Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Alert Backend provides information about administrative alerts that have been generated recently within the server.
↓Parent Component
↓Properties
↓dsconfig Usage
The Alert Backend component inherits from the Notification Backend
The properties supported by this managed object are as follows:
General Configuration Basic Properties: | Advanced Properties: |
---|---|
↓ description | ↓ backend-id |
↓ enabled | ↓ base-dn |
↓ writability-mode | ↓ set-degraded-alert-when-disabled |
↓ return-unavailable-when-disabled | |
↓ backup-file-permissions | |
Storage Configuration Basic Properties: | Advanced Properties: |
None | ↓ ldif-file |
Alert Configuration Basic Properties: | Advanced Properties: |
↓ alert-retention-time | None |
↓ max-alerts | |
↓ disabled-alert-type |
Property Group | General Configuration |
Description | A description for this Backend |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Specifies the behavior that the backend should use when processing write operations. |
Default Value | enabled |
Allowed Values | enabled - Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). disabled - Causes all write attempts to fail. internal-only - Causes external write attempts to fail but allows writes by replication and internal operations. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | Alert Configuration |
Description | Specifies the maximum length of time that information about generated alerts should be maintained before they will be purged. |
Default Value | 7 days |
Allowed Values | A duration. Lower limit is 0 milliseconds. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | Alert Configuration |
Description | Specifies the maximum number of alerts that should be retained. If more alerts than this configured maximum are generated within the alert retention time, then the oldest alerts will be purged to achieve this maximum. A value of zero indicates that no limit should be enforced on the maximum number of alerts. |
Default Value | 1000 |
Allowed Values | An integer value. Lower limit is 0. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | Alert Configuration |
Description | Specifies the names of the alert types that should not be added to the backend. This can be used to suppress high volume alerts that might trigger hitting the max-alerts limit sooner than desired. Disabled alert types will not be sent out over persistent searches on this backend. |
Default Value | Alerts of all types will be added to the backend. |
Allowed Values | access-log-criteria-matched - Indicates that the server has processed an operation which matched the criteria for the admin alert access log publisher. alarm-cleared - Indicates that a previously reported alarm severity has been cleared. This does not indicate necessarily that an alarm has returned to normal as previous alarms may also be cleared before they worsen in severity. alarm-critical - Indicates that a service affecting condition has occurred and an immediate corrective action is required. Such a severity can be reported, for example, when a managed object becomes totally out of service and its capability must be restored. alarm-major - Indicates that a service affecting condition has developed and an urgent corrective action is required. Such a severity can be reported, for example, when there is a severe degradation in the capability of the managed object and its full capability must be restored. alarm-minor - Indicates the existence of a non-service affecting fault condition and that corrective action should be taken in order to prevent a more serious (for example, service affecting) fault. Such a severity can be reported, for example, when the detected alarm condition is not currently degrading the capacity of the managed object. alarm-warning - Indicates the detection of a potential or impending service affecting fault, before any significant effects have been felt. Action should be taken to further diagnose (if necessary) and correct the problem in order to prevent it from becoming a more serious service affecting fault. backup-failed - Indicates that an error occurred while trying to perform a backup. cannot-copy-schema-files - Indicates that an error occurred while trying to copy schema files during a schema update. cannot-find-recurring-task - Indicates that the server could not find the task definition for a recurring task in order to schedule the next iteration. cannot-rename-current-task-file - Indicates that an error occurred while trying to rename the current task file. cannot-rename-new-task-file - Indicates that an error occurred while trying to rename the new task file. cannot-restore-backup - Indicates that an error occurred while trying to restore a backup. cannot-schedule-recurring-task-iteration - Indicates that an error occurred while trying to schedule a recurring task iteration. cannot-write-configuration - Indicates that an error occurred while trying to write an updated copy of the server configuration. cannot-write-new-schema-files - Indicates that an error occurred while trying to write a new copy of schema files during a schema update. cannot-write-server-state-file - Indicates that an error occurred while trying to write the server state file. cannot-write-task-backing-file - Indicates that an error occurred while trying to write to the task backing file. config-change - Indicates that a configuration change has been made in the Data Governance Server. crypto-manager-error - Indicates that the CryptoManager encountered an expected error while attempting to synchronize settings between the topology registry and the trust store backend. continuous-garbage-collection-detected - Indicates that the JVM garbage collector is running continuously. deadlock-detected - Indicates that a deadlock has been detected in the JVM in which the server is running. debug-logging-enabled - Indicates that Debug Logging is enabled. duplicate-alerts-suppressed - This alert type is no longer used. Use the per-severity values, such as duplicate-error-alerts-suppressed, instead. duplicate-error-alerts-suppressed - Indicates that the server suppressed one or more duplicate error alert notifications. duplicate-fatal-alerts-suppressed - Indicates that the server suppressed one or more duplicate fatal alert notifications. duplicate-info-alerts-suppressed - Indicates that the server suppressed one or more duplicate info alert notifications. duplicate-warning-alerts-suppressed - Indicates that the server suppressed one or more duplicate warning alert notifications. entering-lockdown-mode - Indicates that the server is entering lockdown mode, in which case it will only accept requests from users holding the lockdown-mode privilege, and only on connections from the loopback interface. entry-references-removed-attribute-type - Indicates that the server has encountered an entry whose encoded representation references an attribute type that was once defined in the server schema, but whose definition has since been removed. exec-task-launching-command - Indicates that the server is launching a command via the exec task. external-config-file-edit-handled - Indicates that the server has detected an external modification to the configuration file and copied that modification to a separate file. external-config-file-edit-lost - Indicates that the server has detected an external modification to the configuration file but that change was lost. external-server-initialization-failed - Indicates that an attempt to initialize an external server failed. failed-to-apply-mirrored-configuration - Indicates that although mirrored configuration was synchronized successfully from the master server, there were errors when applying it to the local server. A server restart is recommended in this case. file-retention-task-delete-failure - Indicates that a file retention task was unable to delete a file that matched the filename pattern and was outside the configured retention criteria. force-gc-complete - Indicates that the server has completed a forced synchronous garbage collection. force-gc-starting - Indicates that the server is about to invoke a forced synchronous garbage collection. http-connection-handler-duplicate-context-path - Indicates that more than one HTTP servlet or web application extension is registered to handle the same context path. The extension that handles requests for this context path will be indeterminate until the conflict is resolved. http-connection-handler-duplicate-servlet-extension - Indicates that two or more HTTP servlet extensions registered to an HTTP connection handler are based on the same type, but only one extension of that type may be assigned to the same HTTP connection handler. insecure-access-token-validator-enabled - Indicates that a Mock Access Token Validator is enabled. Mock Access Token Validators allow unauthenticated access to HTTP APIs, and should only be enabled in test or demonstration deployments. invalid-privilege - Indicates that a user has been configured with an invalid privilege. jvm-misconfiguration - Indicates that the recommended JVM flags for this server are either missing or misconfigured. ldap-connection-handler-cannot-listen - Indicates that an LDAP connection encountered an error when it attempted to begin listening for client connections and will therefore be disabled. ldap-connection-handler-consecutive-failures - Indicates that an LDAP connection handler has encountered consecutive failures and will be disabled. ldap-connection-handler-uncaught-error - Indicates that an LDAP connection handler has encountered an uncaught error and will be disabled. ldif-backend-cannot-write - Indicates that a problem has occurred while trying to write to the backing file for an LDIF backend. ldif-connection-handler-parse-error - Indicates that an error occurred while trying to parse an LDIF file provided to an LDIF connection handler. ldif-connection-handler-io-error - Indicates that an LDIF connection handler has encountered an I/O error while trying to look for or process a set of changes. leaving-lockdown-mode - Indicates that the server is leaving lockdown mode and resuming normal operation. log-file-rotation-listener-invoke-error - Indicates that an error has occurred while attempting to invoke a log file rotation listener. log-file-rotation-listener-processing-takes-too-long - Indicates that one or more of the configured log file rotation listeners is taking too long to complete (log files are being rotated more quickly than the listeners can be invoked to process them). logging-error - Indicates that an error has occurred while attempting to log a message. low-disk-space-error - Indicates that the amount of usable disk space has dropped below the low space error threshold. low-disk-space-warning - Indicates that the amount of usable disk space has dropped below the low space warning threshold. mirrored-subtree-manager-forced-as-master-error - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, found that more than one server was forced to act as master either because no master could be found, or because more than one master was detected. mirrored-subtree-manager-forced-as-master-warning - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, found that a server was forced to act as master either because no master could be found, or because more than one master was detected. mirrored-subtree-manager-no-master-found - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, was unable to determine a suitable server to act as the master of the topology, which means that mirrored data cannot be updated. mirrored-subtree-server-not-in-topology - Indicates that this server is no longer functional because it does not exist in the topology registry most likely because it was removed from the topology with the remove-defunct-server tool. mirrored-subtree-manager-operation-error - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, encountered an unexpected error while processing an update operation. mirrored-subtree-manager-failed-outbound-connection - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, encountered an error while establishing a connection to a peer server within the configured grace period. mirrored-subtree-manager-connection-asymmetry - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, has had an unequal number of outbound and inbound connections with its peer servers for more than the configured grace period. missing-schema-elements-referenced-by-backend - Indicates that a backend detected references to one or more schema elements that have been removed from the schema. monitoring-endpoint-unable-to-connect - Indicates that a monitoring endpoint was unable to connect or write to the configured host and port. no-enabled-alert-handlers - Indicates that this server does not have any alert handlers enabled beyond the default that logs to logs/error. offline-config-change-detected - Indicates that the server detected that an offline configuration change was made. out-of-disk-space-error - Indicates that the amount of usable disk space has dropped below the out of space error threshold. pdp-unavailable - Indicates that the Policy Decision Service is unavailable and the server will be unable to handle requests. pdp-trust-framework-version-deprecated - Indicates that the Policy Decision Service's currently configured trust framework version is deprecated and should be updated as soon as possible. restart-required - Indicates that the server must be restarted for configuration changes to take effect. schema-checking-disabled - Indicates that schema checking is disabled in the server. server-shutting-down - Indicates that the server has begun the shutdown process. server-starting - Indicates that the server has begun its startup process. server-started - Indicates that the server has completed its startup process. system-nanotime-stopped - Indicates that Java's System.nanoTime() has stopped returning updated values. system-current-time-shifted - Indicates that Java's System Current Time has shifted backwards. task-started - Indicates that an administrative task has started running. task-completed - Indicates that an administrative task completed successfully. task-failed - Indicates that an administrative task failed to complete successfully. third-party-extension-exception - Indicates that a third-party extension threw an unexpected exception. thread-exit-holding-lock - Indicates that a thread has exited while still holding one or more locks. uncaught-exception - Indicates that the server has detected an uncaught exception that may have caused a thread to terminate. unindexed-internal-search - Indicates that an internal component has initiated an unindexed search. unlicensed-product - Indicates that the server's license key is not set, is invalid, or has expired. unrecognized-alert-type - Indicates that the server encountered an alert type that it did not recognize. user-defined-error - Indicates that an externally-developed component has generated an error alert notification. user-defined-fatal - Indicates that an externally-developed component has generated a fatal error alert notification. user-defined-info - Indicates that an externally-developed component has generated an informational alert notification. user-defined-warning - Indicates that an externally-developed component has generated a warning alert notification. worker-thread-caught-error - Indicates that a worker thread encountered an unexpected error that has caused it to terminate. work-queue-backlogged - Indicates that the work queue has accumulated a significant backlog. work-queue-full - Indicates that the server work queue has reached its maximum capacity and has begun rejecting client requests. work-queue-no-threads-remaining - Indicates that the server will shut down because all worker threads have exited due to errors. server-jvm-paused - Indicates that the server's JVM paused possibly due to misconfiguration. sensitive-trace-data-logged-warning - Indicates that the configuration of a Trace Log Publisher might result in sensitive information being logged. |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
backend-id (Advanced Property, Read-Only)
Property Group | General Configuration |
Description | Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. |
Default Value | alerts |
Allowed Values | A string |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
base-dn (Advanced Property, Read-Only)
Property Group | General Configuration |
Description | Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. |
Default Value | cn=alerts |
Allowed Values | A valid DN. |
Multi-Valued | Yes |
Required | Yes |
Admin Action Required | No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
Although it is currently supported, the use of multiple base DNs per backend is not recommended and this capability may be removed in the future. If you are considering the use of multiple base DNs in a backend, you should first contact Ping Identity support to discuss this configuration |
set-degraded-alert-when-disabled (Advanced Property)
Property Group | General Configuration |
Description | Determines whether the Data Governance Server enters a DEGRADED state (and sends a corresponding alert) when this Backend is disabled. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
return-unavailable-when-disabled (Advanced Property)
Property Group | General Configuration |
Description | Determines whether any LDAP operation that would use this Backend is to return UNAVAILABLE when this Backend is disabled. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
backup-file-permissions (Advanced Property)
Property Group | General Configuration | ||||||
Description | Specifies the permissions that should be applied to files and directories created by a backup of the backend. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the file or directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Execute permissions are only applied to directories. If the underlying platform does not allow the full level of granularity specified in the permissions, then an attempt will be made to set them as closely as possible to the provided permissions, erring on the side of security. Due to Java platform limitations, it may not be possible to set group member permissions independently of other user permissions, even on UNIX. | ||||||
Default Value | 700 | ||||||
Allowed Values | Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions). Example values
| ||||||
Multi-Valued | No | ||||||
Required | No | ||||||
Admin Action Required | None. Modification requires no further action |
ldif-file (Advanced Property, Read-Only)
Property Group | Storage Configuration |
Description | Specifies the path to the LDIF file that serves as the backing file for this backend. |
Default Value | config/alerts.ldif |
Allowed Values | A filesystem path |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
To list the configured Backends:
dsconfig list-backends [--property {propertyName}] ...
To view the configuration for an existing Backend:
dsconfig get-backend-prop --backend-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Backend:
dsconfig set-backend-prop --backend-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...