4.6 Monitoring Access Gateway Alerts

The Access Gateway has been programmed to issue events to various types of systems (such as a Novell Audit server, a Novell Sentinel server, or a Syslog server) so that the administrator can be informed when significant changes occur that modify how the Access Gateway is performing. For information about auditing and audit events, see Section 4.7, Enabling Access Gateway Audit Events. Alerts can also be configured so that the administrator is informed when significant changes occur.

4.6.1 Viewing Access Gateway Alerts

The Alerts page allows you to view information about current Java alerts and to clear them. An alert is generated whenever the Access Gateway detects a condition that prevents it from performing normal system services.

  1. In the Administration Console, click Devices > Access Gateways > [Name of Server] > Alerts.

  2. To delete an alert from the list, select the check box for the alert, then click Acknowledge Alert(s). To remove all alerts from the list, click the Severity check box, then click Acknowledge Alert(s).

  3. Click Close.

  4. (Optional) To verify that the problem has been solved, click Access Gateways > [Server Name] > Health > Update from Server.

4.6.2 Viewing Access Gateway Cluster Alerts

To view information about current alerts for all members of a cluster:

  1. In the Administration Console, click Devices > Access Gateways > [Name of Cluster] > Alerts.

  2. Analyze the data displayed in the table.

    Column

    Description

    Server Name

    Lists the name of the Access Gateway that sent the alert. To view additional information about the alerts for a specific Access Gateway, click the name of an Access Gateway.

    Severe

    Lists the number of critical alerts that have been sent and not acknowledged.

    Warning

    Lists the number of warning alerts that have been sent and not acknowledged.

    Information

    Lists the number of informational alerts that have been sent and not acknowledged.

  3. To acknowledge all alerts for an Access Gateway, select the check box for the Access Gateway, then click Acknowledge Alert(s). When you acknowledge an alert, you clear the alert from the list.

  4. To view information about a particular alert, click the server name.

4.6.3 Managing Access Gateway Alert Profiles

For an Access Gateway, this option allows you to send notification of generated system alerts to the Administration Console, to a Syslog server, to a log file, or to a list of e-mail recipients.

  1. In the Administration Console, click Devices > Access Gateways > Edit > Alerts.

    Configuring Alerts
  2. Select one of the following actions:

    New: To add a new profile, click New. Specify a name for the profile, then click OK. For configuration information, see Section 4.6.4, Configuring an Alert Profile.

    Enable: To enable a profile, select the check box next to the profile, then click Enable.

    Disable: To disable a profile, select the check box next to the profile, then click Disable.

    Delete: To delete a profile, select the check box next to the profile, then click Delete.

  3. To save your modifications, click OK twice.

  4. On the Access Gateways page, click Update.

4.6.4 Configuring an Alert Profile

The alert profile determines which alerts are sent and where the alerts are sent.

  1. In the Administration Console, click Devices > Access Gateways > Edit > Alerts > [Name of Profile].

  2. Select one or more of the following:

    Connection Refused: Generated when a connection is refused.

    Proxy Initialization Failure: Generated when the Embedded Service Provider fails to initialize.

    System Up: Generated each time the Access Gateway is started.

    System Down: Generated each time the Access Gateway is stopped.

    Configuration Changed: Generated each time the configuration of the Access Gateway is modified.

    DNS Server Not Responding: (Access Gateway Appliance) Generated each time the DNS server stops responding.

    DNS Server Is Now Responding: (Access Gateway Appliance) Generated each time the DNS server comes up.

    DNS Parent Address Invalid: (Access Gateway Appliance) Generated when the IP address of DNS parent is invalid.

    DNS Resolver Initialization Failure (10 seconds): (Access Gateway Appliance) Generated when the DNS resolver initialization fails.

    DNS Resolver Initialization Failure (2 minutes): (Access Gateway Appliance) Generated when the DNS resolver initialization fails.

    Failure in Audit, Stopping Services: Generated when the audit server has failed, and the Access Gateway has been configured to stop services.

    To configure the Access Gateway to continue when auditing services are not available, click Auditing > Novell Auditing, deselect the Stop Services on Audit Server Failure option, then click Apply.

    Failure in Audit, Will lose events, but continuing services: Generated when the audit agent has failed. The Access Gateway continues to run, but no audit events are generated.

    As a workaround while solving this problem, you can enable proxy service logging (see Section 4.3, Configuring Logging for a Proxy Service). The common and extended log files provide some details on the HTTP traffic.

    If you do not want the Access Gateway to run without generating events, you need to manually shut down the Access Gateway.

    Failure in Audit, Server is offline: Generated when the audit agent is unable to contact the audit server. When this condition occurs, the audit agent uses local caching for the audit events.

    Do not allow this condition to continue indefinitely. The Access Gateway soon reaches the limits of its local cache. If this happens, events can be lost and the Access Gateway might need to stop services.

    For troubleshooting information, see “Troubleshooting Novell Audit” in the Novell Audit Administration Guide.

  3. Select where you want the alerts sent:

    Send to Device Manager: Select this option to send alerts to the Administration Console.

    Send to SNMP: (Access Gateway Service) Select this option to send alerts to an SNMP server. To configure the SNMP server, click the Send to SNMP link. For configuration information, see SNMP Profile.

    Send to Log File: Select this option to send alerts to a log file. To send alerts to a log file, click New, specify a name for the log profile, then click OK. For configuration information, see Configuring a Log Profile.

    To enable a log profile, select the profile, then click Enable.

    To disable a log profile, select the profile, then click Disable.

    To delete a log profile, select the profile, then click Delete. Click OK in the confirmation dialog box.

    Send E-mail Notifications: Select this option to send alerts through e-mail notifications. To enable e-mail notification click New, specify a name for the e-mail profile, then click OK. For configuration information, see Configuring an E-Mail Profile.

    To enable an e-mail profile, select the profile, then click Enable.

    To disable an e-mail profile, select the profile, then click Disable.

    To delete an e-mail profile, select the profile, then click Delete. Click OK in the confirmation dialog box.

    Send to Syslog: Select this option to enable syslog alerts. Click New, specify a name for the syslog profile, then click OK. For configuration information, see Configuring a Syslog Profile.

    To enable a syslog profile, select the profile, then click Enable.

    To disable a syslog profile, select the profile, then click Disable.

    To delete a syslog profile, select the profile, then click Delete. Click OK in the confirmation dialog box.

  4. To enable an alert action profile, select the action profile, click Enable, then click OK.

    The action to send the alerts to a log file, to e-mail addresses, or to a syslog file is not performed until the action profile is enabled.

  5. On the Alert Profiles page, verify that the alert profile you have created is enabled, then click OK twice.

  6. Update the Access Gateway.

4.6.5 SNMP Profile

  1. (Access Gateway Service) To add the IP address of a SNMP server, click New, specify the IP addresses, then click OK.

  2. (Optional) To delete an IP address, select the IP address, then click Delete.

  3. Click OK.

  4. Select one of the following:

    • To add another profile, continue with Step 3.

    • To save your modifications, continue with Step 4.

4.6.6 Configuring a Log Profile

The Send to Log File field displays the name of the log profile you are configuring.

  1. Fill in the following fields:

    Log File Name: Specify a name for the log file and a path where the file should be stored.

    If you specify a path for the Access Gateway Appliance, the path must be a full path. If you specify a path for the Access Gateway Service, the path is relative to the base path of the platform:

    • Linux Access Gateway Service: /var/opt/novell/amlogging/logs/

    • Windows Access Gateway Service: \Program Files\Novell\amlogging\logs\

    Max File Size: Specify a maximum size for the log file in KB. The size can be from 50 to 100000 KB. Specify 0 to indicate that there is no maximum file size.

  2. Click OK.

  3. Select one of the following:

    • To add another profile, continue with Step 3.

    • To save your modifications, continue with Step 4.

4.6.7 Configuring an E-Mail Profile

The Send E-Mail Notifications field displays the name of the e-mail profile you are configuring.

  1. Fill in the following fields:

    E-mail Recipients: To add a recipient to the list, click New, specify the e-mail address of the recipient, then click OK. You can add multiple e-mail addresses. To delete a recipient, select the user’s email address, click Delete, then click OK.

    Mail Exchange Servers: To add a mail server, click New, specify the IP address or the DNS name of the mail exchange server, then click OK. You can add multiple mail exchange servers. To delete a server, select the server, click Delete, then click OK.

  2. Click OK.

  3. Select one of the following:

    • To add another profile, continue with Step 3.

    • To save your modifications, continue with Step 4.

4.6.8 Configuring a Syslog Profile

The Send to Syslog field displays the name of the syslog profile you are configuring.

  1. Fill in the following field:

    Facility Name: Specify a facility name for the Syslog server. It can be any name from local0 to local7. If you specify local0 as your facility name, the alerts are stored at \var\logs\ics_dyn.log. The Access Gateway Appliance uses local0 for normal logging information. Therefore, it is not recommended to specify local0 as your facility name.

  2. Click OK.

  3. Select one of the following:

    • To add another profile, continue with Step 3.

    • To save your modifications, continue with Step 4.