Building a Proactive Monitoring and Alerting System Using Native IBM Domino Tools Andy Pedisich Technotics © 2013 Wellesley Information Services. All rights reserved. Why Do This Session … • • • Many Admins want to take advantage of native Notes monitoring solutions, they just don’t have the bandwidth to explore them “Free time” is very rare these days This jumpstart will show you: How to collect stats How to analyze stats How to go behind the scenes How to set up monitors, alerts And how to capture just about any little event you are interested in And finally, how to configure and work with DDM Let’s get started 1 What We’ll Cover … • • • • • • • • • • • Looking at the big picture of server monitoring Understanding statistic generation Designing an efficient and sensible collection infrastructure Pulling useful information from statistical data Using cluster stats to keep clusters reliable Understanding the essentials of event monitoring Determining the best notification methods DDM: Understanding how it fits into your environment DDM: Crafting a perfect DDM data collection hierarchy DDM: Looking at DDM events and probes Wrap-up 2 Driving Your Domino Servers • You can learn a lot about the importance of monitoring from driving your car Your car tells you a lot about what’s going on And you know they’re important because you pay attention to the indicators You fill the gas tank when it’s low Unless you are Rob Axelrod (ask Rob) And (usually) pay attention to the speedometer so you won’t get a ticket Or maybe you’re the driver who thinks that red light on the dash is just for ambience while you’re driving at night Uh oh 3 Domino Servers Are Obsessed with Statistics • • Domino servers are constantly spewing stats Just like your car telling you how fast you’re going Except with Domino there are literally several hundred statistics generated Most of them are updated continuously Many administrators don’t know which ones are important Or how to tell the good readings from the bad ones Or what to do about them when they are bad 4 The Truth About Monitoring • • A good administrator shouldn’t have to look very hard And you can be notified about most problems automatically You can be proactive about fixing them When you’re proactive, you put out less fires Firefighting dilutes your effort But being notified requires that you monitor your environment for events and issues And events depend on statistics And statistics need to be collected And too many sites don’t collect stats correctly Some don’t collect them at all 5 What We’ll Cover … • • • • • • • • • • • Looking at the big picture of server monitoring Understanding statistic generation Designing an efficient and sensible collection infrastructure Pulling useful information from statistical data Using cluster stats to keep clusters reliable Understanding the essentials of event monitoring Determining the best notification methods DDM: Understanding how it fits into your environment DDM: Crafting a perfect DDM data collection hierarchy DDM: Looking at DDM events and probes Wrap-up 6 Perpetual Statistics • Domino servers constantly generate statistics They track data on a surprising level On almost every aspect of server operations Agent manager Mail and calendaring The server’s platform SMTP and Notes mail LDAP HTTP Network And lots more, too 7 Server Statistics Are Organized Hierarchically • Stats are gathered into major categories like these And then each one has a multitude of subcategories ADMINP Mem Agent Monitor Calendar NET Database Platform Disk POP3 Domino Replica EVENT Server HTTP SMTP LDAP Stats Mail Update 8 Subcategories of Statistics • Here’s a snapshot from the Administrator client showing some of the statistical hierarchy This gives you a snapshot of the stats on your server Use Refresh to get another snapshot 9 Statistics Come in Basic Types • • The basic types of statistics are: Stats that never change once the server is started Snapshot stats – reflect what’s going on right now Cumulative stats that grow from the moment the server is started These stats are available to you for: Your Domino servers The platform your server is running on Your network environment 10 Static Statistics • Statistics that don’t change usually represent the operating environment of the server Server.Version.Notes = Release 8.5.3FP3 Server.Version.OS = Windows NT 5.0 Server.CPU.Type = Intel Pentium Disk.D.Size = 71,847,784,448 Mem.PhysicalRAM = 527,433,728 11 Amazing Detail, Yours Free! • • • This includes OS platform, Domino version, RAM Lots of information about disks in use Platform.LogicalDisk.TotalNumofDisks = 3 Platform.LogicalDisk.2.AssignedName = E Disk.C.Size = 80,023,715,840 And even Network Interface Card (NIC) information Platform.Network.1.AdapterName = Intel[R] PRO_1000 MT Server Adapter Platform.Network.2.AdapterName = Broadcom NetXtreme Gigabit Ethernet _2 Platform.Network.3.AdapterName = Broadcom NetXtreme Gigabit Ethernet 12 What Good Are These Static Stats? • • Think these static stats aren’t helpful? Guess again They are extremely valuable If you are collecting stats correctly from all your servers, you can take a pretty detailed server inventory Without leaving your desk From servers all around the world, just by looking at the data we’re going to collect in the Monitoring Results database This database is also know by its filename: STATREP.NSF 13 Snapshot Statistics • Snapshot stats show what’s happening at the moment you ask for them They are changing all the time Disk.E.Free = 18,679,414,784 Server.Users = 280 Mem.Free = 433,614,848 MAIL.Waiting = 250 The best part about this is that you get lots of Domino-related stats you wouldn’t get by looking at the operating system’s performance tools 14 Cumulative Stats • Some stats are cumulative They start counting from zero when you start the server Server.Trans.Total = 31,915 SMTP.MessagesProcessed = 966 Stats, like averages and maximums, are calculated from the cumulative ones Server.Users.Peak.Time = 02/21/2006 07:50:33 MST Platform.Memory.PagesPerSec.Peak = 1,364.1 15 Resetting Statistics • • Some of these cumulative stats can be reset using the following console command: Set Statistics statisticname You can’t use wildcards (*) with this argument! Here’s an example of why you might want to reset a stat: Set Stat Server.Trans.Total Resets the Server.Trans.Total statistic to 0 You might want to reset this stat if: You are starting to benchmark a new application You are debugging an agent and want to see if it is more efficient after changes to its design 16 Platform Stats, Too • • • Platform stats vary widely from OS to OS Getting platform stats from within Notes has great value Track Domino server performance on an OS level even if your servers run on a variety of operating systems For example, it’s very common to have a mix of AIX and Wintel servers In a few minutes, we’ll be discussing threshold tracking You’ll be able to set notification thresholds universally from within Notes to track these platform stats 17 Getting to Platform Statistics • • Domino releases 6, 7, and 8 track platform stats automatically In earlier versions, they had to be explicitly enabled and many times were disabled due to problems with servers crashing These problems are gone To see all platform stats – enter this console command Show stat platform 18 A Word About Platform Stats on Partitioned Servers • • Domino collects platform stats that pertain to the whole system Not to an individual partition The only statistics that are specific to a partition are those that reflect tasks, such as process statistics One partition might run 10 tasks, while another partition runs 15 tasks Is s u e 19 Confirming Stats with Other Tools • Be careful when trying to confirm platform statistics using other performance monitoring tools Because of the differences in sampling intervals, you cannot use native monitoring tools to confirm platform statistics There will be discrepancies between platform statistics and those obtained … Using Perfmon – for Windows 2000 Or a system command, such as this UNIX command: iostat /vmstat/ netstat 20 See Server Statistics • • • Quickest way to see all server stats is to enter console command: Show stat Any place you can get to a console, you can access stats that can tell you a lot about the current state of the server A SHOW STAT command gives you every statistic the Domino server has Several hundred of them! That’s really too many to deal with at once 21 Can I See That in a Smaller Size? • • Get a better view of the stats showing just what you’re looking for using the asterisk wildcard You can ask directly for the top level of the hierarchy Show stat server That shows all of the stat hierarchy under “server” 22 You Might Want Only Part of the Data • To get a select list of just the stats under the top level requires the use of wildcards in your console commands If you only want Server.Users hierarchy, use the global “*” Show stat server.users.* 23 Pushing the Wildcards • If you want a closer look, like just grabbing particular sub-levels of stats, get clever with the wildcard For example, use the following command to find out about mail waiting Show stat mail.wait* MAIL.Waiting = 1 Mail.WaitingForDeliveryRetry = 1 MAIL.WaitingForDIR = 0 MAIL.WaitingForDNS = 0 MAIL.WaitingRecipients = 1 5 statistics found 24 What We’ll Cover … • • • • • • • • • • • Looking at the big picture of server monitoring Understanding statistic generation Designing an efficient and sensible collection infrastructure Pulling useful information from statistical data Using cluster stats to keep clusters reliable Understanding the essentials of event monitoring Determining the best notification methods DDM: Understanding how it fits into your environment DDM: Crafting a perfect DDM data collection hierarchy DDM: Looking at DDM events and probes Wrap-up 25 Take It to the Next Level • • Now that we know where the statistics are, it’s time to kick it up a notch Let’s set up a collection architecture Some Notes shops do not collect server statistics at all! How in the world can they: Determine what is causing performance issues? Plan for future growth? Have a grip on whether their server platforms are configured correctly? Do they just make the stuff up and go with it? 26 The Two Things Needed • There are two things that are needed for statistics collection to happen: The Events4 database must have a Server Collection document The Collect task must be running on the server that is designated to collect the statistics 27 Details, Details, Details • Events4, the Monitoring Configuration database, needs a Statistics Collection document for each server collecting stats This database should replicate to every server in the domain A server will know it is supposed to collect stats because of this document But it won’t automatically load the collect server task We have to make sure that happens 28 Server Statistics Collection Docs • Use a Server Statistic Collection doc to indicate the server that will collect stats And the servers you want the stats collected from 29 Set the Statistics Collection Interval • • Use the collection report interval on the Options tab to set up how often statistics should be gathered Generally, collecting once an hour is sufficient If you are upgrading or changing the environment, it’s better to collect every 30 minutes Or even every 15 minutes, if you are trying to fix problems 30 A Single Document Looks Like Many in the View • This single document, with a multi-value field containing all the servers, will look like it is multiple documents in the Events4 database Make sure administrators know this, or they might delete everything by mistake Guess how I know this? 31 Centralize Your Domain’s Statistic Collection • • • Ideally, use just a few key servers to do the collection You might even be able to get away with just one! Your network topology will have a profound effect on which servers you select So will the load currently running on the servers Avoid collecting stats over long, slow links Be careful of WAN routes that are already packed with other network traffic 32 Configure Key Collect Points • • If you have offices in London and Tokyo, then pick a collection server from each city That server will collect stats from all servers in that region Collect stats in a database created from the Monitoring Reports template The databases don’t have to be called Statrep Voilà! Centralized data at your fingertips City Collecting Server Monitoring Results Database London Tokyo LonAdmin1 TokHub01 LondonStatrep.nsf TokyoStatrep.nsf 33 Remember to Add the Collect Task • • The Collect server task must be running on the servers you selected as collectors Use LOAD COLLECT from the console to get it started Add the Collect task to the ServerTasks= line in the selected servers’ Notes.ini to make it permanent Remove Collect from ServerTasks= from all other servers! Want the servers to start collecting stats immediately? Use the following console command: Tell Collector Collect It will kick off a statistic collection of all the servers you specified 34 The Collect Task Should Not Run on Every Server • Stat collection can be set up so each server collects its own stats And puts them into a local Statrep Monitoring Results database This method has the following drawbacks: You have to run the Collect task on every server You must visit Statrep on each server to analyze statistics • This is a real pain in the neck And it makes analysis harder Statistics have the most value when collected into a central location where they can be easily analyzed 35 Demonstration: Setting Up the Collect Task Demo 36 What We’ll Cover … • • • • • • • • • • • Looking at the big picture of server monitoring Understanding statistic generation Designing an efficient and sensible collection infrastructure Pulling useful information from statistical data Using cluster stats to keep clusters reliable Understanding the essentials of event monitoring Determining the best notification methods DDM: Understanding how it fits into your environment DDM: Crafting a perfect DDM data collection hierarchy DDM: Looking at DDM events and probes Wrap-up 37 Let’s Start by Looking at Disk Stats • • If I get a call about server performance, I check disk stats first Bad disk utilization can seriously tank a server One stat to track is Percent Utilization A very busy disk can mean a very busy server But it might mean something else is wrong • Perhaps a controller is beginning to fail or drive cache is wrong Disk stats names depends on platform, but have PctUtil in them It could be Logical Disk or Physical Disk Like Platform.LogicalDisk.1.PctUtil.Avg This should rarely hit 60% on Wintel boxes On AIX and iSeries, it depends on disk sub-systems config They often can run 90%+ without issues 38 Average Disk Queue Length • • • • This is a major statistic! Platform.LogicalDisk.1.AvgQueueLen, .Avg and .Peak Queues of more than a couple of seconds mean your disks can’t really keep up with the action You can hit high peaks occasionally without issues But constant highs mean moving users or apps Balance these disk stats against CPU/Memory stats Because memory = virtual disk And constant thrashing of disks might mean you need more RAM Problem is, Statrep doesn’t have a view that shows these important statistics 39 There’s a Lot of Stuff That Isn’t There • • Before we get any further, it’s important to point out something that is hidden Statistical data – In the Monitoring Reporting database STATREP.NSF Statrep has views that simply don’t have data that is as useful as it could be It’s there, it’s just not in views However, it’s important to know that every document in the database contains every statistic you see when you issue a SHOW STAT command at the console It’s just a matter of showing it in a view 40 Take Home This View • But now you have a version of Statrep with a view that does contain those important stats! A specially-crafted version of the Statrep template with a view like the one below is available You can download it from my blog You’ll probably have to modify the columns based on the disk configurations of your own systems 41 Processor Statistics • Platform.Memory.RAM stats will disclose memory usage Don’t just think you might need more memory: be certain by checking this out On Wintel systems, this number should rarely be 60% But on iSeries and AIX, it can be much higher On iSeries it can actually run quite nicely at 90% 42 CPU Stats Are There for Each Task • • Platform.Process.ActiveDomino.TotalCpuUtil Gives you the big picture of how Domino is using processors There is a Platform.Process.$$$.PctCpuUtil stat for each task you run on your Domino servers Platform.Process.Amgr.PctCpuUtil Platform.Process.Router.PctCpuUtil Platform.Process.Process.PctCpuUtil Platform.Process.Amgr.PctCpuUtil … And so on 43 Using These Stats • • You might find that the Agent Manager is the biggest hog because of user personal agents! You could move busy user agents to a different server These stats don’t show in the Lotus version of Statrep But they are on the Technotics85Statrep.NTF version You can download it from my blog www.andypedisich.com 44 What We’ll Cover … • • • • • • • • • • • Looking at the big picture of server monitoring Understanding statistic generation Designing an efficient and sensible collection infrastructure Pulling useful information from statistical data Using cluster stats to keep clusters reliable Understanding the essentials of event monitoring Determining the best notification methods DDM: Understanding how it fits into your environment DDM: Crafting a perfect DDM data collection hierarchy DDM: Looking at DDM events and probes Wrap-up 45 Why Wouldn’t the Failover Replica Be Up to Date? • • • When primary server is down, users are directed to a replica on a failover server But sometimes that replica is not up to date Cluster replication keeps primary server in sync with failover It’s an event-driven process – occurs automatically when a change is made to a database Changes to a database are pushed to the replica on failover Deletion stubs are not replicated That’s why you also need a scheduled replication doc between servers in a cluster It’s vital that these replicas are synchronized But by default, clusters only have 1 cluster replicator task 46 Not Now … I’m Too Busy • • • Occasionally, there is too much data changing to be replicated efficiently by a single cluster replicator If cluster replicators are too busy, replication is queued until more resources are available Your databases get out synch and stale Adding a cluster replicator will help fix this problem Use this parameter in the Notes.ini CLUSTER_REPLICATORS=# But how do you tell if there’s a potential problem? Adding too many cluster replicators will have a negative effect on server performance 47 Key Stats for Vital Information About Cluster Replication Statistic What It Tells You Acceptable Values Replica.Cluster. SecondsOnQueue Total seconds that last DB replicated spent on work queue < 15 sec – light load > 30 sec – heavy Replica.Cluster. SecondsOnQueue.Avg Average seconds a DB spent Use for trending on work queue Replica.Cluster. SecondsOnQueue.Max Maximum seconds a DB spent on work queue Replica.Cluster. WorkQueueDepth Current number of databases Usually Zero awaiting cluster replication Replica.Cluster. WorkQueueDepth.Avg Average work queue depth since the server started Use for trending Replica.Cluster. WorkQueueDepth.Max Maximum work queue depth since the server started Use for trending Use for trending 48 What to Do About Stats Over the Limit • • Acceptable Replica.Cluster.SecondsOnQueue Queue is checked every 15 seconds Under light load, should be less than 15 seconds Under heavy load, if the number is larger than 30, another cluster replicator should be added If the above statistic is low, and Replica.Cluster. WorkQueueDepth is constantly higher than 10 Perhaps your network bandwidth is too low Consider setting up a private LAN for cluster replication traffic 49 Stats That Have Meaning but Have Gone Missing • There aren’t any views in the Lotus version of Statrep that let you see these important statistics Matter of fact, the Clusters view is pretty worthless 50 Stats That Have Meaning but Have Gone Missing (cont.) • But there is a view like that in the Technotics85Statrep.ntf It’s just a download from my blog It shows the key stats you need To help track and adjust your clusters 51 My Column Additions to Statrep • This slide explains the formulas I used in the view The important thing is that I convert seconds to minutes You are shown the major delays Column Title Formula Formatting Min on Q Replica.Cluster.SecondsOnQueue / 60 Fixed (One Decimal Place) Min/Q Av Replica.Cluster.SecondsOnQueue.Avg / 60 Fixed (One Decimal Place) Min/Q Mx Replica.Cluster.SecondsOnQueue.Max / 60 Fixed (One Decimal Place) WkrDpth Replica.Cluster.WorkQueueDepth General WD Av Replica.Cluster.WorkQueueDepth.Avg General WD Mx Replica.Cluster.WorkQueueDepth.Max General 52 Demonstration: Looking at Technotics85Statrep.ntf Demo 53 What We’ll Cover … • • • • • • • • • • • Looking at the big picture of server monitoring Understanding statistic generation Designing an efficient and sensible collection infrastructure Pulling useful information from statistical data Using cluster stats to keep clusters reliable Understanding the essentials of event monitoring Determining the best notification methods DDM: Understanding how it fits into your environment DDM: Crafting a perfect DDM data collection hierarchy DDM: Looking at DDM events and probes Wrap-up 54 Event Monitoring Depends on Events4 • • We want to monitor all of our servers and be notified when certain conditions occur We will specify what we want to watch for and how to be notified We will use the Events4 database to configure all of this The Events4 database must have the same replica ID on every server in your domain I have found many, many cases where Events4 was not the same replica everywhere in the domain That ruins the monitoring architecture The monitoring configuration, and the config for alerts and notifications, can’t replicate to some servers 55 We Know What the Replica ID Should Be for Events4 • The replica ID of system databases such as Events4 are derived from the replica ID of the address book Database Replica ID NAMES.NSF 852564AC:004EBCCF CATALOG.NSF 852564AC:014EBCCF EVENTS4.NSF 852564AC:024EBCCF ADMIN4.NSF 852564AC:034EBCCF Notice that the first two numbers after the colon for the Events4.nsf replica are 02 Determine your address book’s replica ID, and you’ll know the replica ID of Events4 56 Verify Events4 • • • You must verify that every server has the same replica of Events4 You can find this info in the catalog, if your catalog architecture is getting file info from all servers Or you need to go to every server and open Events4 It’s vital that you validate Events4 If it is not right on a server, then you must down the server, delete Events4, and restart your server The correct Events4 will be re-created automatically Make sure that EVENTS4.NSF is the same replica ID throughout the domain by opening a copy from every server and putting it on your desktop Here’s some code to help you do that 57 Add a Button to Your Toolbar • Add this code to a button on your toolbar This is courtesy of Thomas Bahn He’s a smart guy, nice guy, and sometimes brings chocolates to his friends from Europe www.assono.de/blog _names := @Subset(@MailDbName; 1) : "names.nsf"; _servers := @PickList([Custom]; _names; "Servers"; "Select servers"; "Select servers to add database from"; 3); _db := @Prompt([OkCancelEdit]; "Enter database"; "Enter the file name and path of the database to add."; "log.nsf"); @For( n := 1; n <= @Elements(_servers); n := n + 1; @Command([AddDatabase]; _servers[n] : _db) ) 58 Add a Database Icon from All Servers to the Desktop • • This code will prompt you to pick the servers that have the database you want on your desktop Then it will prompt for the name of the database And open it on all the servers you’ve selected Use it to make sure all the EVENTS4.NSF are the same replica in your domain 59 Now, on to Event Monitoring • Domino can monitor for just about any condition: It can watch for a statistical threshold Free disk space under a certain value Mail.waiting over a certain value It could be some non-statistical event in the log An Agent that doesn’t have enough time to run And might be in a loop A corruption problem with a database that is preventing replication A user connecting with an unsupported version of Notes 60 What Happens Then? • • When a certain statistical condition or log entry occurs, Domino can do a bunch of different things Capture and store the event in a database Notify someone that the event happened Log the event to a Tivoli console And lots more that we will discuss in a few minutes For now, let’s focus on capturing the events 61 Event Monitoring • • Event monitors of all types are set in the Events4 database Two broad categories of events: Event Handlers Specify the action that Domino takes when a specific event occurs Event generators Each type of event generator has a view that provides a list of all event generators, plus additional configuration information 62 Event Generators • • We’ll look at event generators first They deal with specific Notes/Domino issues There are six types of event generators: Database Event Generator Domino Server Response Event Generator Mail Routing Event Generator Statistic Event Generator Task Status Event Generator TCP Server Event Generator Some are used more than others We’ll stick to the more popular ones 63 Database Event Generator • Use Database Event Generators to monitor: Database activity Free space Frequency and success of database replication ACLs And get reports on ACL changes Including those made by replication or an API program Monitor specific servers or every server in the domain 64 Here’s One That Everyone Should Use • The ACL of Names.nsf should be monitored for changes in every Notes domain Once properly set, the ACL of Names.nsf should rarely change! All kinds of bells and whistles should go off when it does Remember, we’ll talk notification in a moment Here’s how to set up the monitoring of the ACL Select New Database Event Generator 65 Here’s One That Everyone Should Use (cont.) • • Select Names.nsf You can choose either a single server, such as the administration server for the address book, OR All servers in the domain I like to pick all servers in the domain Admins won’t get away with anything! But I do get a storm of messages when an ACL change occurs Every server tells me about the change 66 Monitoring Replication • Replication monitoring is somewhat useful You can set a time interval in which you expect some replication to occur Just remember that it will report no replication occurred even if there was nothing to replicate This can be confusing since it might produce a report that looks like an error occurred even though nothing is wrong 67 Other Database Event Generators • The unused space and user inactivity might have value in very specific situations You can run compact, but who wants compact running anytime? And compact is generally run on a schedule anyway You can be notified when a DB is not used But activity logging is much better at this because it can deal with all databases on all servers 68 Server Response Generator • • • • Domino Server Response Event Generator Checks connectivity/port status of server’s network One server checks others by sending a probe It’s a good idea to try opening Names.nsf If you can’t open Names.nsf, then something is wrong! Set interval for checking Names.nsf – default is 3 minutes Set response time tolerance – Default is 1,000 Msecs (one second) These will both depend on your own environment 69 More About Probes • • The default response time is a bit on the harsh side If left at one second, you’ll get lots of notifications You should make it ten seconds or whatever the metrics in your Service Level Agreement (SLA) requires Also, be careful what servers you choose to probe other servers Try to pick probing servers that are in the same LAN as the probed servers Otherwise, your probing will be testing network latency rather than the servers themselves 70 Mail Routing • Mail Routing Event Generator Sends a mail-trace message to a particular user’s mail server Gathers statistics indicating the amount of time, in seconds, it takes to deliver the message Great for troubleshooting Generally not used day to day 71 Statistic Event Generators • Statistic Event Generators monitor a specific Domino or platform statistic They can let you know when a stat goes over a particular threshold These stat event generators are extremely valuable Smart administrators use them every day! 72 Default Settings for Stats Event Generator • Many are set by default for all servers in the domain Review these to see if they apply to your enterprise 73 Task Status • Task Status Event Generator is another interesting troubleshooting tool It monitors the status of the Domino server and add-in tasks 74 TCP Server Events • • The TCP Server Event Generator verifies the availability of Internet ports (TCP services) on servers This also needs ISpy to work – put this in servertasks= Load runjava ISpy Case sensitive! A valuable concept for some servers But not widely used 75 Checks the Ports for You • It generates a statistic indicating the amount of time, in milliseconds, it takes to verify that the server is responding on the specified port Each port you select has a tab where you can sometimes set special characteristics about the probe 76 Event Handlers — My Favorite! • • We have worked pretty hard to get to this point: Understood how statistics are generated Identified stats important to the stability and performance of servers Set up a statistic collection infrastructure Now we have the moment of truth The event handlers! 77 Event Handlers — My Friends • An Event Handler defines the action that Domino takes when a specific event occurs Choosing the right action is critical to your organization Some serious events should cause a page to be sent to the person on call Other events might merely cause an email to be sent • It all depends on what’s important to the business We’ll talk about how you are notified in a moment First, let’s review the awesome power of the Event Handler 78 Event Handling Options • Just like event generators, you can include all servers in the domain or just a few This lets you target servers with “issues” 79 Getting Trigger Happy • The notification trigger is where it’s at: Any event matching a criteria A wide-open trigger for any problem, statistical or something that just shows in the log A built-in or add-in task event Looks for an event generated by a Domino task A custom event generator An event generator that you created 80 Event Selection Criteria • You can select: A certain type of event Different types of severities Or track a particular message that is appearing in the log 81 Demonstration: Working with Event Generators Demo 82 What We’ll Cover … • • • • • • • • • • • Looking at the big picture of server monitoring Understanding statistic generation Designing an efficient and sensible collection infrastructure Pulling useful information from statistical data Using cluster stats to keep clusters reliable Understanding the essentials of event monitoring Determining the best notification methods DDM: Understanding how it fits into your environment DDM: Crafting a perfect DDM data collection hierarchy DDM: Looking at DDM events and probes Wrap-up 83 Notification Method Selection • You can choose from a wide variety of notification methods Some are better than others And you can easily enable, disable, or select a time span for notification Perhaps only page certain numbers overnight but all admins during the day 84 Notification Options Method Result Broadcast Reports the event to all users logged onto the server or to a specified group of users Log to Database Logs the event to a database, typically STATREP.NSF Mail Mails the event to a person or to a mail-in database Log to NT Event Viewer Reports the event to the Windows NT Event Viewer Pager Uses the mail address of an alphanumeric pager Relay Relays the event to another server that is in the same Domino domain and that runs a common protocol Run an Agent • Runs a specified agent based on the configured Event Handler • Use this method to resolve an issue without user intervention • You specify agent name, the server and database containing the agent, and any parameter to pass to the agent 85 Notification Options (cont.) Method Result Run Program Runs an add-in program or specified command to correct problems automatically Send a Console Command to the Server Sends a console command, or commands, to the server according to the Event Handler that was configured Sound Sounds an alarm on the designated server when the event occurs UNIXLog Reports the event to the UNIX system log Run Program Runs an add-in program or specified command to correct problems automatically Send a Console Command to the Server • Sends a console command, or commands, to the server according to the Event Handler that was configured • You can specify the server console commands to run 86 These Two Are the Best Ones to Use Method Result Comments SNMP Trap Sends the event as an SNMP trap. Select this method only if the specified server is running the Event Interceptor task and the Domino SNMP Agent. This is truly an ideal notification method because it does not depend on Notes protocols actually working Forward event to Tivoli Event Console Allows the Tivoli Enterprise Console (TEC) to receive IBM Domino events and reformat them as TEC events. The reformatted TEC event is then sent to the TEC server that you specify in the Configuration Settings document. Check with the Tivoli team to see if it’s possible to use this in your environment 87 Demonstration: Event Notification Demo 88 Notification Methods Pros and Cons • • Any notification method that involves Notes mail has limitations If the Notes mail system is down, you won’t get notified You especially won’t be notified about the mail system being down or a router has hung Do not use a configuration where the server is to let you know via email when mail is backed up The message that is being sent to you will be placed in the queue You won’t know about the problem until it is too late Is s u e 89 Paging Dr. Howard, Dr. Fine, Dr. Howard … • • A paging notification is a good choice But not if you are paging through a third-party phone system like Verizon or AT&T They generally require an email to be sent (see previous slide) They have no Service Level Agreement – NONE! Sadly, due to budget and resource constraints, we generally see these two mail or paging methods used the most in production environments Caution 90 The Best Notification Method … Also the Most Complicated • • The best notification methodology is to go outside of Notes protocols to SNMP or a similar external source SNMP is Simple Network Management Protocol There are SNMP agents that must be started on an OS level They are different for every major platform There are special considerations for partitioned servers It is a complicated solution, but once in place, it has extreme value And you never have to rely on an application layer solution again 91 Log or Relay No Matter What Else You Do • If an event is worth tracking, it should always be placed in a STATREP.NSF You can use the LOG option, which is used when you want to capture the event in each server’s Statrep You can use the RELAY option to send to a Statrep that is centrally located 92 Some Tricks of the Trade • • • When problems occur, they are almost always in the server log That means you can catch them with an Event Handler A great way to do this is to look for specific text in the message That makes it very flexible Log the results into a separate database to make analysis and investigation easier And you can create multiple events to take multiple actions if necessary Let’s look at a couple examples of this 93 A Good Example of Looking for Text • When someone enables Full Access Administrator, a message shows up in the server log You’ll definitely want to audit this when it occurs If it’s in the log, that means you can grab it 94 A Good Example of Looking for Text (cont.) • If you wanted to be notified every time someone turns on Full Access Administrator, you could look for the following string “full administrator access” Set up a notification to log to Statrep And another notification to mail it to you so you always know who is using this powerful privilege 95 Is Your SMTP Server Under Relay Attack? • If you’re interested in the safety of your SMTP server, you might want to know when bad guys attempt to use it as an “open relay” When that happens, you’ll see something like this in the server log Remember, if it’s in the log, that means you can grab it 96 Just Log It – But in a Special Database • In this case, you don’t really want to be notified right away You just want to know when it happened To make it easier to analyze, place the logged entries into a separate database D o n 't F o rg e t 97 What We’ll Cover … • • • • • • • • • • • Looking at the big picture of server monitoring Understanding statistic generation Designing an efficient and sensible collection infrastructure Pulling useful information from statistical data Using cluster stats to keep clusters reliable Understanding the essentials of event monitoring Determining the best notification methods DDM: Understanding how it fits into your environment DDM: Crafting a perfect DDM data collection hierarchy DDM: Looking at DDM events and probes Wrap-up 98 Why DDM Is Awesome • DDM is a single location where administrators can access issues that are affecting multiple servers and databases DDM database is a central repository of all monitoring data Data collected by probes that you can configure Result messages from event generators that you configured 99 Do All Administrators Use DDM? • • • Many administrators don’t use the potential of DDM as much as they should Already overwhelmed by the monitoring features of Domino Don’t understand how DDM fits into the architecture Some Administrators just have Probe-Aphobia But you don’t have to use probes to use DDM Probes are not a required part of DDM They are nice to have and fun to use, but DDM functions without them You can get started without probes Then add them into the configuration when you become more familiar with how DDM works 100 The Big Relationships in Monitoring • EVENTS4.NSF – the Monitoring Configuration database is a key file in your monitoring infrastructure It also contains all of the specifics for your DDM monitoring configuration For DDM probes For the DDM collection hierarchy – which must be set by you 101 We Know What the Replica ID Should Be for EVENTS4 • • The replica ID of system databases, such as EVENTS4 and DDM.NSF, is derived from the replica ID of your domain’s address book Database Replica ID NAMES.NSF 852564AC:004EBCCF CATALOG.NSF 852564AC:014EBCCF EVENTS4.NSF 852564AC:024EBCCF ADMIN4.NSF 852564AC:034EBCCF DDM.NSF 852564AC:0A4EBCCF Notice that the first two numbers after the colon for the EVENTS4.NSF replica are: 02 for EVENTS4 and OA for DDM.NSF 102 Errors You Might See If DDM.NSF Is Not Right • • If there is a DDM.NSF on every server but they aren’t all the same replica ID, you’ll see the following error on the console every couple of minutes: Unable to replicate with server Server2: None of the selected databases have a replica on the server You’ll get the error even if there is no connection document You’ll get this error even if there is a connection document and you have a much longer replication interval scheduled To fix problems related to EVENTS4.NSF and DDM.NSF replica IDs, you must delete the bad DDM databases and restart the server DDM.NSF will be recreated automatically 103 What We’ll Cover … • • • • • • • • • • • Looking at the big picture of server monitoring Understanding statistic generation Designing an efficient and sensible collection infrastructure Pulling useful information from statistical data Using cluster stats to keep clusters reliable Understanding the essentials of event monitoring Determining the best notification methods DDM: Understanding how it fits into your environment DDM: Crafting a perfect DDM data collection hierarchy DDM: Looking at DDM events and probes Wrap-up 104 Configure DDM for Centralized Data Collection • • • DDM.NSF has most value when it’s a centrally located repository It will contain all of the issues that come from all of the servers This does not happen on its own There is no collection hierarchy set up by default Each server collects its own DDM data in its own DDM.NSF If your DDM hierarchy looks like below, you need to set it up 105 Collection Hierarchy Is a Must • • Without a collection hierarchy, DDM probes run on a server and report events to DDM.NSF that are on that server Then they remain only on that server’s replica of DDM.NSF You have to check the DDM database on each server to evaluate problems and discover potential issues This is time consuming and is contrary to the design It reduces time you could be spending solving problems And it’s a big pain! Which means you’ll never use it 106 Aggregate Data Centrally • • A DDM server collection hierarchy lets you aggregate the data onto a key server or servers This must be configured in the EVENTS4.NSF The simplest hierarchy is to configure one server to collect from all servers in the domain I totally recommend this to get you started 107 More Complex Scenarios Are Possible • Perhaps as you become more familiar with DDM, you’ll want to roll up some data regionally So that regional administrators receive only information that is pertinent to the server they maintain 108 Rolling Up the Data • DDM data rollup propagates the probe results up the DDM server collection hierarchy Data rollup is accomplished using Domino’s selective replication to transport the data The replication formulas are created automatically when you define your DDM server collection hierarchy 109 Hierarchy Collection Interval • • The DDM system sets up its own collection interval Collection replication occurs about every five minutes This interval cannot be modified It is not controlled through connection documents Every five minutes, each collection server uses pull replication to get updates from the DDM database on each monitored servers 110 What We’ll Cover … • • • • • • • • • • • Looking at the big picture of server monitoring Understanding statistic generation Designing an efficient and sensible collection infrastructure Pulling useful information from statistical data Using cluster stats to keep clusters reliable Understanding the essentials of event monitoring Determining the best notification methods DDM: Understanding how it fits into your environment DDM: Crafting a perfect DDM data collection hierarchy DDM: Looking at DDM events and probes Wrap-up 111 Address Issues by Severity Level • Looking at issues by severity gives you the chance to deal with the most important issues first They are broken out by severity category 112 Another Helpful View • Release 8 added a new view to DDM.NSF You can see issues by database name This lets you determine whether a problem is happening on just one server or on every copy of the database in the domain Very handy information when problem solving 113 Simplest Way to Use DDM • I consider the By Date view to be very helpful Assign a junior Admin to check DDM events every day Have the Admin go through all the events and fix problems 114 Working with a DDM Event • It’s a great monitoring tool because it smartly tells you The task that reported it The severity and type And it would be pretty good even if it just did that 115 Working with a DDM Event (cont.) • It also suggests Probable cause, possible solution And very often offers a corrective action Some of which are automated routines 116 Each DDM Event Has Common Actions • Such as Open the server document or server log View the server’s NOTES.INI Opening a remote console Opening the DB with the Designer client And other actions depending on the error that occurred 117 DDM Has Powerful Probes • • • A probe is the investigative component of DDM Probes: Need configuration to be useful Are configurable by administrators A probe is an action configured to run against one or more servers, databases, and services A probe returns its status and results to the Domino Domain Monitoring Database – DDM.NSF 118 Analysis Probes • • Configure DDM using probe documents in EVENTS4.NSF Otherwise known as the Monitoring Configuration database You can create multiple probes for each feature area And you can individually configure each probe to run: Selective checks Against specific servers and/or databases At specific times 119 What’s in These Probe Documents? • Probe type and probe subtype For example, Security is a probe type One of its probe subtypes is Best Practices This combination of probe type and probe subtype creates a Security probe 120 Extra Information About the Probe Is Provided • These probe documents also contain a general description of the probe, its purpose, and its intended use 121 Configuration Specifics, Too • Documents can also specify configurable probe targets The server(s) that will run the probe And in some cases, the servers, database, etc., that the probe runs against Where it’s applicable, there is also configurable scheduling information – but not for all probe types 122 There’s More Inside • Probe documents can also hold configuration specifics What the probe monitors What it should report on Thresholds to watch for And what type of severity those thresholds represent Plenty of Cool Probes • • • R8 gives us 58 default DDM probes to work with R7 gives us 48 – still plenty to get us started You can get probing as soon as R7/R8 is up Just plug in your server info to get DDM started You can also create new probe documents Define and customize your own probes 124 Many Types of Probes • • There are ten major types of probes in R8, nine in R7 These probes can run two different ways: On a schedule that you specify As an active monitor of things that happen in the domain Some probes can run either way On a schedule or as a monitor It depends on what you ask them to do Some can only run as a monitor or on a schedule 125 Establishing a Schedule • Scheduled probes can be controlled with great granularity Set the probe to run: Daily, Weekly, Monthly Beyond that, specific schedule settings can vary from probe type to probe type 126 Don’t Worry About Getting Off Schedule • If a Weekly/Monthly probe is missed, you can specify how you want the probe to be handled: Ignore it completely Run the missed probe on startup Run the missed probe at the next time range 127 Zeroing in on Probes • We’re going to focus on two probes that have a high value in almost every Domino domain: Application probes Security probes 128 Agents Are Tracked by Application Probes • • • • Application probes monitor agents in real time Agents behind schedule Detects when an agent starts after its scheduled time Long-running agents Agents ranked by CPU usage Evaluates the CPU usage for agents executed by Agent Manager or HTTP These have a relatively high overhead 129 Agents Are Tracked by Application Probes (cont.) • • Agents ranked by memory usage Evaluates agents memory usage executed by the Agent Manager or HTTP tasks Note that evaluation results for the same agent may differ when the agent runs in Agent Manager/HTTP Also, results from this probe can depend on HTTP settings Long-running agents Detects agents that run longer than a time you specify 130 The Five Security Check Probes • Security probes assess the overall security of servers and databases in your domain Best Practices Compares a set of baseline security configuration settings to the same settings in a domain Configuration Compares settings in a specific Server document to settings in a specified “good” Server doc This doc can be real or built by you as an example 131 The Five Security Check Probes (cont.) • • Database ACL Monitors the access control privileges that groups and individuals have in specified databases You designate the acceptable access levels on the Specifics tab Database Review Reviews the security properties for a specified database Generates a report on probe findings 132 The Five Security Check Probes (cont.) • Security Review Generates a report on the security settings specified in the Specifics tab of the probe document You have the option of selecting the “Directory Profile Note” and the “Security Settings in the Server Configuration Document” And a review of all security settings in a Server doc This can really help to tighten your domain’s security 133 Using the Assign Button • You can assign the event to a team member and add comments about the task using the “Assign” button Or you can simply assign the event to yourself 134 Changes Are Tracked • All changes you make to the event are tracked in the Event Change History for easy reference Finally, there is an easy, built-in process for tracking problem resolution in your environment 135 Demo 136 What We’ll Cover … • • • • • • • • • • • Looking at the big picture of server monitoring Understanding statistic generation Designing an efficient and sensible collection infrastructure Pulling useful information from statistical data Using cluster stats to keep clusters reliable Understanding the essentials of event monitoring Determining the best notification methods DDM: Understanding how it fits into your environment DDM: Crafting a perfect DDM data collection hierarchy DDM: Looking at DDM events and probes Wrap-up 137 Some of My Other Statistics Sessions to Consider • • • It’s like an extension of this Jumpstart … Advanced server monitoring and alert notifications Friday morning at 9:45 am Don’t miss my Hands-On Lab Drilling Down into Domino Statistics Wednesday 4:00 to 6:00 pm Thursday 1:30 to 3:30 pm (right, it’s not am) Session goes into detail about pulling statistical data into spreadsheets for analysis with pivot tables and graphics And you have the opportunity to get your hands dirty actually making the graphics yourself Hope to see you there! 138 Where to Find More Information • • • • • www-1.ibm.com/support/docview.wss?uid=swg27007060 “Lotus Education on Demand: Domino Domain Monitoring (DDM)” (IBM, 2010). www.ibm.com/developerworks/lotus/library/stats-linux/ Joe Malek, “Lotus Domino Platform Statistics on Linux” (developerWorks, 2004). www-1.ibm.com/support/docview.wss?uid=swg21139259 “Configuring Multiple Cluster Replicators on a Domino Server” (IBM, 2011). www-1.ibm.com/support/docview.wss?uid=swg21099635 “Which Domino Server Databases Have Replica IDs Related to the NAMES.NSF?” (IBM, 2012). www.andypedisich.com Download presentations and technotics85Statrep.ntf 139 7 Key Points to Take Home • • • • Run the Collect task on servers located centrally Don’t run it on every server Let cluster statistics be your guide in determining the number of cluster replicators A great technique for problem solving is to capture log entries using Events4 and put them into a special Statrep for easy examination Make sure you have the correct replica of Events4 deployed and that it’s the same replica ID on every server 140 7 Key Points to Take Home (cont.) • • • Be careful using server probes over a WAN, or you’ll end up testing the network rather than the servers Start with a flat DDM data collection hierarchy and make it more complex only if your requirements call for it Make new administrators to check DDM every day and have them assign problems they can’t fix to senior admins 141 Your Turn! How to contact me: Andy Pedisich AndyP@Technotics.com www.andypedisich.com www.technotics.com 142