Monitor NetIQ Access Manager using SNMP with Cacti
From NetIQ Access Manager (NAM) 4.0, NAM is supporting SNMP to monitor many of the NAM parameters. This cool solution will explain how to use this feature to monitor NAM using an open source monitoring tool Cacti.
This cool solution covers,
- Cacti - Introduction
- SNMP Monitoring – How it works in NAM.
- Configuring NAM for SNMP monitoring
- Configuring Cacti to monitor NAM using SNMP
- Sample Cacti graphs for NAM
Cacti – Introduction
Cacti is an open source network monitoring and graphing tool. It is written in PHP/MySQL. It uses the Round-robin database tool (RRDTool) engine to store data and generate graphics. It can collect periodical data through Net-SNMP.
Advantages of Cacti:
- Easy to install and configure
- Unlimited graphs and hierarchical representation of monitored graphs
- Template based-graphs and hosts configuration
- User-based management
- Ability to draw historical graphs of collected data
- Support for different data collecting type: SNMP based or custom written scripts
More details about Cacti can be found at - http://www.cacti.net/
SNMP Monitoring – How it works in NAM
- Individual NAM components (Identity provider and Access Gateway) periodically send wide range of statistics to the Access Manager Admin Console. Some of the example statistics are Free Memory, Provided Authentication, Consumed Authentications, CUP Utilization (Access Gateway), Cache hit..etc.
- The Complete list of statistics can be found at
- Admin Console stores these statistics in the underlying eDirectory server and exposes them through unique SNMP OOIDs.
- Any SNMP client or monitoring tool can query the Admin Console for the specific SNMP OID for the required statistical information and use them as the monitored data.
Configuring NAM for SNMP monitoring
By default the SNMP is disabled in Admin Console. We can enable the SNMP with the following steps:
- Make sure you have the SNMP Sub agent is installed in the Admin Console machine
- Edit the file /opt/novell/devman/share/conf/platform.conf Modify the entry <stringParam name="enable" value="false"/> to <stringParam name="enable" value="true"/> in the following vcdnModule.
<stringParam name="enable" value="true"/>
<stringParam name="masterAgentIp" value="127.0.0.1"/>
<stringParam name="masterAgentPort" value="705"/>
- (Optional ) Change the default community name to any desired name in/opt/novell/devman/share/conf/snmp-master-agent.conf
- Start the Master Agent by using the /etc/init.d/novell-snmpd start
- Restart the Administration Console /etc/init.d/novell-ac restart
Now the Admin Console is ready to be queried for SNMP OOIDs for Monitoring NAM statistics.
Additionally you can refer the Netiq Access Manager Document for more information on configuring SNMP - https://www.netiq.com/documentation/access-manager-42/admin/data/b17nrqut.html
Configuring Cacti to monitor NAM using SNMP
- This cool solution explain the installing and configuring of the Cacti on Ubuntu linux – 14.04.1 LTS (trusty) though you can choose your preferred linux distribution. Cacti packages are bundled along with the installation/update media for the following flavors of Linux, though the version may vary:
- Gentoo Linux
 Install the following depended packages:
gnataraj@cacti:~$ sudo apt-get update gnataraj@cacti:~$ sudo apt-get install apache2 php5 php5-mysql php5-snmp mysql-client mysql-server snmpd rrdtool
 Next, install the main Cacti packages
gnataraj@cacti:~$ sudo apt-get install cacti
As part of the Cacti installation, you need to perform the following actions:
- Choose the web-server – select - apache2
- Configure the database server
After the above steps, a guided Cacti installation will be started with few inputs from the user and the installation may take some time based on the speed of the machine being used for installation.
After a successful installation, you can login to Cacti UI from any browser by using username as admin and password as admin for the first time. You will be asked to change the admin password in the first login.
Cacti Configuration -
Cacti provides a web UI to configure devices and graphs for monitoring a device parameter.
1. Device Configuration
We need to configure Admin Console as the device in Cacti. This can be done by Create a devices option
To configure a device configuration, provide the following details:
- General host options
- Hostname – Provide the Fully qualified hostname or IP address for this Access Manager Admin Console.
- Host Templates – Select the Generic SNMP – enabled Host.
- Number of Collection threads.
- Disable Host – Uncheck
- Availability/Reachability options –
- Downtime Device detection (Either by Ping or SNMP)
- Ping time out value
- SNMP Options -
- SNMP Version - Select Version 2
- SNMP Community – Provide the SNMP community string provided in opt/novell/devman/share/conf/snmp-master-agent.conf
- SNMP Port – 161
- Maximum OID’s Per Request
Once the device is configured, we need to configure the required graphs to be monitored.
Cacti provides many built-in graphs templates, which we can use for creating a graph. Here, we have chosen SNMP – Generic OID Template to create the graph.
You need to provide the following details to create a new graph:
- Vertical Label
- Legend Color
- Legend Text
- Datastore Name
- Maximum value in the graph “(U” for unlimited)
- Graph type (either Gauge, or Counter)
- OID – the SNMP OID of the parameter to be monitored for that device - You will get the complete list of SNMP OIDs for NAM devises in the NAM.mib, which is bundled with Admin Console and is available at /opt/volera/roma/conf/NAM.mib.
After configuring the graphs, Cacti will start monitoring the NAM devices and generated the graphs for the monitored parameters.
Sample Cacti graphs for NAM.
 NetIQ Identity Server: Free memory for four devices in a cluster (in the thumbnail view):
 NetIQ Identity Server: Free memory for a single node IDP1
 NetIQ Access Gateway: Cached sessions for a single node MAG1
 NetIQ Access Gateway: Current connection to a browser for a single node MAG1
With the SNMP Support for NAM, we can use wide range of Network Monitoring Tools to monitor the NAM components in production. A separate cool solution is available which explains the NAM monitoring using SNMP using Nagios (https://www.netiq.com/communities/cool-solutions/monitoring-netiq-access-manager-using-snmp-with-nagios/)