Related Tips & Info

Monitoring NetIQ Access Manager using SNMP with Nagios

MigrationDeletedUser
0 Likes

Usecase


Monitoring with SNMP feature is introduced in NetIQ Access Manager 4.0. Although, there could be many usecases derived out this feature, one such usecase is to monitor service status of NetIQ Identity provider and send email notification to administrator whenever service goes down. This is achieved with the help of Nagios as NMS (Network Management Software) using SNMP protocol.

Introduction


Now that Identity Providers (IDP) and Access Gateways (AG) components can be monitored using SNMP with any of external monitoring softwares such as Nagios, it becomes a easy integration point. Based on the architecture diagram shown below, the access is centralized to Administration Console, from which all of NAM devices can be monitored, that includes more than 100 attributes altogether, such as free memory, incoming and outgoing requests, sessions details, etc. Each of these attributes can be queried using SNMP with unique identifier (OID).


usercaseSmall

In the background, IDP and AG devices keeps sending periodic monitoring statistics to Administration Console and same is available through SNMP master agent as well. Any external monitoring software can monitor IDP or AG devices by communicating to master agent using SNMP protocol.
In this document, we will talk about how to monitor service status of Identity provider using SNMP.

For more information regarding supported SNMP objects, querying with OID, configurations, etc please refer to Administration Console guide.


Administration Console configuration


Make sure SNMP is enabled in Administration Console, below are few steps to do in case not enabled.

  1. In the /opt/novell/devman/share/conf/platform.conf file, traverse to the vcdn module for SNMP. In <stringParam name="enable" value="false", replace false with true. This enables monitoring between Access Manager devices.





<vcdnModule
name="snmp" className="com.volera.vcdn.platform.snmp.SnmpAgentInit" sequence="3">
<stringParam name="enable" value="true"/>
<stringParam name="masterAgentIp" value="127.0.0.1"/>
<stringParam name="masterAgentPort" value="705"/>
</vcdnModule>





  1. Change the default community name to any desired name in /opt/novell/devman/share/conf/snmp-master-agent.conf

  • Start the Master Agent by using the /etc/init.d/novell-snmpd start command.

  • Restart the Administration Console /etc/init.d/novell-ac restart



Configuring Nagios


Download configuration (nam.cfg)

As a prerequisite, Nagios server (http://www.nagios.org) is required to be installed in any Linux box. Additionally, net-snmp command line utility and Nagios SNMP plugin i.e check_snmp is required, if not present please install it, information is available at https://www.nagios-plugins.org
Also, make sure proper email address is configured as part of default email notification in Nagios contact configuration.

Additionally, few configurations are required in Nagios server and steps are mentioned below.

  1. Attached nam.cfg contains required configuration to monitor service status of IDP.

  • Copy nam.cfg into any location or preferably to /etc/nagios/objects/

  • Edit /etc/nagios/nagios.cfg and add a entry for newly added nam.cfg file location. for example cfg_file=/etc/nagios/objects/nam.cfg (make sure location path is correct).

  • Edit nam.cfg and change Administration Console IP to real one and also the community name.




    _adminconsole_ip_address 164.99.86.188 ; IP address of Primary Administration Console _snmp_community_name netiq ;Community name of the SNMP service




     

  • Change the IP address of Identity Provider. Please note that more than one Identity provider can be monitored just by adding additional host entires as mentioned below by mentioning different IP address. Rest of the required configurations are already present to make things easy.






define host {
host_name Identity Provider 1
use nam_base_host
address 10.240.100.27 # IP address of Identity Provider
 }






  1. Finally restart nagios service /etc/init.d/nagios restart


Verifying


Email will get triggered to default admin contact when IDP status goes RED. To test this, IDP can manually stopping from Administration. Here is how to do that.

  1. Login to Administration Console and got to Identity Servers page.

  • Select the Identity server and click on “stop” button to bring down the service.

  • Within few minutes, email notification from Nagios will be triggered.


Here is a Nagios screen shot, note that IDP service is stopped but Linux box is up.

nagios1

Labels:

How To-Best Practice
Comment List
Related
Recommended

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.