Administrator’s Guide
Red Hat Directory Server                                                            

Previous
Contents
Index
Next

Chapter 12

Monitoring Server and Database Activity


This chapter describes monitoring database and Red Hat Directory Server (Directory Server) logs. This chapter contains the following sections:

For information on using SNMP to monitor your Directory Server, see Chapter 13, "Monitoring Directory Server Using SNMP."

Viewing and Configuring Log Files

Directory Server provides three types of logs to help you better manage your directory and tune performance. These logs include:

The following aspects are common to the configuration of all types of logs:

The following sections describe how to define your log file creation and deletion policy and how to view and configure each type of log.

Note

When the server is not running, you cannot read the logs using the Directory Server Console. However, you can read them using the Administration Server Console:

  1. From your browser, access: http://hostname:admin_server_port
  2. At the login prompt, use the admin login ID and password.
  3. Click the link for Red Hat Administration Express.

Defining a Log File Rotation Policy

If you want the directory to periodically archive the current log and start a new one, you can define a log file rotation policy from Directory Server Console. You can configure the following parameters:

0 - None
1 - Execute only
2 - Write only
3 - Write and execute
4 - Read only
5 - Read and execute
6 - Read and write
7 - Read, write, and execute
In the 3-digit number, the first digit represents the owner's permissions, the second digit represents the group's permissions, and the third digit represents everyone's permissions. When changing the default value, keep in mind that 000 will not allow access to the logs and that allowing write permissions to everyone can result in the logs being overwritten or deleted by anyone.
The newly configured access mode will only affect new logs that are created; the mode will be set when the log rotates to a new file.

Each log file inludes a title, which identifies the server version, hostname, and port, for ease of archiving or exchanging log files. The title is of the form:

Red Hat-Directory/version build_number

hostname:port (instance_directory)
 

For example, the first couple of lines of any log files generated by a Directory Server instance may show lines similar to these:

Red Hat-Directory/7.1 B2003.188.1157

myhost.example.com:389 (/opt/redhat-ds/servers/slapd-ds71)
 

Defining a Log File Deletion Policy

If you want the directory to automatically delete old archived logs, you can define a log file deletion policy from the Directory Server Console.

Note

The log deletion policy only makes sense if you have previously defined a log file rotation policy. Log file deletion will not work if you have just one log file. The server evaluates the log file deletion policy at the time of log rotation.


You can configure the following parameters:

Access Log

The access log contains detailed information about client connections to the directory. This section contains the following procedures:

Viewing the Access Log

To view the access log:

  1. In the Directory Server Console, select the Status tab; then, in the navigation tree, expand the Logs folder, and select the Access Log icon.
A table displays a list of the last 25 entries in the access log.
  1. To refresh the current display, click Refresh. Select the Continuous checkbox if you want the display to refresh automatically every ten seconds.
Note

Continuous log refresh does not work well with log files over 10Mbytes.


  1. To view an archived access log, select it from the Select Log pull-down menu.
  2. To display a different number of messages, enter the number you want to view in the "Lines to show" text box, and then click Refresh.
  3. You can display messages containing a string you specify. To do this, enter the string in the "Show only lines containing" text box, and then click Refresh.

Configuring the Access Log

You can configure a number of settings to customize the access log, including where the directory stores the access log and the creation and deletion policies.

You can also disable access logging for the directory. You may do this because the access log can grow very quickly; every 2,000 accesses to your directory will increase your access log by approximately 1 MB. However, before you turn off access logging, consider that the access log provides beneficial troubleshooting information.

To configure the access log for your directory:

  1. In the Directory Server Console, select the Configuration tab. Then, in the navigation tree, expand the Logs folder, and select the Access Log icon.
The access log configuration attributes are displayed in the right pane.
  1. To enable access logging, select the Enable Logging checkbox.
Clear this checkbox if you do not want the directory to maintain an access log. Access logging is enabled by default.
  1. Enter the full path and filename you want the directory to use for the access log in the Log File field. The default path is:
serverRoot/slapd-serverID/logs/access
 
  1. Set the maximum number of logs, log size, and periodicity of archiving.
For information on these parameters, see "Defining a Log File Rotation Policy," on page 454.
  1. Set the maximum size of combined archived logs, minimum amount of free disk space, and maximum age for a log file.
For information on these parameters, see "Defining a Log File Deletion Policy," on page 455.
  1. When you have finished making changes, click Save.

Error Log

The error log contains detailed messages of errors and events the directory experiences during normal operations. This section contains the following procedures:

Viewing the Error Log

To view the error log:

  1. In the Directory Server Console, select the Status tab; then, in the navigation tree, expand the Logs folder, and select the Error Log icon.
A table displays a list of the last 25 entries in the error log.
  1. To refresh the current display, click Refresh. Select the Continuous checkbox if you want the display to refresh automatically every ten seconds.
Note

Continuous log refresh does not work well with log files over 10Mbytes.


  1. To view an archived error log, select it from the Select Log pull-down menu.
  2. To specify a different number of messages, enter the number you want to view in the "Lines to show" text box, and click Refresh.
  3. You can display messages containing a string you specify. To do this, enter the string in the "Show only lines containing" text box, and click Refresh.

Configuring the Error Log

You can change several settings for the error log, including where the directory stores the log and what you want the directory to include in the log.

To configure the error log:

  1. In the Directory Server Console, select the Configuration tab. Then, in the navigation tree, expand the Logs folder ,and select the Error Log icon.
The error log configuration attributes are displayed in the right pane.
  1. Select the Error Log tab in the right pane.
  2. To enable error logging, select the Enable Logging checkbox.
Clear this checkbox if you do not want the directory to maintain an error log. Error logging is enabled by default.
  1. Enter the full path and filename you want the directory to use for the error log in the Log File field. The default path is:
serverRoot/slapd-serverID/logs/errors
 
  1. Set the maximum number of logs, log size, and periodicity of archiving.
For information on these parameters, see "Defining a Log File Rotation Policy," on page 454.
  1. Set the maximum size of combined archived logs, minimum amount of free disk space, and maximum age for a log file.
For information on these parameters, see "Defining a Log File Deletion Policy," on page 455.
  1. If you want to set the log level, Ctrl+click the options you want the directory to include in the Log Level list box.
For more information about log level options, see "Log Level" in the Red Hat Directory Server Configuration, Command, and File Reference.
Changing these values from the defaults may cause your error log to grow very rapidly, so it is recommended that you do not change your logging level unless you are asked to do so by Red Hat Technical Support.
  1. When you have finished making changes, click Save.

Audit Log

The audit log contains detailed information about changes made to each database as well as to server configuration. This section contains the following procedures:

Viewing the Audit Log

Before you can view the audit log, you must enable audit logging for the directory. See "Configuring the Audit Log," on page 460, for information.

To view the audit log:

  1. In the Directory Server Console, select the Status tab. Then, in the navigation tree, expand the Logs folder, and select the Audit Log icon.
A table displays a list of the last 25 entries in the audit log.
  1. To refresh the current display, click Refresh. Select the Continuous checkbox if you want the display to refresh automatically every ten seconds.
Note

Continuous log refresh does not work well with log files over 10Mbytes.


  1. To view an archived audit log, select it from the Select Log pull-down menu.
  2. To display a different number of messages, enter the number you want to view in the "Lines to show" text box, and click Refresh.
  3. You can display messages containing a string you specify. To do this, enter the string in the "Show only lines containing" text box, and click Refresh.

Configuring the Audit Log

You can use the Directory Server Console to enable and disable audit logging and to specify where the audit log file is stored.

To configure audit logging:

  1. In the Directory Server Console, select the Configuration tab. Then, in the navigation tree, expand the Logs folder, and select the Audit Log icon.
The audit log configuration attributes are displayed in the right pane.
  1. To enable audit logging, select the Enable Logging checkbox.
To disable audit logging, clear the checkbox. By default, audit logging is disabled.
  1. Enter the full path and filename you want the directory to use for the audit log in the field provided. The default path is:
serverRoot/slapd-serverID/logs/audit
 
  1. Set the maximum number of logs, log size, and periodicity of archiving.
For information on these parameters, see "Defining a Log File Rotation Policy," on page 454.
  1. Set the maximum size of combined archived logs, minimum amount of free disk space, and maximum age for a log file.
For information on these parameters, see "Defining a Log File Deletion Policy," on page 455.
  1. When you have finished making changes, click Save.

Manual Log File Rotation

The Directory Server supports automatic log file rotation for all three logs. However, you can manually rotate log files if you have not set automatic log file creation or deletion policies. By default, access, error, and audit log files can be found in the following location:

serverRoot/slapd-serverID/logs/
 

To manually rotate log files:

  1. Shut down the server.
See "Starting and Stopping the Directory Server," on page 37, for instructions.
  1. Move or rename the log file you are rotating in case you need the old log file for future reference.
  2. Restart the server.
See "Starting and Stopping the Directory Server," on page 37, for instructions.

Monitoring Server Activity

You can monitor your Directory Server's current activities from either the Directory Server Console or the command-line. You can also monitor the activity of the caches for all of your database. This section contains the following information:

Monitoring Your Server from the Directory Server Console

This section contains information about using the Directory Server Console to monitor your server and the information available to you in the performance monitor.

Viewing the Server Performance Monitor

To monitor your server's activities using Directory Server Console:

  1. In the Directory Server Console, select the Status tab. In the navigation tree, select Performance Counters.
The Status tab in the right pane displays current information about server activity. If the server is currently not running, this tab will not provide performance monitoring information.
  1. Click Refresh to refresh the current display. If you want the server to continuously update the displayed information, select the Continuous checkbox.

Overview of Server Performance Monitor Information

The server provides monitoring information as described in the following sections:

General Information (Server)

The server provides the following general information:

Resource Summary

The Resource Summary table displayed by the Console provides resource-specific information listed in Table 12-1.

Table 12-1 Server Performance Monitoring - Resource Summary  
Resource
Usage since startup
Average per minute
Connections
Total number of connections to this server since server startup.
Average number of connections per minute since server startup.
Operations Initiated
Total number of operations initiated since server startup. Operations include any client requests for server action, such as searches, adds, and modifies. Often, multiple operations are initiated for each connection.
Average number of operations per minute since server startup.
Operations Completed
Total number of operations completed by the server since server startup.
Average number of operations per minute since server startup.
Entries Sent to Clients
Total number of entries sent to clients since server startup. Entries are sent to clients as the result of search requests.
Average number of entries sent to clients per minute since server startup.
Bytes Sent to Clients
Total number of bytes sent to clients since server startup.
Average number of bytes sent to clients per minute since server startup.

Current Resource Usage

The Resource Summary table in Directory Server Console provides resource-specific information listed in Table 12-2.

Table 12-2 Server Performance Monitoring - Current Resource Usage  
Resource
Current total
Active Threads
Current number of active threads used for handling requests. Additional threads may be created by internal server tasks, such as replication or chaining.
Open Connections
Total number of open connections. Each connection can account for multiple operations, and therefore multiple threads.
Remaining Available Connections
Total number of remaining connections that the server can concurrently open. This number is based on the number of currently open connections and the total number of concurrent connections that the server is allowed to open. In most cases, the latter value is determined by the operating system and is expressed as the number of file descriptors available to a task.
Threads Waiting to Write to Client
Total number of threads waiting to write to the client. Threads may not be immediately written when the server must pause while sending data to a client. Reasons for a pause include a slow network, a slow client, or an extremely large amount of information being sent to the client.
Threads Waiting to Read from Client
Total number of threads waiting to read from the client. Threads may not be immediately read if the server starts to receive a request from the client, and then the transmission of that request is halted for some reason. Generally, threads waiting to read are an indication of a slow network or client.
Databases in Use
Total number of databases being serviced by the server.

Connection Status

The Connection Status table in the Directory Server Console provides the following information about the amount of resources in use by each currently open connection:

Table 12-3 Server Performance Monitoring - Connection Status  
Table Header
Description
Time opened
Indicates the time on the server when the connection was initially opened.
Started
Indicates the number of operations initiated by this connection.
Completed
Indicates the number of operations completed by the server for this connection.
Bound as
Indicates the distinguished name used by the client to bind to the server. If the client has not authenticated to the server, the server displays not bound in this field.
Read/Write
Indicates whether the server is currently blocked for read or write access to the client. Possible values include:
  • Not blocked. Indicates that the server is idle, actively sending data to the client, or actively reading data from the client.
  • Blocked. Indicates that the server is trying to send data to the client or read data from the client but cannot. The probable cause is a slow network or client.

Global Database Cache Information

The Global Database Cache Information table in the Directory Server Console contains the following information:

Table 12-4 Server Performance Monitoring - Global Database Cache  
Table Header
Description
Hits
Indicates the number of times the server could process a request by obtaining data from the cache rather than by going to the disk.
Tries
The total number of requests performed on your directory since server startup.
Hit Ratio
The ratio of cache tries to successful cache hits. The closer this number is to 100%, the better.
Pages read in
Indicates the number of pages read from disk into the cache.
Pages written out
Indicates the number of pages written from the cache back to disk.
Read-only page evicts
Indicates the number of read-only pages discarded from the cache to make room for new pages. Pages discarded from the cache have to be written to disk, possibly affecting server performance. The lower the number of page evicts the better.
Read-write page evicts
Indicates the number of read-write pages discarded from the cache to make room for new pages. This value differs from Pages Written Out in that these are discarded read-write pages that have not been modified.
Pages discarded from the cache have to be written to disk, possibly affecting server performance. The lower the number of page evicts the better.

Monitoring Your Server from the Command-Line

You can monitor your Directory Server's current activities from any LDAP client by performing a search operation with the following characteristics:

For example:

ldapsearch -h directory.example.com -s base -b "cn=monitor" 
"(objectclass=*)"
 

For information on searching the Directory Server, see "Using ldapsearch," on page 590.

The monitoring attributes for your server are found in the cn=monitor,cn=config entry.

When you monitor your server's activities using ldapsearch, you see the following information:

By default, this information is available to you only if you bind to the directory as the Directory Manager. However, you can change the ACI associated with this information to allow others to access the information.

Monitoring Database Activity

You can monitor your database's current activities from Directory Server Console or from the command-line. This section contains the following information:

Monitoring Database Activity from the Server Console

This section describes how you can use Directory Server Console to view the database performance monitors and what sort of information the performance monitors provide.

Viewing Database Performance Monitors

To monitor your database's activities:

  1. In the Directory Server Console, select the Status tab. In the navigation tree, expand the Performance Counters folder, and select the database that you want to monitor.
The tab displays current information about database activity. If the server is currently not running, this tab will not provide performance monitoring information.
  1. Click Refresh to refresh the currently displayed information. If you want the directory to continuously update the displayed information, select the Continuous checkbox, and then click Refresh.

Overview of Database Performance Monitor Information

The directory provides database monitoring information as described in the following sections:

General Information (Database)

The directory provides the following general database information:

Summary Information Table

The Summary Information table provides the following information:

Table 12-5 Database Performance Monitoring - Summary Information  
Performance Metric
Current Total
Readonly status
Indicates whether the database is currently in read-only mode. Your database is in read-only mode when the readonly attribute is set to on.
Entry cache hits
Indicates the total number of successful entry cache lookups. That is, the total number of times the server could process a search request by obtaining data from the cache rather than by going to disk.
Entry cache tries
Indicates the total number of entry cache lookups since the directory was last started. That is, the total number of search operations performed against your server since server startup.
Entry cache hit ratio
Ratio that indicates the number of entry cache tries to successful entry cache lookups. This number is based on the total lookups and hits since the directory was last started. The closer this value is to 100%, the better. Whenever a search operation attempts to find an entry that is not present in the entry cache, the directory has to perform a disk access to obtain the entry. Thus, as this ratio drops towards zero, the number of disk accesses increases, and directory search performance drops.
To improve this ratio, you can increase the number of entries that the directory maintains in the entry cache by increasing the value of the "Maximum Entries in Cache" attribute. See "Tuning Database Performance," on page 486, for information on changing this value using the Server Console.
Current entry cache size (in bytes)
Indicates the total size of directory entries currently present in the entry cache.
Maximum entry cache size (in bytes)
Indicates the size of the entry cache maintained by the directory. This value is managed by the "Maximum Cache Size" attribute. See "Tuning Database Performance," on page 486, for information on changing this value using the Server Console.
Current entry cache size (in entries)
Indicates the total number of directory entries currently present in the entry cache.
Maximum entry cache size (in entries)
Indicates the maximum number of directory entries that can be maintained in the entry cache. This value is managed by the "Maximum Entries in Cache" attribute. See "Tuning Database Performance," on page 486, for information on changing this value using the Server Console.

Database Cache Information Table

The Database Cache Information table provides caching information listed in Table 12-6.

Table 12-6 Database Performance Monitoring - Database Cache Information  
Performance Metric
Current Total
Hits
Indicates the number of times the database cache successfully supplied a requested page. A page is a buffer of the size 2K.
Tries
Indicates the number of times the database cache was asked for a page.
Hit ratio
Indicates the ratio of database cache hits to database cache tries. The closer this value is to 100%, the better. Whenever a directory operation attempts to find a portion of the database that is not present in the database cache, the directory has to perform a disk access to obtain the appropriate database page. Thus, as this ratio drops towards zero, the number of disk accesses increases, and directory performance drops.
To improve this ratio, you can increase the amount of data that the directory maintains in the database cache by increasing the value of the "Maximum Cache Size" attribute. See "Tuning Database Performance," on page 486, for information on changing this value using the Server Console.
Pages read in
Indicates the number of pages read from disk into the database cache.
Pages written out
Indicates the number of pages written from the cache back to disk. A database page is written to disk whenever a read-write page has been modified and then subsequently deleted from the cache. Pages are deleted from the database cache when the cache is full and a directory operation requires a database page that is not currently stored in cache.
Read-only page evicts
Indicates the number of read-only pages discarded from the cache to make room for new pages.
Read-write page evicts
Indicates the number of read-write pages discarded from the cache to make room for new pages. This value differs from Pages Written Out in that these are discarded read-write pages that have not been modified.

Database File-Specific Table

The directory displays a table for each index file that makes up your database. Each of the tables provides the following information:

Table 12-7 Database Performance Monitoring - Database File-Specific 
Performance Metric
Current Total
Cache hits
Number of times that a search result resulted in a cache hit on this specific file. That is, a client performs a search that requires data from this file, and the directory obtains the required data from the cache.
Cache misses
Number of times that a search result failed to hit the cache on this specific file. That is, a search that required data from this file was performed, and the required data could not be found in the cache.
Pages read in
Indicates the number of pages brought to the cache from this file.
Pages written out
Indicates the number of pages for this file written from cache to disk.

Monitoring Databases from the Command-Line

You can monitor your directory's database activities from any LDAP client by performing a search operation with the following characteristics:

For example:

ldapsearch -h directory.example.com -s base -b 
"cn=monitor,cn=Example,cn=ldbm database,cn=plugins, cn=config" 
"objectclass=*"
 

In this example, the ldapsearch operation looks for the Example database. For information on searching the directory, see "Using ldapsearch," on page 590.

When you monitor your server's activities, you see the following information:

Next, the following information for each file that makes up your database is displayed:

Monitoring Database Link Activity

You can monitor the activity of your database links from the command-line using the monitoring attributes. Use the ldapsearch command-line utility to return the attribute values that interest you. The monitoring attributes are stored in the following entry: cn=monitor,cn=database_link_name,cn=chaining database,cn=plugins,cn=config.

For example, you can use the ldapsearch command-line utility to retrieve the number of add operations received by a particular database link called DBLink1. First, type the following to change to the directory containing the utility:

cd serverRoot/shared/bin
 

Then, run ldapsearch as follows:

ldapsearch -h directory.example.com -p 389 -D "cn=Directory 
Manager" -w secret -s sub -b "cn=monitor,cn=DBLink1,cn=chaining 
database,cn=plugins,cn=config" "(objectclass=*)" nsAddCount
 
Note

The above command should be typed on a single line. It does not appear on one line here because of page size constraints.


You can search for the following database link monitoring attributes:

Table 12-8 Database Link Monitoring Attributes  
Attribute Name
Description
nsAddCount
Number of add operations received.
nsDeleteCount
Number of delete operations received.
nsModifyCount
Number of modify operations received.
nsRenameCount
Number of rename operations received.
nsSearchBaseCount
Number of base level searches received.
nsSearchOneLevelCount
Number of one-level searches received.
nsSearchSubtreeCount
Number of subtree searches received.
nsAbandonCount
Number of abandon operations received.
nsBindCount
Number of bind request received.
nsUnbindCount
Number of unbinds received.
nsCompareCount
Number of compare operations received.
nsOperationConnectionCount
Number of open connections for normal operations.
nsBindConnectionCount
Number of open connections for bind operations.

For more information about ldapsearch, see the Red Hat Directory Server Configuration, Command, and File Reference.




Previous
Contents
Index
Next

© 2001 Sun Microsystems, Inc. Used by permission. © 2005 Red Hat, Inc. All rights reserved.
Read the Full Copyright and Third-Party Acknowledgments.

last updated May 20, 2005