cancel
Showing results for 
Search instead for 
Did you mean: 

Creating an alert for operations greater than a defined threshold

UnboundID KevinL
0 Kudos

Overview

 

When monitoring the directory server operations, there may be a requirement for you to get alerted when operations of a specific type exceed certain thresholds. These alerts could then be sent out via SNMP or SMTP for action from operations or other teams.

 

The UnboundID product set has a very configurable filtered logging system that allows us to define criteria for both the incoming request and the outgoing result that can be defined to match certain conditions.  The same concepts used in the filtered logging called Request Criteria and Result Criteria can be leveraged to create SNMP alerts as well.

 

Configuration Procedures

To configure this solution you should already have your UnboundID server configured to either send out SNMP or SMTP alerts.  See the KB article: Configuring SNMP Event Monitoring & Testing Alerts

 

  1. Create an expensive operations result criteria:

    dsconfig create-result-criteria --criteria-name "50ms Expensive Operations" \
    --type simple --set processing-time-criteria:greater-than-or-equal-to \
    --set "processing-time-value:50 ms
  2. Make sure that your SNMP Alert Handler is enabled

    dsconfig set-alert-handler-prop --handler-name "SNMP Alert Handler" \
    --set enabled:true
  3. Then you need to create the special log publisher that acts as an alert handle to send an alert to the SNMP alert handler any time an operation matches these result criteria specified in step 1.

    The Admin Alert Access Log Publisher will generate administrative alerts for any operations which match the criteria for this access logger.

    dsconfig create-log-publisher --publisher-name "50ms Expensive Operations Alert Publisher" \
    --type admin-alert-access --set enabled:true --set "result-criteria:50ms Expensive Operations" \
    --set include-instance-name:true --set include-requester-ip-address:true \
    --set include-requester-dn:true

 

If you wanted to create alerts for only certain types of operations then you can add a “request criteria” as well to this configuration. For example if you wanted to only get alerts when add/modify/delete operations exceed 50ms then you would do the following.

 

Add a request criteria as follows that targets only the add/mod/del types of operations:

 

 

dsconfig create-request-criteria --criteria-name “Add/Del/Mod Requests Request Criteria" --type simple --set operation-type:add --set operation-type:delete --set operation-type:modify --set operation-type:modify-dn

 

 

Then on your result criteria you change it so that it only logs alerts for operations that match the “Add/Del/Mod Requests Request Criteria”.

 

 

dsconfig set-result-criteria-prop --criteria-name "50ms Expensive Operations" --set "request-criteria:Add/Del/Mod Requests Request Criteria"

 

Then you could also create a separate configuration for only search operations if you wanted the response time to be different, for example if searches > 20ms.

You would create a new result criteria and a result criteria that would match only search operations that exceeded 20ms.