cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP, Radius Server - Monitoring via snmp and logging

sthon_
Contributor

LDAP, Radius Server - Monitoring via snmp and logging

System:
SA6500
6.5R2 (build 14951)


is there any possibillity to check the Radius and LDAP Server state via snmp proactive ?

1. LDAP-Monitoring-Problem
- I have configured 2 LDAP Server for authentication.
- I only get an "User access log" messages when BOTH LDAP-Server are unreachable:
Minor AUT23391 2010-02-09 13:25:33 - SYSTEMNAME - [127.0.0.1] CONTEXT:Smiley Frustratedystem()[] - Could not connect to LDAP server LDAP-SERVER: Failed binding to admin DN: [81] Can't contact LDAP server: (null)
- also an snmp trap is send:
Critical 2010/02/09 13:25:33 - SYSTEMNAME - CONTEXT:Smiley Frustratedystem()[] - Sending externalAuthServerUnreachable SNMP trap to SNMPLOGSERVER:162

- via the GUI I can only manually check if LDAP connection is working
- is there any possibility to see, if one LDAP is not reachable or not working ?
- are there any local possibillities on the IVE (like scripting) to check the LDAP authentication ?

2. Radius-Monitoring
- I get an "User access log" message for EVERY Radius that isn«t reachable:
Minor AUT21097 2010-02-11 13:06:16 - SYSTEMNAME - [127.0.0.1] CONTEXT:Smiley Frustratedystem()[] - Radius Server Radius-Produktion: Login failed for USER because host RADIUS-IP:1812 is unreachable.
- I also get an snmptrap:
Critical 2010/02/11 13:06:16 - SYSTEMNAME - CONTEXT:Smiley Frustratedystem()[] - Sending externalAuthServerUnreachable SNMP trap to SNMPLOGSERVER:162

- but I have no chance to see, when all Radius Servers are dead
- is there any possibility to check, if one Radius is not reachable or not working ?
- are there any local possibillities on the IVE (like scripting) to check the Radius authentication ?

3. snmptrap Implementation:
- in the snmptrap I cannot see which AuthServer has a Problem, the IVE sends an "externalAuthServerUnreachable" message,
- is there any possibillty to see, which AuthServer is unreachable ?

thx in advance

4 REPLIES 4
Jickfoo_
Super Contributor

Re: LDAP, Radius Server - Monitoring via snmp and logging

Hi,

You need a 3rd party alerting program like WhatsUP Gold. You can ping each LDAP server and also check to see if the services are active on the LDAP or Radius Ports through service checks. Do this for each server and have an email sent to you when either one goes down.

WhatsUpGold is cheap but there is freeware that can do the same thing.

Good Luck.

rdit_
Regular Contributor

Re: LDAP, Radius Server - Monitoring via snmp and logging

try nagios for that. its open source and you can monitor everything with it
rdit_
Regular Contributor

Re: LDAP, Radius Server - Monitoring via snmp and logging

try nagios for that. its open source and you can monitor everything with it

sthon_
Contributor

Re: LDAP, Radius Server - Monitoring via snmp and logging

thx for the info.

I already have some 3rd party tools, but I wanna check also the network between my SSL-GW and the LDAP and Radius, not only the functionality of the LDAP and Radius,

So I thought there are some other implementations on the SSL-GW.