3.0 Monitoring LDAP Proxy Processes

All internal activities of NetIQ LDAP Proxy can be monitored by enabling logging and tracing.

NetIQ LDAP Proxy enables you to configure a trace based on modules. Every traced activity message is associated with a severity level, which helps you to determine how critical a message is.

Critical: A critical message that needs the user's action immediately.

For example, the server ran out of memory or the listener failed to listen on a given interface.
Error: An error message that does not directly affect the functioning of the LDAP proxy server.

For example, any kind of operational errors.
Warning: A warning message that needs the user’s attention.

For example, the back-end server is down or the maximum connection limit for back-end service is reached.
Info: An informational message that can be understood by users.

For example, all module initialization messages.
Debug: Debugging information that can be understood only by developers or administrators.

For example, IN-CONN received socket error, closing LDAP connection.

You can configure a trace for the following modules:

TPOOL: Logs thread pool events.
SOCKET: Logs socket events.
SESSION: Logs session events.
MONITOR: Logs monitor thread events.
BER: Logs LDAP encoding and decoding events.
LDAP: Logs LDAP events.
POLICY: Logs policy events.
BACKEND: Logs back-end events.
XML: Logs XML events.
CONFIG: Logs configuration events.
STAT: Logs statistics logger events.

Additionally, you can configure certain parameters that are used to log additional control information with every message:

Time: Logs the time when the activity occurred. By default, time is enabled and logged.
Severity: Logs the message severity levels. By default, severity is disabled.
Session: Logs the session details, including session ID and thread ID. By default, this parameter is disabled.
Client address: Logs the client address where the activity occurred. By default, this parameter is disabled.
Inline: Logs messages in the same thread. By default, this parameter is disabled.

To log information for these parameters, you must set the parameter to “true” while configuring the proxy trace. For example, to enable session, you define it as session="true".

To enable trace configuration:

Open the nlptraceconf.xml file from the /etc/opt/novell/ldapproxy/conf directory in any XML editor.

The conf directory is available on the machine where you installed NetIQ LDAP Proxy.
Look for the following trace configuration in the file:
To enable the proxy trace, remove the comments () in the configuration.
To add or remove tracing of modules and parameter information, change the configuration according to your requirements.

For example, to enable tracing of the socket module, add the <module log-level="Info">SOCKET</module> element to the configuration.
Save the nlptraceconf.xml file in the /etc/opt/novell/ldapproxy/conf directory.
To commit the changes to the LDAP Proxy, run the following command:
- /etc/init.d/nlpd refresh (On SLES 11 and RHEL 6)
- systemctl reload nlpd.service (On SLES 12 and RHEL 7)

The trace log files are located in the /var/opt/novell/ldapproxy directory.

The following sample shows the trace message format:

[Time] SessionID:ThreadID TAGS: LEVEL: [Client Address]  Message String
[2009/06/04 16:15:17.981] 1:3067648928 LDAP: INFO: [192.168.1.1:50167] OUT-CONN sending request to backend service ldap://192.168.1.3:1389.

NOTE:The log-level value in the nlptrace.conf file is case-sensitive. It does not return the desired results if log-level value is specified entirely in lowercase or uppercase. For example, if you specify "debug" or "DEBUG" instead of "Debug", it does not work. The following example has the correct format:

            <xsd:enumeration value="Critical"/>
            <xsd:enumeration value="Error"/>
            <xsd:enumeration value="Warning"/>
            <xsd:enumeration value="Info"/>
            <xsd:enumeration value="Debug"/>