Monitor NetIQ Access Manager using SNMP with Cacti

Monitor NetIQ Access Manager using SNMP with Cacti

Introduction


From NetIQ Access Manager (NAM) 4.0, NAM is supporting SNMP to monitor many of the NAM parameters. This cool solution will explain how to use this feature to monitor NAM using an open source monitoring tool Cacti.

This cool solution covers,

  • Cacti - Introduction

  • SNMP Monitoring – How it works in NAM.

  • Configuring NAM for SNMP monitoring

  • Configuring Cacti to monitor NAM using SNMP

  • Sample Cacti graphs for NAM


Cacti – Introduction


Cacti is an open source network monitoring and graphing tool. It is written in PHP/MySQL. It uses the Round-robin database tool (RRDTool) engine to store data and generate graphics. It can collect periodical data through Net-SNMP.

Advantages of Cacti:

  • Easy to install and configure

  • Unlimited graphs and hierarchical representation of monitored graphs

  • Template based-graphs and hosts configuration

  • User-based management

  • Ability to draw historical graphs of collected data

  • Support for different data collecting type: SNMP based or custom written scripts


More details about Cacti can be found at - http://www.cacti.net/

SNMP Monitoring – How it works in NAM




  • Admin Console stores these statistics in the underlying eDirectory server and exposes them through unique SNMP OOIDs.

  • Any SNMP client or monitoring tool can query the Admin Console for the specific SNMP OID for the required statistical information and use them as the monitored data.


Configuring NAM for SNMP monitoring


By default the SNMP is disabled in Admin Console. We can enable the SNMP with the following steps:

  • Make sure you have the SNMP Sub agent is installed in the Admin Console machine

  • Edit the file /opt/novell/devman/share/conf/platform.conf Modify the entry <stringParam name="enable" value="false"/> to <stringParam name="enable" value="true"/> in the following vcdnModule.


       <vcdnModule
name="snmp"
className="com.volera.vcdn.platform.snmp.SnmpAgentInit" sequence="3">
<stringParam name="enable" value="true"/>
<stringParam name="masterAgentIp" value="127.0.0.1"/>
<stringParam name="masterAgentPort" value="705"/>
</vcdnModule>


  • (Optional ) Change the default community name to any desired name in/opt/novell/devman/share/conf/snmp-master-agent.conf

  • Start the Master Agent by using the /etc/init.d/novell-snmpd start

  • Restart the Administration Console /etc/init.d/novell-ac restart


Now the Admin Console is ready to be queried for SNMP OOIDs for Monitoring NAM statistics.

Additionally you can refer the Netiq Access Manager Document for more information on configuring SNMP - https://www.netiq.com/documentation/access-manager-42/admin/data/b17nrqut.html

Configuring Cacti to monitor NAM using SNMP



  • This cool solution explain the installing and configuring of the Cacti on Ubuntu linux – 14.04.1 LTS (trusty) though you can choose your preferred linux distribution. Cacti packages are bundled along with the installation/update media for the following flavors of Linux, though the version may vary:

    • OpenSuSe

    • Gentoo Linux

    • Debian

    • Ubantu

    • Fedora




Installation steps:

[1] Install the following depended packages:
gnataraj@cacti:~$ sudo apt-get update gnataraj@cacti:~$ sudo apt-get install apache2 php5 php5-mysql php5-snmp mysql-client mysql-server snmpd rrdtool

[2] Next, install the main Cacti packages
gnataraj@cacti:~$ sudo apt-get install cacti

As part of the Cacti installation, you need to perform the following actions:

  • Choose the web-server – select - apache2

  • Configure the database server


After the above steps, a guided Cacti installation will be started with few inputs from the user and the installation may take some time based on the speed of the machine being used for installation.

After a successful installation, you can login to Cacti UI from any browser by using username as admin and password as admin for the first time. You will be asked to change the admin password in the first login.

Cacti Configuration -


Cacti provides a web UI to configure devices and graphs for monitoring a device parameter.

1

 

1. Device Configuration


We need to configure Admin Console as the device in Cacti. This can be done by Create a devices option

2


To configure a device configuration, provide the following details:

  • General host options

    • Description

    • Hostname – Provide the Fully qualified hostname or IP address for this Access Manager Admin Console.

    • Host Templates – Select the Generic SNMP – enabled Host.

    • Number of Collection threads.

    • Disable Host – Uncheck



  • Availability/Reachability options –

    • Downtime Device detection (Either by Ping or SNMP)

    • Ping time out value



  • SNMP Options -

    • SNMP Version - Select Version 2

    • SNMP Community – Provide the SNMP community string provided in opt/novell/devman/share/conf/snmp-master-agent.conf

    • SNMP Port – 161

    • Maximum OID’s Per Request




Once the device is configured, we need to configure the required graphs to be monitored.

Graph Configuration


3

Cacti provides many built-in graphs templates, which we can use for creating a graph. Here, we have chosen SNMP – Generic OID Template to create the graph.

You need to provide the following details to create a new graph:

  • Title

  • Vertical Label

  • Legend Color

  • Legend Text

  • Datastore Name

  • Maximum value in the graph “(U” for unlimited)

  • Graph type (either Gauge, or Counter)

  • OID – the SNMP OID of the parameter to be monitored for that device - You will get the complete list of SNMP OIDs for NAM devises in the NAM.mib, which is bundled with Admin Console and is available at /opt/volera/roma/conf/NAM.mib.


After configuring the graphs, Cacti will start monitoring the NAM devices and generated the graphs for the monitored parameters.

Sample Cacti graphs for NAM.

[1] NetIQ Identity Server: Free memory for four devices in a cluster (in the thumbnail view):

4

 

[2] NetIQ Identity Server: Free memory for a single node IDP1

5

[3] NetIQ Access Gateway: Cached sessions for a single node MAG1

6

[4] NetIQ Access Gateway: Current connection to a browser for a single node MAG1

7

Conclusion


With the SNMP Support for NAM, we can use wide range of Network Monitoring Tools to monitor the NAM components in production. A separate cool solution is available which explains the NAM monitoring using SNMP using Nagios (https://www.netiq.com/communities/cool-solutions/monitoring-netiq-access-manager-using-snmp-with-nagios/)

 

 
Labels (1)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2020-01-31 22:06
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.