That should work.
Thanks,
M.
On Thu, Dec 21, 2017 at 1:49 PM, Sergei Gerasenko <gerases@xxxxxxxxx> wrote:
Excellent info, Mark. Thank you. I’m using collectd for graphing the results and since the backend trees are not readable by everyone, I’m thinking of granting read access to the collectd account.Is an ldif like the one below the right way to do it:dn: cn=monitor,cn=ldbm database,cn=plugins,cn=configchangetype: modifyadd: aciaci: (target ="ldap:///cn=monitor,cn=ldbm database,cn=plugins,cn=config")(targetattr != "aci || connection")(version 3.0; acl “collectd access"; allow( read, search, compare ) userdn = "ldap:///uid=collectd,cn= users,cn=accounts,dc=mydomain, ”;)dc=net Thanks!SergeiOn Dec 21, 2017, at 3:20 PM, Marc Sauton <msauton@xxxxxxxxxx> wrote:The SNMP counters are not always interesting, but they can provide the system memory use and some LDAP BIND info.Undercn=monitor , the most important are:the difference between opsinitiated and opscompletedand alsothreadscurrentconnectionsandbackendmonitordnso undercn=monitor,cn=<backend-name>,cn=ldbm\ database,cn=plugins,cn=config objectclass=* like for exampledn: cn=monitor,cn=userRoot,cn=ldbm database,cn=plugins,cn=configthe following are important:entrycachehitratiocurrententrycachesizemaxentrycachesizedncachehitratiocurrentdncachesizemaxdncachesizeand the pagein and pageout values if too highundercn=monitor,cn=ldbm\ database,cn=plugins,cn=confignsslapd-db-current-locksnsslapd-db-configured-locksnsslapd-db-page-ro-evict-ratensslapd-db-page-rw-evict-ratethe dbmon.sh tool can provide some info/hints/detailsfor replication, the attributensDS5ReplicaLastUpdateStatusnsDS5ReplConflictnsruvReplicaLastModified/usr/bin/ldapsearch -xLLL -h xx -p xx -D "cn=directory manager" -W -b "cn=mapping tree,cn=config" "(&(objectClass=nsDS5ReplicationAgreement)( nsDS5ReplicaHost=*)( nsDS5ReplicaPort=xx))" nsDS5ReplicaChangesSentSinceSt artup nsDS5ReplicaLastUpdateStatus nsDS5ReplicaUpdateInProgress nsDS5ReplicaLastUpdateStart nsDS5ReplicaLastUpdateEnd /usr/bin/ldapsearch -LLLx -o ldif-wrap=no -D "cn=directory manager" -W -b dc=example,dc=com nsds5ReplConflict=* dn cnseethere is also an old tool calledfrom the "Admin Express" feature, HTML colored page:I may have forgotten some attributes.Thanks,M.______________________________On Thu, Dec 21, 2017 at 11:50 AM, Sergei Gerasenko <gerases@xxxxxxxxx> wrote:I’ve implemented the solution described in the thread. My question now is: what should I really monitor?There are so many metrics to consider. The thread talks about cn=snmp,cn=monitor. But there are also cn=monitor suffixes under each backend for example. Is there a recommended mininum set of things to monitor?On Dec 14, 2017, at 6:23 PM, Marc Sauton <msauton@xxxxxxxxxx> wrote:There is no collectd 389-ds plug-in, but there was a post with an example:May be other users already run some similar plug-in?Should we have such plug-in?Thanks,
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
_________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
