Solved: Finding monitoring errors on filers?

darrendunham · ‎2011-07-01

Is there a CLI way of finding login credential issues with appliances from operations manager? I can see some of what I want from opening the managment console and scrolling through the hosts looking for red. But I'd prefer to do this without having to launch the console.

If I were very patient, I could run every host through 'dfm host diag <host>', but that would take a long time. Is there some other location for that information?

Thanks,

--

Darren

sinhaa · ‎2011-07-02

Darren,

The report events-warning only show the current events. Once the condition that generated the event is resolved or the event is deleted manually by a DFM administrator ( or a user with the required privileges), it goes to the history. Now in your case as dfm diag suggests, the event condition hasn't been resolved as yet, so the possibilities are:

1. The Host Login Failed warning event hasn't been generated as yet . Very unlikely as once dfm diag starts showing the informationed for the Failed login, events do get generated within minutes. I assume you have waited enough to rule out this possibility.

2. Are all the dfm services running? See it with the command "dfm service list". If some are not, start them by command "dfm service start"

3. The Host Login Failed warning event generated but was deleted.

To see this, try the report of history events and of the deleted events.

dfm report view events-history <host_name or ID>

and

dfm report view events-history-deleted <host_name or ID>

Here you'll know when and by whom the event was deleted.

warm regards,

Abhishek

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

sinhaa · ‎2011-07-01

Hello Darren,

When Login credentials are not set or are incorrect, a warning event "Host Login Failed" is generated againt that host. This will be also avaiable on the report for events-warning.

Try the following command to see this report. It will show all the hosts whose Login credentials are not set or are incorrect.

Windows:

C:\>dfm report view events-warning |findstr /L Login

Warning 2472 Host Login Failed 02 Jul 08:24 323 host1

Warning 2466 Host Login Failed 02 Jul 08:24 326 host2

Warning 2465 Host Login Failed 02 Jul 08:24 324 host3

Warning 2421 Host Login Failed 02 Jul 08:24 319 host4

Warning 2398 Host Login Failed 02 Jul 08:23 325 host5

C:\>

On Linux it should be:

dfm report view events-warning|grep "Login"

I hope this helps.

warm regards,

Abhishek

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

darrendunham · ‎2011-07-01

Hmm. I'm not seeing that on this system.

From dfm host diag:

[...]

SNMP Version in Use SNMPv1

SNMPv1 Passed (565 ms)

SNMP Community nvidia_newsec

SNMP sysName netapp-hq05.nvidia.com

SNMP sysObjectID .1.3.6.1.4.1.789.2.1 (Filer)

SNMP productId 0050411198

SNMPv3 Failed: Authentication failure (incorrect password, community or key)

SNMPv3 Auth Protocol MD5

SNMPv3 Privacy Enabled No

SNMPv3 Username root

ICMP Echo Passed (21 ms)

HTTP Passed (6 ms)

NDMP Ping Passed (port 10000, 12 ms)

NDMP Connect Passed (308 ms)

NDMP MD5 Passwd Check Passed

RSH Login incorrect.

SSH Permission denied (publickey,password).

RLM Skipped (hostRLMAddress is empty)

XML (http port 80) HTTP POST - Authorization failed

[...]

But from the warning report:

# dfm reports view events-warning | grep -i login

#

I do have a matching historical line, but not for the filer that currently has the invalid password.

--

Darren

sinhaa · ‎2011-07-02

Darren,

The report events-warning only show the current events. Once the condition that generated the event is resolved or the event is deleted manually by a DFM administrator ( or a user with the required privileges), it goes to the history. Now in your case as dfm diag suggests, the event condition hasn't been resolved as yet, so the possibilities are:

1. The Host Login Failed warning event hasn't been generated as yet . Very unlikely as once dfm diag starts showing the informationed for the Failed login, events do get generated within minutes. I assume you have waited enough to rule out this possibility.

2. Are all the dfm services running? See it with the command "dfm service list". If some are not, start them by command "dfm service start"

3. The Host Login Failed warning event generated but was deleted.

To see this, try the report of history events and of the deleted events.

dfm report view events-history <host_name or ID>

and

dfm report view events-history-deleted <host_name or ID>

Here you'll know when and by whom the event was deleted.

warm regards,

Abhishek

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

darrendunham · ‎2011-07-05

I see. It looks like someone has indeed deleted the event. Further testing seems to show that deleting the event triggers the managment console to turn the "login credentials" box to green as well.

I don't suppose there's any way to get DFM to post a new alert for this condition until I can get it repaired? Would be nice to have it more obvious that the data on this system is suspect.

Thanks!

--

Darren