SNMP-Based Monitoring
Note
The interface stability of this legacy feature is deprecated.
DS servers support SNMP, including the Management Information Base described in RFC 2605: Directory Server Monitoring MIB.
SNMP is not enabled by default. SNMP-based monitoring depends on an OpenDMK library. The OpenDMK binary bundle containing this library ships with DS servers as snmp/opendmk.jar
. Installation requires that you accept the OpenDMK Binary License. OpenDMK installation is a separate step that you must perform before you can use SNMP.
Run the OpenDMK installer and accept the license, use the self-extracting .jar:
$
java -jar /path/to/opendj/snmp/opendmk.jar
Install OpenDMK, and then copy the libraries to the
/path/to/opendj/extlib
directory. For example, if you install OpenDMK in the/path/to
directory, copy the libraries from the/path/to/OpenDMK-bin/lib
directory:$
cp /path/to/OpenDMK-bin/lib/* /path/to/opendj/extlib/
Set up an SNMP connection handler:
$
dsconfig \ set-connection-handler-prop \ --handler-name SNMP \ --set enabled:true \ --hostname localhost \ --port 4444 \ --bindDN uid=admin \ --bindPassword password \ --usePkcs12TrustStore /path/to/opendj/config/keystore \ --trustStorePasswordFile /path/to/opendj/config/keystore.pin \ --no-prompt
If the server does not have access to the default ports, change them.
By default, the SNMP connection handler listens on port
161
, and uses port162
for traps. On UNIX and Linux systems, only root can normally open these ports. The following command installs as a normal user, changing the listen and trap ports:$
dsconfig \ set-connection-handler-prop \ --handler-name SNMP \ --set listen-port:11161 \ --set trap-port:11162 \ --hostname localhost \ --port 4444 \ --bindDN uid=admin \ --bindPassword password \ --usePkcs12TrustStore /path/to/opendj/config/keystore \ --trustStorePasswordFile /path/to/opendj/config/keystore.pin \ --no-prompt
Restart the SNMP connection handler to take the changes into account:
$
dsconfig \ set-connection-handler-prop \ --handler-name SNMP \ --set enabled:false \ --hostname localhost \ --port 4444 \ --bindDN uid=admin \ --bindPassword password \ --usePkcs12TrustStore /path/to/opendj/config/keystore \ --trustStorePasswordFile /path/to/opendj/config/keystore.pin \ --no-prompt
$dsconfig \ set-connection-handler-prop \ --handler-name SNMP \ --set enabled:true \ --hostname localhost \ --port 4444 \ --bindDN uid=admin \ --bindPassword password \ --usePkcs12TrustStore /path/to/opendj/config/keystore \ --trustStorePasswordFile /path/to/opendj/config/keystore.pin \ --no-prompt
Check that connection handler works as expected.
The following command reads the response on the SNMP listen port:
$
snmpwalk -v 2c -c OpenDJ@OpenDJ localhost:11161
iso.3.6.1.2.1.66.1.1.1.1 = STRING: "ForgeRock Directory Services version" iso.3.6.1.2.1.66.1.1.2.1 = STRING: "/path/to/opendj" ...