idsmonitor

Edit online

Use the idsmonitor script to gather monitoring data while IBM® Security Directory Server is running. You can use this monitoring data to troubleshoot resource usage.

Description

The idsmonitor shell script collects system monitoring data about the performance and resource usage of the ibmslapd command and related DB2® processes.

This script is in the sds_install_dir/support folder.

If anonymous binds are allowed on the IBM Security Directory Server and default ports are used, you can run the script without any options.

./idsmonitor &

The current version of IBM Security Directory Server must be installed on the system to run this script. The script finds the current version of IBM Security Directory Server and binds anonymously. It attempts to detect whether an ibmslapd process is running. By default, it connects to the server on port 389 and writes the output to the default location /tmp/idsmonitor.out.

You also can use the script with specific options if only SSL connections are allowed to the server, or anonymous binds are disabled, or both.

You can stop this script with one of the standard shell commands:

Press Control C in the shell where it is running.
If it is running in the background, run fg to bring it to the foreground and press Control C.
Run the kill command with the process ID number (PID): kill pid.

To check the progress of the script, run the following command:

tail -f /path/to/outputfile

Synopsis

./idsmonitor [-h][-D admin][-w passwd][-Z][-P passwd]
                 [-K kdbfile][-H host|IP][-x][-d delay][-p port][-s][-X]
                 [-o output_file][-s][-r][-m][-n][-l num][-v][-V version]

Options

-h: Shows the usage.
-D admin: Specifies the administrator Distinguished Name (DN) when anonymous binds are disabled.
-w passwd: Specifies the corresponding password for the administrator DN.
-H host or IP_address: Specifies the address for the connection.
-Z: Specifies that the connection is an SSL connection.; If you use this option, you must also specify the -P and -K options.
-P password: Specifies the password for the key database (KDB) file.
-K file: Specifies the full path to the KDB file.
-x: Indicates that the script must run in debug mode.
-X: Indicates that the script must exit while monitoring if ibmslapd stops or fails.
-d delay: Specifies the delay in seconds between running monitor commands.
-p port: Specifies the LDAP server port if it is not the default server port, 389.
-s: Indicates that the script must run in silent mode.; Only errors are displayed in the command window.
-o file: Specifies the path and file name of the output file; The default is /tmp/idsmonitor.out.
-V version: Specifies the version commands to run for multi-version installations.
-r: Enables searching for replication status attributes.
-m: Enables querying memory leak-specific information.
-n: Specifies a different LDAP port to the network statistic tool (netstat) for the grep command to run searches.
-l n: Specifies that the script must run n iterations before it quits.
-v: Shows the version of the current script.

Examples

Example 1:

To write the output to a location other than the default location, run the script with the following options:

./idsmonitor -o idsmonitor.out &

Example 2:

If only SSL connections are allowed, run the script with the -Z, -P, and -K options:

./idsmonitor -Z -P secret -K /opt/certs/ldap.kdb &

Example 3:

If anonymous binds are disabled, run the script with the -D and -w options:

./idsmonitor -D cn=root -w secret -o idsmonitor.out &

When you specify ? for the -w option, the script prompts the user for the password. You cannot redirect the standard output and standard error when you run the script with this option and value. If you do, the script appears to hang indefinitely because it is waiting for a value to be entered.

Example 4:

The default interval for data sampling is 300 seconds (5 minutes). If the data needs to be sampled more often, then run the script with the following options:

./idsmonitor -D cn=root -w secret -d 60 -o idsmonitor.out

Example 5:

To redirect all output to a debug file instead of displaying it in the standard output console, run the script with the following option:

./idsmonitor -D cn=root -w secret -o idsmonitor.out > idsmonitor.dbg 2>&1 &

The script attempts to print errors to standard output. If you run the script with these options, it might prevent the user from noticing a problem.

Example 6:

To run replication status searches if an admin DN and password were specified, run the script with the -r option and specify the admin DN and password:

./idsmonitor -D cn=root -w secret -p 1389 -r

Example 7:

To collect memory-leak debug information on AIX® or Linux® systems, run the script with the -m option:

./idsmonitor -D cn=root -w secret -p 1389 -m

This command uses svmon -P pid on AIX systems and pmap pid on Linux systems.

Example 8:

To run only a specific number of iterations of data collection, run the script with the -l option. For example, if you want to collect only an hour of monitoring data, run the following command:

./idsmonitor -D cn=root -w secret -p 1389 -l 12

As the default cycle is 300 seconds, 12 iterations collect 60 minutes of monitoring data.

Example 9:

To use a bind DN and password and to hide the password from ps command output, run the script with the following options:

./idsmonitor -D cn=root -w ? -d 30 -o /tmp/idsmonitor.out

The script prompts you for the password, so you cannot run the script as a daemon process. If you do, the script appears to hang indefinitely because it is waiting for a value to be entered.

Example 10:

To run this script against the non-SSL port, but to use grep for the SSL port in the netstat output, use the following options:

./idsmonitor -D cn=root -w ? -p 636 -d 30 -o /tmp/idsmonitor.out