Skip to content

Latest commit

 

History

History
122 lines (111 loc) · 8.85 KB

README.md

File metadata and controls

122 lines (111 loc) · 8.85 KB

Novell DirXML 1.1 and Micro Focus (formerly NetIQ) Identity Manager 2.x/3.x/4.x driver state detector plugin for Nagios and Icinga - basically a wrapper for "dxcmd -getstate".

Usage: check_dxml_drvstate [-s <server>] -u <username>, -p <password> -d <driver-dn> [-i] [--tw <warnsize> --tc <criticalsize> [--tree <treename>]]
Usage: check_dxml_drvstate [-h | --help | -?]
Novell DirXML and Novell/NetIQ Identity Manager driver state detector plugin for Nagios/Icinga
Version 2.2, 2021-06-10

  -s, --server     DirXML/IDM server IP or hostname, e.g. 127.0.0.1 or myserver.mydomain.org.
                   Leave out this option to check drivers running on the same machine as nrpe.
      --edirport   eDirectory (NCP) port. Defaults to 524 if not specified.
      --ldapmode   TLS, SSL or CLEAR. Defaults to TLS (=StartTLS on LDAP cleartext port) if not specified.
      --ldapport   LDAP port. Defaults to 636 if not specified and LDAP mode is SSL (which 
                   includes TLS 1.0 and higher on secure LDAP port if your IDM version support it).
                   Defaults to 389 if not specified and LDAP mode is (Start)TLS or CLEAR.
  -u, --username   Account used to check driver state, ldap typed syntax, e.g. cn=admin,o=novell
  -p, --password   Password in cleartext (good reason to use a restriced account :-)
  -d, --driver     Driver to check, ldap typed syntax, cn=drv_test,cn=my_driverset,o=system
  -i, --invert     Invert return codes to monitor inactive backup servers in a driverset.
                   A running driver will return STATE_CRITICAL (2), a stopped one STATE_OK (0)
      --tw         Max TAO file size before STATE_WARNING (1) will be reported
      --tc         Max TAO file size before STATE_CRITICAL (2) will be reported
                   If neither --tw and --tc are set, TAO file size checking will be disabled
                   (--tw/--tc parameters are deprecated: use --csw/--csc instead)
      --csw        Max cache size before STATE_WARNING (1) will be reported
      --csc        Max cache size before STATE_CRITICAL (2) will be reported
                   If neither --csw and --csc are set, cache size checking will be disabled
                   (--csw/--csc parameters replace --tw/--tc; cache size is TAO file size minus 72 bytes)
      --caw        Max cache age (in seconds) before STATE_WARNING (1) will be reported
      --cac        Max cache age (in seconds) before STATE_CRITICAL (2) will be reported
                   If neither --caw and --cac are set, cache size checking will be disabled
      --hbw        Max time in seconds since last publisher heartbeat before STATE_WARNING (1) will be reported
      --hbc        Max time in seconds since last publisher heartbeat before STATE_CRITICAL (2) will be reported
                   If neither --hbw and --hbc are set, publisher heartbeat checking will be disabled
                   Please note that a schema extension and a special publisher event transform policy on the
                   driver are necessary to support heartbeat checking
      --hbattr     LDAP name of the attr that stores the last publisher heartbeat timestamp if a non-default
                   schema extension is used
      --tjw        Max time in seconds since last trigger job before STATE_WARNING (1) will be reported
      --tjc        Max time in seconds since last trigger job before STATE_CRITICAL (2) will be reported
                   If neither --tjw and --tjc are set, trigger job checking will be disabled
                   Please note that a schema extension and a special subscriber event transform policy on the
                   driver are necessary to support trigger job checking
      --tjattr     LDAP name of the attr that stores the last trigger job timestamp if a non-default
                   schema extension is used
      --tree       Treename of the driver to be checked. Only needed with TAO file size monitoring
                   on edir 8.8 running multiple instances. If not set, the first instance reported
                   by ndsconfig get will be used
      --short      print short output, omit driver and file names
      --br         Add <br> tags to output for better readability in HTML display
      --nl         Add line breaks to output for better readability in console/file output
      --bindir     Directory where dxcmd and ndsconfig binaries are located
      --perfdata   Append performance data to the output, so nagios can draw pretty graphs (e.g. <default output> | cache_age=42s;600;1800)
  -v, --verbose    Verbose output, -vv writes extra debug messages to /var/log/check_dxml_drvstate.log
  -l, --logfile    Logfile to write debug messages to instead of default
  -o, --overwrite  Overwrite log file on each run
  -h, -?, --help   This help screen

History:

v1.0,  2006-04-10, initial release
v1.1,  2007-05-21, added support for IDM 3.5 and more detailed return messages
v1.2,  2007-07-31, added support for edir 8.8
                   new command line option "-i" to invert return codes of running and
                   stopped drivers. This is meant to help monitoring usually inactive
                   backup servers associated to a driver set.
                   all changes in v1.2 based on enhancements by Rainer Brunold, many thanks!
v1.3,  2007-12-05, added TAO file size monitoring
                   username must now be ldap typed (for TAO file size monitoring)
                   take driver startup mode into consideration when driver not running:
                   disabled -> STATE_OK,
                   manual   -> STATE_WARNING
                   auto     -> STATE_CRITICAL
                   added long command line options
v1.4,  2008-01-22, added heartbeat monitoring, requires a schema extension (aux class), driver
                    heartbeat and a special policy on the drive
                    new command line option --br to add html line breaks to text output
                    text output now shows warning/critical values for TAO file size and
                    heartbeat monitoring
v1.5,  2008-08-26, added -Z parameter to ldapsearchs
                   improved TAO filesize determination for various "ls -l" output styles
v1.6,  2008-09-01, fixed wrong $TAODIR for Edir 8.8x
v1.7,  2009-03-12, added --nl parameter
                   minor bug fixes and cosmetics
v1.6d, 2010-10-25, fixed TAO file finding logic for multi-instance eDirectory 8.8
                   changed ldapsearch calls from "-Z" to "-H ldaps://"
                   (David's branch)
v1.7d, 2010-10-28, added optional port specifiers for eDirectory (524), LDAP (389), and
                   LDAPS (636) to allow non-default configurations to be monitored.
                   (David's branch)
v1.8,  2010-11-10, merged David's and my branch
                   added --ldapmode, --ldapport and --edirport parameters based on David's
                   idea and original code
                   added -v, -vv and --verbose parameters, output is logged to /var/log/<scriptname>.log
                   added --short option
                   try to force use of openldap's ldapsearch to help avoid a bug in
                   Novell's ldapsearch implementation when using the -Z switch
                   minor bug fixes, code streamlining and trace cosmetics
v1.9,  2010-11-21, rewrote the code to find edir tools and dib folder
                   added --bindir, --logfile, -l parameters
v1.6j, 2012-04-26  Event Time checking added by <jplahl@novell.com>
                   (Joachim's branch)
v2.0,  2012-07-29  merged Joachim's and my branch
                   added -o parameter to overwrite log file on each run
                   added --csw/--csc/--caw/--cac parameters
v2.1,  2014-03-18  added --tjw/--tjc/--tjattr parameters
                   changed default heartbeat attr
                   added --ldaponly parameter (not yet implemented) 
v2.1.1,2018-05-30  added --perfdata parameter for nagios performance data
                   (from Iwer Petersen's fork)
v2.2,  2021-06-10  improved LDAP SSL/TLS default handling

Many thanks to David Gersic for adding multi-instance edir support, basic HA cluster support, custom LDAP/NDAP port parameters and more.

And to Joachim Plahl jplahl@novell.com for the original event time checking code and pointing my nose on using dxcmd stats to finally support remote cache age and size checks.

Thanks a lot to Iwer Peterson for adding support for Nagios performance data

Please report bugs to lothar.haeger@is4it.de.

If you want to suppport this project buy me a coffee!