Server gauges
The server provides several built-in gauges to monitor server performance. These gauges are listed in the following table.
Some of the gauges described in the following table apply only to the PingDirectory server, and some apply only to the PingDirectoryProxy server. These gauges are indicated as such. The remaining gauges apply to both servers. |
Gauge Name | Enabled by default? | Description |
---|---|---|
Active Cleaner Threads (Percent) |
true |
PingDirectory server only. Monitors the percentage of database cleaner threads that are active in a Berkeley DB environment. The resource identifier for this gauge is a backend ID. Use the |
Authentication Failure Rate |
false |
Rate of LDAP bind failures per second. A high rate of failures might indicate a misconfigured client application or a malicious attack. |
Available File Descriptors |
true |
Monitors the number of file descriptors available to the server process. The server allows for an unlimited number of connections by default, but is restricted by the file descriptor limit on the operating system. The number of file descriptors that the server will use can be configured by either using a |
Certificate Expiration (Days) |
true |
Monitors the expiration dates of key server certificates. A server certificate expiring can cause server unavailability, degradation, or loss of key server functionality. Certificates nearing the end of their validity should be replaced as soon as possible. See the status tool, or Status in the Administrative Console, for more information about server certificates and how they are managed. |
Changelog Database Target Size (Percent) |
true |
PingDirectory server only. Monitors the size of a changelog database on disk relative to the configured |
Cleaner Backlog (Number Of Files) |
true |
PingDirectory server only. Monitors the cleaner backlog in a Berkeley DB environment. The resource identifier for this gauge is a backend ID. Use the |
CPU Usage (Percent) |
true |
Monitors server CPU use and provides an averaged percentage for the interval defined. The monitored resource is the host system’s CPU, which does not include a resource identifier. If CPU use is high, check the server’s current workload and other processes on this system and make any needed adjustments. Reducing the load on the system will lead to better response times. |
Database Cache Full (Percent) |
true |
PingDirectory server only. Monitors the percentage capacity of the database cache currently populated with entries, per backend. The resource identifier for this gauge is a backend ID. Use the |
Data Set Availability |
true |
PingDirectoryProxy server only.For each data set, indicates whether there is at least one backend server available to fulfill requests. The resource identifier for this gauge is the name of the load-balancing algorithm used to define the set of backend servers fulfilling requests for the data set. Use the |
Data Set Local Availability |
true |
PingDirectoryProxy server only. For each data set, indicates whether there is at least one local backend server available to fulfill requests. The resource identifier for this gauge is the name of the load-balancing algorithm used to define the set of backend servers fulfilling requests for the data set. Use the |
Disk Busy (Percent) |
true |
Monitors disk busy percentage over the update interval. This gauge requires that the Host System Monitor Provider be enabled and that any monitored disks be registered using the disk-devices property of that Monitor Provider. The resource identifier for this gauge is the disk device name. Use the |
HTTP Processing (Percent) |
true |
Monitors the percentage of time that request handler threads spend processing HTTP requests. This percentage represents the inverse of the server’s ability to handle new requests without queueing. |
JVM Memory Usage (Percent) |
true |
Monitors the percentage of Java Virtual Machine memory that is in use. This value naturally fluctuates because of garbage collection, so the minimum value within an interval is reported since it is a better indication of overall memory growth. When the memory usage exceeds 90%, this should be reported to customer support since the server is either misconfigured or has a memory leak. As memory usage approaches 100%, the server is more and more likely to experience garbage collection pauses, which leave the server unresponsive for a long time. Restarting the server is likely the only remedy for this situation. Before restarting the server, run collect-support-data and capture the output of 'jmap -histo ' to provide to customer support. The pid of the server can be found from |
LDAP Operation Average Response Time (Milliseconds) |
false |
Monitors the average response time across all LDAP operations processed by this server since it was started. There is no resource identifier associated with this gauge. The monitored resource is overall response time of all LDAP operations processed by this server since it was started. High response times can be indicative of several factors including a disk-bound server, network latency, or misconfiguration. Enabling the Stats Logger plugin might help isolate problems. See the administration guide for more information on common problems and solutions. |
LDAP Operations Failed (Percent) |
false |
Monitors the percentage of all LDAP operations processed by this server that have failed since it was started. There is no resource identifier associated with this gauge. The monitored resource is overall number of failed LDAP operations processed by this server since it was started. A high percentage of failed operations might indicate misconfiguration of a client or server in a topology. |
License Expiration (Days) |
true |
Monitors the expiration date of the product license. An expired license will cause warnings to appear in the server’s logs and in the status tool output. Request a license key through the Ping Identity licensing website https://www.pingidentity.com/en/account/request-license-key.html or contact sales@pingidentity.com. Use the dsconfig tool to update the License configuration’s license key property. |
Memory Usage (Percent) |
false |
Monitors the percentage of memory use averaged over the update interval defined. The monitored resource is the host system’s memory use, which does not have a resource identifier. Some operating systems, including Linux, use the majority of memory for file system cache, which is freed as applications need it. If memory use is high, check the applications that are running on the server. |
Purge Expired Data Backlog (Number of Entries) |
true |
PingDirectory server only. Monitors the backlog of entries that need to be purged by a Purge Expired Data Plugin. The resource identifier for this gauge is the name of the configured plugin. Increasing the max-updates-per-second configuration property on the plugin can increase the rate that the plugin purges expired data. It might also be necessary to refine the search that the plugin performs to be more efficient. |
Recent Changes Database-to-JVM Heap Size Ratio (Percent) |
true |
PingDirectory server only. The recent changes database keeps several recent changes made by update operations in changelog change entry form. This database is used by replication and the changelog backends, and unexpected growth affects server start time, memory consumption and space on disk. The ratio of the recent changes database to the overall heap size is used to track the impact on memory consumption. If you expect large changes and the server isn’t experiencing issues, increase the alarm threshold. After processing large changes the alarm should clear itself, if not, it might necessary to perform an export and re-import of the data to resolve the issue. |
Replication Conflict Growth Rate |
false |
PingDirectory server only. Growth rate of the number of unresolved conflicts per second over the update interval. The resource identifier for this gauge is the base DN of the replica. Use the |
Replication Connection Status |
false |
PingDirectory server only. Indicates the connection status of remote replication servers this servers replication topology. The 'cn=schema' backend as well as the local replication server, are excluded using the include-filter property. For all other remote servers in the topology, separate monitor entries will be created per server and replication base DN. The resource identifier for this gauge is a concatenated string containing the data set name, the host and port of the replication server and the replication server ID. A replicated data set depends upon the availability of servers replicating the data. So long as there are other replicas available in a replication topology, a single replica being unavailable should not affect the overall performance of the replication topology. However, unavailable replicas can increase the likelihood of data loss or performance degradation. |
Replication Latency (Milliseconds) |
false |
PingDirectory server only. Average amount of time it takes a modification on one replica to propagate and commit on another replica, in milliseconds. The resource identifier for this gauge is the base DN of the replica. Use the |
Replication Purge Delay (Hours) |
true |
PingDirectory server only. For the replication server indicates the effective purge delay. In order to protect against missing changes the effective purge delay should be large enough to accommodate servers that have been offline as well as the need to restore from backups. |
Replication Servers Available |
false |
PingDirectory server only. Strong Encryption Not Available |
Strong Encryption Not Available |
true |
The JVM does not appear to support strong encryption algorithms, like 256-bit AES. The server will fall back to using weaker algorithms, like 128-bit AES. To enable support for strong encryption, update your JVM to a newer version that supports it by default, or install or enable the unlimited encryption strength jurisdiction policy files in your Java installation. |
Undeletable Database Files (Percent) |
true |
PingDirectory server only. Monitors the percentage of undeletable database files in a Berkeley DB environment. The resource identifier for this gauge is a backend ID. Use the |
Work Queue Size (Number Of Requests) |
true |
Number of requests in the server’s work queue waiting to be processed, averaged over the update interval. There is no resource identifier associated with this gauge. The monitored resource is the server’s work queue. If all worker threads are busy processing other client requests, then new requests that arrive will be forced to wait in the work queue until a worker thread becomes available. |