c-b156-66deceeefa84" type="admin" checkedOut="false" IdleAge="5985087" /> </AdminConnections> </ConnectionPool> </Replica> </Replicas> </UserStore> </TrustConfigDataStore> <UserStores> <UserStore id="USc15e7906-d4a9-41c3-8438-cd10fb6c7a89" systemId="cn=USmkp9m,cn=Alrre4,cn=SCC7u0ouw,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell" displayName="SingleBoxUserStore" directoryName="Novell eDirectory" adminUserName="cn=admin,o=novell" idleTimeout="10000" bindTimeout="0" allowRebind="true" maxWaitReservations="-1"> <SearchContexts> <SearchContext order="0" scope="1" context="o=novell" /> </SearchContexts> <Replicas> <Replica id="0a307605-8946-4455-8080-f1819562481d" systemId="cn=USRlxnx69,cn=USmkp9m,cn=Alrre4,cn=SCC7u0ouw,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell" displayName="SingleBoxUserStoreReplica" host="ldaps:// 10.0.0.0" port="636" maxConnections="20" doSSL="true"> <ConnectionPool id="PLce0653bc-488d-4e7c-81a5-08e935d83c82:0a307605-8946-4455-8080-f1819562481d" adminUserName="cn=admin,o=novell" maxConnections="20" skipCount="10" waitResTimeout="60000" waitResSleep="20" waitResSleepIterCount="3000" load="0"> <AdminConnections> <Connection id="b1c0a413-2c36-4b64-831c-b0849421c7a0" type="admin" checkedOut="false" IdleAge="259357" /> </AdminConnections> </ConnectionPool> </Replica> </Replicas> </UserStore> </UserStores></UserStoreManager>
This command does not support reset. This command displays counts of Identity Server LDAP connection.
Example output:
<LdapConnections> <TotalAdded admin="25" user="1" /> <TotalRemoved admin="23" user="1" /> <CurrentValidInUse admin="0" user="0" /> <CurrentValidOutOfUse admin="2" user="0" /> <CurrentInvalidEstd admin="0" user="0" /> <CurrentInvalidNonEstd admin="0" user="0" /> <TotalForceCloseSuccess admin="23" user="1" /> <TotalForceCloseError admin="0" user="0" /> <TotalForceCloseNonEstd admin="0" user="0" /></LdapConnections>
This command supports reset. This command displays statistics of Identity Server LDAP connection wait time.
Example output:
<LDAPConnectionWaits></LDAPConnectionWaits>
This command does not support reset. This command displays statistics of Identity Server LDAP replica.
Example output:
<LdapReplicaStatsCollection> <TrustConfigDataStoreStats> <LdapReplicaStats displayName="Replica 1" host="ldaps:// 10.0.0.0 " inRestart="false" load="0"> <ExistingAdminConnectionReservation admin="97" /> <NewConnections admin="2" user="0" /> <Rebinds user="0" /> <InvalidRebinds user="0" /> <Waits admin="0" user="0" /> <WaitExpired admin="0" user="0" /> <WaitSkipped admin="0" user="0" /> <WaitHitMaxSkipped admin="0" user="0" /> </LdapReplicaStats> </TrustConfigDataStoreStats> <LdapReplicaStats displayName="SingleBoxUserStoreReplica" host="ldaps://10.0.0.0" inRestart="false" load="0"> <ExistingAdminConnectionReservation admin="86" /> <NewConnections admin="28" user="1" /> <Rebinds user="0" /> <InvalidRebinds user="0" /> <Waits admin="0" user="0" /> <WaitExpired admin="0" user="0" /> <WaitSkipped admin="0" user="0" /> <WaitHitMaxSkipped admin="0" user="0" /> </LdapReplicaStats></LdapReplicaStatsCollection>
This command does not support reset. This command displays performance statistics of Identity Server LDAP replica.
Example output:
<?xml version="1.0" encoding="UTF-8"?><LdapReplicaPerfCollection> <TrustConfigDataStorePerf> <LdapReplicaPerf displayName="Replica 1" inRestart="false" load="0" host="ldaps://10.0.0.0"> <AllOpsDuration> <Interval> <Spectrometer dataPoints="5" totalCount="6" maxDataPoints="300"> <max>46</max> <min>1</min> <mean>16</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="11" totalCount="100" maxDataPoints="500"> <max>93</max> <min>1</min> <mean>3</mean> </Spectrometer> </Historical> </AllOpsDuration> <CreateConnDuration> <Interval> <Spectrometer dataPoints="2" totalCount="2" maxDataPoints="300"> <max>46</max> <min>44</min> <mean>45</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="500"> <max>93</max> <min>93</min> <mean>93</mean> </Spectrometer> </Historical> </CreateConnDuration> <CloseConnDuration> <Interval> <Spectrometer dataPoints="1" totalCount="2" maxDataPoints="300"> <max>1</max> <min>1</min> <mean>1</mean> </Spectrometer> </Interval> </CloseConnDuration> <SearchDuration> <Interval> <Spectrometer dataPoints="2" totalCount="2" maxDataPoints="300"> <max>3</max> <min>2</min> <mean>2</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="8" totalCount="95" maxDataPoints="500"> <max>11</max> <min>1</min> <mean>2</mean> </Spectrometer> </Historical> </SearchDuration> <GetDuration> <Historical> <Spectrometer dataPoints="4" totalCount="4" maxDataPoints="500"> <max>10</max> <min>1</min> <mean>6</mean> </Spectrometer> </Historical> </GetDuration> <ModifyDuration></ModifyDuration> <CreateObjDuration></CreateObjDuration> <DeleteObjDuration></DeleteObjDuration> <ExtDuration></ExtDuration> <RebindDuration></RebindDuration> </LdapReplicaPerf> </TrustConfigDataStorePerf> <LdapReplicaPerf displayName="SingleBoxUserStoreReplica" inRestart="false" load="0" host="ldaps://10.0.0.0"> <AllOpsDuration> <Interval> <Spectrometer dataPoints="5" totalCount="19" maxDataPoints="300"> <max>46</max> <min>1</min> <mean>13</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="5" totalCount="9" maxDataPoints="500"> <max>43</max> <min>0</min> <mean>5</mean> </Spectrometer> </Historical> </AllOpsDuration> <CreateConnDuration> <Interval> <Spectrometer dataPoints="2" totalCount="5" maxDataPoints="300"> <max>46</max> <min>45</min> <mean>45</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="500"> <max>43</max> <min>43</min> <mean>43</mean> </Spectrometer> </Historical> </CreateConnDuration> <CloseConnDuration> <Interval> <Spectrometer dataPoints="1" totalCount="5" maxDataPoints="300"> <max>1</max> <min>1</min> <mean>1</mean> </Spectrometer> </Interval> </CloseConnDuration> <SearchDuration> <Interval> <Spectrometer dataPoints="2" totalCount="3" maxDataPoints="300"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Interval> </SearchDuration> <GetDuration> <Interval> <Spectrometer dataPoints="2" totalCount="3" maxDataPoints="300"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="2" totalCount="4" maxDataPoints="500"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Historical> </GetDuration> <ModifyDuration></ModifyDuration> <CreateObjDuration></CreateObjDuration> <DeleteObjDuration></DeleteObjDuration> <ExtDuration> <Interval> <Spectrometer dataPoints="2" totalCount="2" maxDataPoints="300"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="3" totalCount="4" maxDataPoints="500"> <max>3</max> <min>0</min> <mean>1</mean> </Spectrometer> </Historical> </ExtDuration> <RebindDuration> <Interval> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="300"> <max>3</max> <min>3</min> <mean>3</mean> </Spectrometer> </Interval> </RebindDuration> </LdapReplicaPerf></LdapReplicaPerfCollection>
This command does not support reset. This command displays statistics of Identity Server LDAP replica failure.
Example output:
<?xml version="1.0" encoding="UTF-8"?><LdapReplicaFailureCollection> <TrustConfigDataStoreFailure> <LdapReplicaFailurePerf displayName="Replica 1" inRestart="false" load="0" host="ldaps://10.0.0.0"> <AllOpsDuration> <Historical> <Spectrometer dataPoints="2" totalCount="3" maxDataPoints="500"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Historical> </AllOpsDuration> <CreateConnDuration></CreateConnDuration> <CloseConnDuration></CloseConnDuration> <SearchDuration></SearchDuration> <GetDuration> <Historical> <Spectrometer dataPoints="2" totalCount="3" maxDataPoints="500"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Historical> </GetDuration> <ModifyDuration></ModifyDuration> <CreateObjDuration></CreateObjDuration> <DeleteObjDuration></DeleteObjDuration> <ExtDuration></ExtDuration> <RebindDuration></RebindDuration> </LdapReplicaFailurePerf> </TrustConfigDataStoreFailure> <LdapReplicaFailurePerf displayName="SingleBoxUserStoreReplica" inRestart="false" load="0" host="ldaps://10.0.0.0"> <AllOpsDuration> <Interval> <Spectrometer dataPoints="2" totalCount="2" maxDataPoints="300"> <max>3054</max> <min>3051</min> <mean>3052</mean> </Spectrometer> </Interval> </AllOpsDuration> <CreateConnDuration> <Interval> <Spectrometer dataPoints="2" totalCount="2" maxDataPoints="300"> <max>3054</max> <min>3051</min> <mean>3052</mean> </Spectrometer> </Interval> </CreateConnDuration> <CloseConnDuration></CloseConnDuration> <SearchDuration></SearchDuration> <GetDuration></GetDuration> <ModifyDuration></ModifyDuration> <CreateObjDuration></CreateObjDuration> <DeleteObjDuration></DeleteObjDuration> <ExtDuration></ExtDuration> <RebindDuration></RebindDuration> </LdapReplicaFailurePerf></LdapReplicaFailureCollection>
This command does not support reset. This command displays performance statistics of Identity Server local authentication.
Example output:
<?xml version="1.0" encoding="UTF-8"?><AuthenticationPerformance> <NamedValues> <NamedValue name="Provided Authentications" value="2" /> <NamedValue name="Consumed Authentications" value="3" /> <NamedValue name="Consumed Authentications Failures" value="6" /> <NamedValue name="Historical PEAK Logins" value="1" /> <NamedValue name="Logouts" value="2" /> </NamedValues> <LocalAuthDuration historicalMean="106" intervalMean="105"> <ContractStats name="Name/Password - Form"> <Historical> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="500"> <max>100</max> <min>100</min> <mean>100</mean> </Spectrometer> </Historical> </ContractStats> <ContractStats name="MyTwoContracts"> <Interval> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="300"> <max>105</max> <min>105</min> <mean>105</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="500"> <max>113</max> <min>113</min> <mean>113</mean> </Spectrometer> </Historical> </ContractStats> </LocalAuthDuration> </AuthenticationPerformance>
For programmatic access to Access Gateway statistics, you require to enable the global advanced option NAGStatsClientIPWhitelist. This option takes a list of IP addresses of servers that can access Access Gateway statistics.
To access the statistics, run the HTTP GET command on the resource: https://<mag-host-name>/mag-stats.
NOTE:Frequent requests to get the statistics impact the system’ performance. It is recommended to keep a five minutes interval between every probe for the statistics.
To enable this option:
In Administration Console Dashboard, select Devices > Access Gateway Servers > Edit > Advanced Options.
Add this line: NAGStatsClientIPWhitelist <ip1> <ip2>.
Replace <ip1> and <ip2> with the IP addresses of the servers from which you want to access the statistics.
Click OK.
This request displays the following:
Https related statistics
Requests received
Active requests
Server related statistics
Product start time
Product up time
Product CPU utilization
Disk swap (KB)
Disk swap used (KB)
Memory total (KB)
Cache statistics
NOTE:Cache statistics are 0 because they are not implemented currently in the server side.
Cache stats (KB)
Cache stats utilization percentage
Cache hit ratio since last reset
Cache stats object count
Summary Statistics Byte
Total bytes sent to the origin server
Total bytes read from the Web server
Total bytes sent to the browsers
Total bytes received from the browsers
Bytes per sec read from the Web server
Bytes per sec sent to the browsers
Summary Statistics Benefits
Total bytes saved
Total bytes saved per second
Example output:
<?xml version="1.0" encoding="UTF-8"?><MAGStatistics><httpStats> <NamedValues> <NamedValue name="RequestsReceived" value="0" /> <NamedValue name="ActiveRequests" value="1" /> </NamedValues></httpStats><boxStats> <NamedValues> <NamedValue name="ProductStartTime" value="Fri, 27 Jul 2012 11:01:11 GMT"/> <NamedValue name="ProductUpTime" value="0:0:0:26" /> <NamedValue name="ProductCPUUtilization" value="-294" /> <NamedValue name="DiskSwapKb" value="4088532" /> <NamedValue name="DiskSwapUsedKb" value="0" /> <NamedValue name="MemoryTotalKb" value="7835" /> </NamedValues></boxStats><cacheStats> <NamedValues> <NamedValue name="cacheStatsKb" value="0" /> <NamedValue name="cacheStatsUtilPercentage" value="0" /> <NamedValue name="cacheHitRatioSinceReset" value="0" /> <NamedValue name="cacheStatsObjectCount" value="0" /> </NamedValues></cacheStats<summaryStatsByte> <NamedValues> <NamedValue name="TotalBytesSentToOriginServer" value="0" /> <NamedValue name="TotalBytesReadFromWS" value="0" /> <NamedValue name="TotalBytesSentToBrowsers" value="0" /> <NamedValue name="TotalBytesReceivedFromBrowsers" value="0" /> <NamedValue name="BytesPsecReadFromWS" value="0" /> <NamedValue name="BytesPsecSentToBrowsers" value="0" /> </NamedValues></summaryStatsByte><summaryStatsBenefits> <NamedValues> <NamedValue name="TotalBytesSaved" value="0" /> <NamedValue name="TotalBytesSavedPerSecond" value="0" /> </NamedValues></summaryStatsBenefits><summaryStatsRequests> <NamedValues> <NamedValue name="TotalRequestsPSecBrowsers" value="0" /> <NamedValue name="PeakTotalRequestsPSecBrowsers" value="1" /> <NamedValue name="TotalRequestsPSecOriginServer" value="0" /> <NamedValue name="PeakTotalRequestsPSecOriginServer" value="0" /> <NamedValue name="CurrentTotalRequestsToOriginServer" value="0" /> <NamedValue name="CurrentTotalRequestsReceivedFromBrowser" value="1" /> <NamedValue name="FailedRequestsToWS" value="0" /> <NamedValue name="CumulativeRequestsToWS" value="0" /> </NamedValues></summaryStatsRequests><summaryStatsConnections> <NamedValues> <NamedValue name="CurrentConnectionsBrowser" value="10" /> <NamedValue name="CurrentConnectionsBackend" value="0" /> <NamedValue name="TotalConnectionsBrowser" value="28" /> <NamedValue name="TotalConnectionsBackend" value="0" /> <NamedValue name="PeakConnectionsBrowser" value="6" /> <NamedValue name="PeakConnectionsBackend" value="0" /> <NamedValue name="FailedConnectionsBackend" value="0" /> </NamedValues></summaryStatsConnections></MAGStatistics>