How to gather useful Information from eDirectory log

0 Likes
over 7 years ago
Environment

NetIQ eDirectory for Linux x86_64 v8.8 SP6 [DS]

NetIQ eDirectory for Linux x86_64 v8.8 SP7 [DS]

NetIQ eDirectory for Linux x86_64 v8.8 SP8 [DS]

Situation

How to use ndstrace to find out the number of successful and unsuccessful authentications.

As a good practice, an eDirectory administrator needs to know the amount of authentications and LDAP traffic that have been received in order to verify the health, response time and performance of the eDirectory boxes.

This article explains how to set up the ndstrace utility and how to gather the log file in order to analyze the information.

Prerequisites

Here is what you will need in order to follow the procedure:

  • Access to the eDirectory server (via ssh or physical access)

  • Administrative user (i.e. your account is in the sudoers group)

  • The eDirectory box has at least 500 MB of free space (the more debug information you need, the more disk space is required)


Resolution

  1. Get access to the server (in my case I'm using ssh) and sudo to get root access,

    ssh login ssh login

  • Make sure that the eDirectory path is correctly set (in case it is not) you will need to go through your eDirectory bin path (in my case /opt/novell/eDirectory/bin) and execute the ndspath script.

    ndspath ndspath

  • Execute ndstrace command.

    ndstrace execution ndstrace execution

  • Depending on the flags that are enabled, you can see some activity in the ndstrace screen. In order to get a clean trace, first you need to turn off all messages by executing (within the ndstrace screen):
    # set ndstrace = nodebug
    #ndstrace

    clean_ndstrace clean_ndstrace

  • Once you have a clean screen, it's necessary to enable the LDAP , AUTH and TIME flags.
    #set ndstrace=  LDAP
    #set ndstrace= AUTH
    #set ndstrace= TIME

    ndstrace_auth ndstrace_auth


    ndstrace_ldap ndstrace_ldap


    ndstrace_time ndstrace_time

  • Once these flags are enabled, you will see traffic in the screen . Enter "exit" in order to close the ndstrace utility.

    ndstrace_exit ndstrace_exit

  • After closing the ndstrace utility, you are returned to the terminal prompt. At this point it's necessary to redirect the ndstrace output to the log file (in my case I'm redirecting to the /tmp directory), so enter:
     #ndstrace -l > /tmp/someFileName.log

    ndstrace_send_to_log ndstrace_send_to_log


    By doing that you only have to decide how much time you need to gather information (in my case I left the log for an hour). When you decide that you have enough information to work, just cancel the execution control c

  • Once you have enough information you can get important data by running the following commands:Total amount of simple authentications:
    # grep "authentication:simple" someFileName.log |wc -l

    Occurrences per authenticated user
    #grep "authentication:simple" someFileName.log | cut -d " " -f 5 | sed 's/name://g' | sort | uniq -c

    Failed authentication due to an invalid password
    # grep "LocalLoginRequest" someFileName.log | grep "failed authentication (-669)" | wc -l

    By checking those numbers you can have a good idea of  how your eDir box is performing.


For more information about the ndstrace flags, you can see the Novell eDirectory guide http://www.novell.com/documentation/edir873/?page=/documentation/edir873/edir873/data/a2n4mbo.html

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended