Data Sync Server Documentation Index
Configuration Reference Home

Alert Backend

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The Alert Backend provides information about administrative alerts that have been generated recently within the server.

Parent Component
Properties
dsconfig Usage

Parent Component

The Alert Backend component inherits from the Notification Backend

Properties

The properties supported by this managed object are as follows:


General Configuration Basic Properties: Advanced Properties:
↓ description ↓ backend-id
↓ enabled ↓ base-dn
↓ writability-mode ↓ set-degraded-alert-when-disabled
↓ return-unavailable-when-disabled
↓ backup-file-permissions
Storage Configuration Basic Properties: Advanced Properties:
 None ↓ ldif-file
Alert Configuration Basic Properties: Advanced Properties:
↓ alert-retention-time  None
↓ max-alerts
↓ disabled-alert-type

Basic Properties

description

Property Group
General Configuration
Description
A description for this Backend
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Property Group
General Configuration
Description
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

writability-mode

Property Group
General Configuration
Description
Specifies the behavior that the backend should use when processing write operations.
Default Value
enabled
Allowed Values
enabled - Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).

disabled - Causes all write attempts to fail.

internal-only - Causes external write attempts to fail but allows writes by replication and internal operations.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

alert-retention-time

Property Group
Alert Configuration
Description
Specifies the maximum length of time that information about generated alerts should be maintained before they will be purged.
Default Value
7 days
Allowed Values
A duration. Lower limit is 0 milliseconds.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

max-alerts

Property Group
Alert Configuration
Description
Specifies the maximum number of alerts that should be retained. If more alerts than this configured maximum are generated within the alert retention time, then the oldest alerts will be purged to achieve this maximum. A value of zero indicates that no limit should be enforced on the maximum number of alerts.
Default Value
1000
Allowed Values
An integer value. Lower limit is 0.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

disabled-alert-type

Property Group
Alert Configuration
Description
Specifies the names of the alert types that should not be added to the backend. This can be used to suppress high volume alerts that might trigger hitting the max-alerts limit sooner than desired. Disabled alert types will not be sent out over persistent searches on this backend.
Default Value
Alerts of all types will be added to the backend.
Allowed Values
access-log-criteria-matched - Indicates that the server has processed an operation which matched the criteria for the admin alert access log publisher.

alarm-cleared - Indicates that a previously reported alarm severity has been cleared. This does not indicate necessarily that an alarm has returned to normal as previous alarms may also be cleared before they worsen in severity.

alarm-critical - Indicates that a service affecting condition has occurred and an immediate corrective action is required. Such a severity can be reported, for example, when a managed object becomes totally out of service and its capability must be restored.

alarm-major - Indicates that a service affecting condition has developed and an urgent corrective action is required. Such a severity can be reported, for example, when there is a severe degradation in the capability of the managed object and its full capability must be restored.

alarm-minor - Indicates the existence of a non-service affecting fault condition and that corrective action should be taken in order to prevent a more serious (for example, service affecting) fault. Such a severity can be reported, for example, when the detected alarm condition is not currently degrading the capacity of the managed object.

alarm-warning - Indicates the detection of a potential or impending service affecting fault, before any significant effects have been felt. Action should be taken to further diagnose (if necessary) and correct the problem in order to prevent it from becoming a more serious service affecting fault.

backup-failed - Indicates that an error occurred while trying to perform a backup.

cannot-copy-schema-files - Indicates that an error occurred while trying to copy schema files during a schema update.

cannot-find-recurring-task - Indicates that the server could not find the task definition for a recurring task in order to schedule the next iteration.

cannot-rename-current-task-file - Indicates that an error occurred while trying to rename the current task file.

cannot-rename-new-task-file - Indicates that an error occurred while trying to rename the new task file.

cannot-restore-backup - Indicates that an error occurred while trying to restore a backup.

cannot-schedule-recurring-task-iteration - Indicates that an error occurred while trying to schedule a recurring task iteration.

cannot-write-configuration - Indicates that an error occurred while trying to write an updated copy of the server configuration.

cannot-write-new-schema-files - Indicates that an error occurred while trying to write a new copy of schema files during a schema update.

cannot-write-server-state-file - Indicates that an error occurred while trying to write the server state file.

cannot-write-task-backing-file - Indicates that an error occurred while trying to write to the task backing file.

config-change - Indicates that a configuration change has been made in the Data Sync Server.

console-logger-without-no-detach - Indicates that a console-based access or error logger has been enabled when the server is not running no-detach mode.

crypto-manager-error - Indicates that the CryptoManager encountered an expected error while attempting to synchronize settings between the topology registry and the trust store backend.

continuous-garbage-collection-detected - Indicates that the JVM garbage collector is running continuously.

deadlock-detected - Indicates that a deadlock has been detected in the JVM in which the server is running.

debug-logging-enabled - Indicates that Debug Logging is enabled.

duplicate-alerts-suppressed - This alert type is no longer used. Use the per-severity values, such as duplicate-error-alerts-suppressed, instead.

duplicate-error-alerts-suppressed - Indicates that the server suppressed one or more duplicate error alert notifications.

duplicate-fatal-alerts-suppressed - Indicates that the server suppressed one or more duplicate fatal alert notifications.

duplicate-info-alerts-suppressed - Indicates that the server suppressed one or more duplicate info alert notifications.

duplicate-warning-alerts-suppressed - Indicates that the server suppressed one or more duplicate warning alert notifications.

entering-lockdown-mode - Indicates that the server is entering lockdown mode, in which case it will only accept requests from users holding the lockdown-mode privilege, and only on connections from the loopback interface.

entry-references-removed-attribute-type - Indicates that the server has encountered an entry whose encoded representation references an attribute type that was once defined in the server schema, but whose definition has since been removed.

exec-task-launching-command - Indicates that the server is launching a command via the exec task.

external-config-file-edit-handled - Indicates that the server has detected an external modification to the configuration file and copied that modification to a separate file.

external-config-file-edit-lost - Indicates that the server has detected an external modification to the configuration file but that change was lost.

external-server-initialization-failed - Indicates that an attempt to initialize an external server failed.

failed-to-apply-mirrored-configuration - Indicates that although mirrored configuration was synchronized successfully from the master server, there were errors when applying it to the local server. A server restart is recommended in this case.

file-retention-task-delete-failure - Indicates that a file retention task was unable to delete a file that matched the filename pattern and was outside the configured retention criteria.

force-gc-complete - Indicates that the server has completed a forced synchronous garbage collection.

force-gc-starting - Indicates that the server is about to invoke a forced synchronous garbage collection.

health-check-available-to-degraded - Indicates that the health of an LDAP external server has been reclassified from AVAILABLE to DEGRADED.

health-check-available-to-unavailable - Indicates that the health of an LDAP external server has been reclassified from AVAILABLE to UNAVAILABLE.

health-check-degraded-to-available - Indicates that the health of an LDAP external server has been reclassified from DEGRADED to AVAILABLE.

health-check-degraded-to-unavailable - Indicates that the health of an LDAP external server has been reclassified from DEGRADED to UNAVAILABLE.

health-check-unavailable-to-available - Indicates that the health of an LDAP external server has been reclassified from UNAVAILABLE to AVAILABLE.

health-check-unavailable-to-degraded - Indicates that the health of an LDAP external server has been reclassified from UNAVAILABLE to DEGRADED.

http-connection-handler-duplicate-context-path - Indicates that more than one HTTP servlet or web application extension is registered to handle the same context path. The extension that handles requests for this context path will be indeterminate until the conflict is resolved.

http-connection-handler-duplicate-servlet-extension - Indicates that two or more HTTP servlet extensions registered to an HTTP connection handler are based on the same type, but only one extension of that type may be assigned to the same HTTP connection handler.

insecure-access-token-validator-enabled - Indicates that a Mock Access Token Validator is enabled. Mock Access Token Validators allow unauthenticated access to HTTP APIs, and should only be enabled in test or demonstration deployments.

invalid-privilege - Indicates that a user has been configured with an invalid privilege.

jvm-misconfiguration - Indicates that the recommended JVM flags for this server are either missing or misconfigured.

ldap-connection-handler-cannot-listen - Indicates that an LDAP connection encountered an error when it attempted to begin listening for client connections and will therefore be disabled.

ldap-connection-handler-consecutive-failures - Indicates that an LDAP connection handler has encountered consecutive failures and will be disabled.

ldap-connection-handler-uncaught-error - Indicates that an LDAP connection handler has encountered an uncaught error and will be disabled.

ldif-backend-cannot-write - Indicates that a problem has occurred while trying to write to the backing file for an LDIF backend.

ldif-connection-handler-parse-error - Indicates that an error occurred while trying to parse an LDIF file provided to an LDIF connection handler.

ldif-connection-handler-io-error - Indicates that an LDIF connection handler has encountered an I/O error while trying to look for or process a set of changes.

leaving-lockdown-mode - Indicates that the server is leaving lockdown mode and resuming normal operation.

log-file-rotation-listener-invoke-error - Indicates that an error has occurred while attempting to invoke a log file rotation listener.

log-file-rotation-listener-processing-takes-too-long - Indicates that one or more of the configured log file rotation listeners is taking too long to complete (log files are being rotated more quickly than the listeners can be invoked to process them).

logging-error - Indicates that an error has occurred while attempting to log a message.

low-disk-space-error - Indicates that the amount of usable disk space has dropped below the low space error threshold.

low-disk-space-warning - Indicates that the amount of usable disk space has dropped below the low space warning threshold.

mirrored-subtree-manager-forced-as-master-error - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, found that more than one server was forced to act as master either because no master could be found, or because more than one master was detected.

mirrored-subtree-manager-forced-as-master-warning - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, found that a server was forced to act as master either because no master could be found, or because more than one master was detected.

mirrored-subtree-manager-no-master-found - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, was unable to determine a suitable server to act as the master of the topology, which means that mirrored data cannot be updated.

mirrored-subtree-server-not-in-topology - Indicates that this server is no longer functional because it does not exist in the topology registry most likely because it was removed from the topology with the remove-defunct-server tool.

mirrored-subtree-manager-operation-error - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, encountered an unexpected error while processing an update operation.

mirrored-subtree-manager-failed-outbound-connection - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, encountered an error while establishing a connection to a peer server within the configured grace period.

mirrored-subtree-manager-connection-asymmetry - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, has had an unequal number of outbound and inbound connections with its peer servers for more than the configured grace period.

missing-schema-elements-referenced-by-backend - Indicates that a backend detected references to one or more schema elements that have been removed from the schema.

monitoring-endpoint-unable-to-connect - Indicates that a monitoring endpoint was unable to connect or write to the configured host and port.

no-enabled-alert-handlers - Indicates that this server does not have any alert handlers enabled beyond the default that logs to logs/error.

offline-config-change-detected - Indicates that the server detected that an offline configuration change was made.

out-of-disk-space-error - Indicates that the amount of usable disk space has dropped below the out of space error threshold.

restart-required - Indicates that the server must be restarted for configuration changes to take effect.

schema-checking-disabled - Indicates that schema checking is disabled in the server.

server-shutting-down - Indicates that the server has begun the shutdown process.

server-starting - Indicates that the server has begun its startup process.

server-started - Indicates that the server has completed its startup process.

sync-resource-connection-error - Indicates that there was an error when establishing a connection to an external server by the Data Sync Server.

sync-resource-operation-error - Indicates that the Data Sync Server experienced an error while processing an operation at an external server.

sync-pipe-initialization-error - Indicates that a Sync Pipe experienced an error while initializing.

sync-pipe-backlog-above-threshold - Indicates that a Sync Pipe has a large amount of unretrieved changes.

sync-pipe-backlog-below-threshold - Indicates that a Sync Pipe was backlogged but now the number of unretrieved changes is back below the configured threshold.

system-nanotime-stopped - Indicates that Java's System.nanoTime() has stopped returning updated values.

system-current-time-shifted - Indicates that Java's System Current Time has shifted backwards.

task-started - Indicates that an administrative task has started running.

task-completed - Indicates that an administrative task completed successfully.

task-failed - Indicates that an administrative task failed to complete successfully.

third-party-extension-exception - Indicates that a third-party extension threw an unexpected exception.

thread-exit-holding-lock - Indicates that a thread has exited while still holding one or more locks.

uncaught-exception - Indicates that the server has detected an uncaught exception that may have caused a thread to terminate.

unindexed-internal-search - Indicates that an internal component has initiated an unindexed search.

unlicensed-product - Indicates that the server's license key is not set, is invalid, or has expired.

unrecognized-alert-type - Indicates that the server encountered an alert type that it did not recognize.

user-defined-error - Indicates that an externally-developed component has generated an error alert notification.

user-defined-fatal - Indicates that an externally-developed component has generated a fatal error alert notification.

user-defined-info - Indicates that an externally-developed component has generated an informational alert notification.

user-defined-warning - Indicates that an externally-developed component has generated a warning alert notification.

worker-thread-caught-error - Indicates that a worker thread encountered an unexpected error that has caused it to terminate.

work-queue-backlogged - Indicates that the work queue has accumulated a significant backlog.

work-queue-full - Indicates that the server work queue has reached its maximum capacity and has begun rejecting client requests.

work-queue-no-threads-remaining - Indicates that the server will shut down because all worker threads have exited due to errors.

server-jvm-paused - Indicates that the server's JVM paused possibly due to misconfiguration.

sensitive-trace-data-logged-warning - Indicates that the configuration of a Trace Log Publisher might result in sensitive information being logged.

account-temporarily-locked-account-status-notification - Indicates that an account status notification has been generated because a user's account has been temporarily locked as a result of too many failed authentication attempts.

account-permanently-locked-account-status-notification - Indicates that an account status notification has been generated because a user's account has been permanently locked as a result of too many failed authentication attempts.

account-unlocked-account-status-notification - Indicates that an account status notification has been generated because a user's account has been unlocked by an administrator.

account-idle-locked-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because it has been too long since the user last successfully authenticated.

account-reset-locked-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because the user did not choose a new password in a timely manner after an administrative password reset.

account-disabled-account-status-notification - Indicates that an account status notification has been generated because a user account has been administratively disabled.

account-enabled-account-status-notification - Indicates that an account status notification has been generated because a user account has been administratively enabled.

account-not-yet-active-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because the user's account has an activation time that is in the future.

account-expired-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because the user's account has an expiration time that is in the past.

password-expired-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because the user's password is expired.

password-expiring-account-status-notification - Indicates that an account status notification has been generated because a user has received their first warning about an upcoming password expiration.

password-reset-account-status-notification - Indicates that an account status notification has been generated because a user's password has been reset by an administrator.

password-changed-account-status-notification - Indicates that an account status notification has been generated because a user has changed their own password.

account-created-account-status-notification - Indicates that an account status notification has been generated because a new entry has been created with an add operation that matches a defined set of criteria.

account-updated-account-status-notification - Indicates that an account status notification has been generated because an entry has been updated with a modify or modify DN operation that matches a defined set of criteria.

bind-password-failed-validation-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because the provided password failed to satisfy all of the configured password validators.

must-change-password-account-status-notification - Indicates that an account status notification has been generated because a user has successfully authenticated but must choose a new password before they will be allowed to request other operations.

privilege-assigned - Indicates that one or more privileges have been assigned to a user or set of users.

insecure-request-rejected - Indicates that a request was rejected because it was received over an insecure connection and the server has been configured to reject insecure requests.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action


Advanced Properties

backend-id (Advanced Property, Read-Only)

Property Group
General Configuration
Description
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
Default Value
alerts
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

base-dn (Advanced Property, Read-Only)

Property Group
General Configuration
Description
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
Default Value
cn=alerts
Allowed Values
A valid DN.
Multi-Valued
Yes
Required
Yes
Admin Action Required
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Although it is currently supported, the use of multiple base DNs per backend is not recommended and this capability may be removed in the future. If you are considering the use of multiple base DNs in a backend, you should first contact Ping Identity support to discuss this configuration

set-degraded-alert-when-disabled (Advanced Property)

Property Group
General Configuration
Description
Determines whether the Data Sync Server enters a DEGRADED state (and sends a corresponding alert) when this Backend is disabled.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

return-unavailable-when-disabled (Advanced Property)

Property Group
General Configuration
Description
Determines whether any LDAP operation that would use this Backend is to return UNAVAILABLE when this Backend is disabled.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

backup-file-permissions (Advanced Property)

Property Group
General Configuration
Description
Specifies the permissions that should be applied to files and directories created by a backup of the backend. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the file or directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Execute permissions are only applied to directories. If the underlying platform does not allow the full level of granularity specified in the permissions, then an attempt will be made to set them as closely as possible to the provided permissions, erring on the side of security. Due to Java platform limitations, it may not be possible to set group member permissions independently of other user permissions, even on UNIX.
Default Value
700
Allowed Values
Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions).

Example values
Value Synopsis
700 Grant the owner read, write and execute permissions. Deny all other users permissions.
750 Grant the owner read, write and execute permissions. Grant the group read and execute permissions. Deny all other users permissions.

Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

ldif-file (Advanced Property, Read-Only)

Property Group
Storage Configuration
Description
Specifies the path to the LDIF file that serves as the backing file for this backend.
Default Value
config/alerts.ldif
Allowed Values
A filesystem path
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Backends:

dsconfig list-backends
     [--property {propertyName}] ...

To view the configuration for an existing Backend:

dsconfig get-backend-prop
     --backend-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Backend:

dsconfig set-backend-prop
     --backend-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...