Chapter 4. cn=monitor
Information used to monitor the server is stored under cn=monitor
. This entry and its children are read-only; clients cannot directly modify them. The server updates this information automatically. This section describes the cn=monitor
attributes. The only attribute that can be changed by a user to set access control is the aci
attribute.
If the nsslapd-counters
attribute in cn=config
is set to on
(the default setting), then all of the counters kept by Directory Server instance increment using 64-bit integers, even on 32-bit machines or with a 32-bit version of Directory Server. For the cn=monitor
entry, the 64-bit integers are used with the opsinitiated
, opscompleted
, entriessent
, and bytessent
counters.
The nsslapd-counters
attribute enables 64-bit support for these specific database and server counters. The counters which use 64-bit integers are not configurable; the 64-bit integers are either enabled for all the allowed counters or disabled for all allowed counters.
4.1. backendMonitorDN
This attribute shows the DN for each Directory Server database backend. For further information on monitoring the database, see the following sections:
- Section 6.4.10, “Database attributes under cn=attribute_name,cn=encrypted attributes,cn=database_name,cn=ldbm database,cn=plugins,cn=config”
- Section 6.4.5, “Database attributes under cn=database,cn=monitor,cn=ldbm database,cn=plugins,cn=config”
- Section 6.5.4, “Database link attributes under cn=monitoring,cn=database_link_name,cn=chaining database,cn=plugins,cn=config”
4.2. bytesSent
This attribute shows the number of bytes sent by Directory Server.
4.3. connection
This attribute lists open connections and associated status and performance related information and values. These are given in the following format:
connection: pass:quotes[A:YYYYMMDDhhmmssZ:B:C:D:E:F:G:H:I:IP_address]
For example:
connection: pass:quotes[69:20200604081953Z:6086:6086:-:cn=proxy,ou=special_users,dc=example,dc=test:0:11:27:7448846:ip=192.0.2.1]
-
A is the connection number, which is the number of the slot in the connection table associated with this connection. This is the number logged as
slot=
A in the access log message when this connection was opened, and usually corresponds to the file descriptor associated with the connection. The attributedTableSize
shows the total size of the connection table. - YYYYMMDDhhmmssZ is the date and time, in GeneralizedTime form, at which the connection was opened. This value gives the time in relation to Greenwich Mean Time.
- B is the number of operations received on this connection.
- C is the number of completed operations.
-
D is
r
if the server is in the process of reading BER from the network, empty otherwise. This value is usually empty (as in the example). -
E this is the bind DN. This may be empty or have value of
NULLDN
for anonymous connections. -
F is the connection maximum threads state:
1
is in max threads,0
is not. - G is the number of times this thread has hit the maximum threads value.
- H is the number of operations attempted that were blocked by the maximum number of threads.
-
I is the connection ID as reported in the logs as
conn=connection_ID
. - IP_address is the IP address of the LDAP client.
B and C for the initiated and completed operations should ideally be equal.
4.4. currentConnections
This attribute shows the number of currently open and active Directory Server connections
4.5. currentTime
This attribute shows the current time, given in Greenwich Mean Time (indicated by generalizedTime
syntax Z
notation; for example, 20220202131102Z
).
4.6. dTableSize
The dTableSize
attribute shows the size of Directory Server connection table. Each connection is associated with a slot in this table and usually corresponds to the file descriptor used by this connection. For more information, see nsslapd-maxdescriptors and nsslapd-reservedescriptors.
4.7. entriesSent
This attribute shows the number of entries sent by Directory Server.
4.8. nbackEnds
This attribute shows the number of Directory Server database back ends.
4.9. opsInitiated
This attribute shows the number of Directory Server operations completed.
4.10. readWaiters
This attribute shows the number of connections where some requests are pending and not currently being serviced by a thread in Directory Server.
4.11. startTime
This attribute shows Directory Server start time given in Greenwich Mean Time, indicated by generalizedTime
syntax Z
notation. For example, 20220202131102Z
.
4.12. threads
This attribute shows the number of threads used by Directory Server. This should correspond to nsslapd-threadnumber
in cn=config
.
4.13. totalConnections
This attribute shows the total number of Directory Server connections. This number includes connections that have been opened and closed since the server was last started in addition to the currentConnections
.
4.14. version
This attribute shows Directory Server vendor, version, and build number. For example, 389-Directory/2.0.14 B2022.082.0000
.