Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Alert Backend provides information about administrative alerts that have been generated recently within the server.
The Alert Backend component inherits from the Notification Backend
The properties supported by this managed object are as follows:
| General Configuration Basic Properties: | Advanced Properties: |
|---|---|
| description | backend-id |
| enabled | base-dn |
| writability-mode | set-degraded-alert-when-disabled |
| return-unavailable-when-disabled | |
| backup-file-permissions | |
| Storage Configuration Basic Properties: | Advanced Properties: |
| None | ldif-file |
| Alert Configuration Basic Properties: | Advanced Properties: |
| alert-retention-time | None |
| max-alerts | |
| disabled-alert-type |
| Property Group | General Configuration |
| Description | A description for this Backend |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Property Group | General Configuration |
| Description | Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Property Group | General Configuration |
| Description | Specifies the behavior that the backend should use when processing write operations. |
| Default Value | enabled |
| Allowed Values | enabled - Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). disabled - Causes all write attempts to fail. internal-only - Causes external write attempts to fail but allows writes by replication and internal operations. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Property Group | Alert Configuration |
| Description | Specifies the maximum length of time that information about generated alerts should be maintained before they will be purged. |
| Default Value | 7 days |
| Allowed Values | A duration. Lower limit is 0 milliseconds. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Property Group | Alert Configuration |
| Description | Specifies the maximum number of alerts that should be retained. If more alerts than this configured maximum are generated within the alert retention time, then the oldest alerts will be purged to achieve this maximum. A value of zero indicates that no limit should be enforced on the maximum number of alerts. |
| Default Value | 1000 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Property Group | Alert Configuration |
| Description | Specifies the names of the alert types that should not be added to the backend. This can be used to suppress high volume alerts that might trigger hitting the max-alerts limit sooner than desired. Disabled alert types will not be sent out over persistent searches on this backend. |
| Default Value | Alerts of all types will be added to the backend. |
| Allowed Values | access-control-change - Indicates that a change has been made to the set of access control rules defined in the server. access-control-disabled - Indicates that access control evaluation has been disabled. access-control-enabled - Indicates that access control evaluation has been enabled. access-control-parse-failure - Indicates that an error occurred while trying to parse an access control rule. access-log-criteria-matched - Indicates that the server has processed an operation which matched the criteria for the admin alert access log publisher. alarm-cleared - Indicates that a previously reported alarm severity has been cleared. This does not indicate necessarily that an alarm has returned to normal as previous alarms may also be cleared before they worsen in severity. alarm-critical - Indicates that a service affecting condition has occurred and an immediate corrective action is required. Such a severity can be reported, for example, when a managed object becomes totally out of service and its capability must be restored. alarm-major - Indicates that a service affecting condition has developed and an urgent corrective action is required. Such a severity can be reported, for example, when there is a severe degradation in the capability of the managed object and its full capability must be restored. alarm-minor - Indicates the existence of a non-service affecting fault condition and that corrective action should be taken in order to prevent a more serious (for example, service affecting) fault. Such a severity can be reported, for example, when the detected alarm condition is not currently degrading the capacity of the managed object. alarm-warning - Indicates the detection of a potential or impending service affecting fault, before any significant effects have been felt. Action should be taken to further diagnose (if necessary) and correct the problem in order to prevent it from becoming a more serious service affecting fault. amazon-s3-create-bucket-failed - Indicates that an attempt to create an Amazon S3 bucket failed. amazon-s3-download-file-failed - Indicates that an attempt to download a file from an Amazon S3 bucket failed. amazon-s3-remove-bucket-failed - Indicates that an attempt to remove an Amazon S3 bucket failed. amazon-s3-remove-file-failed - Indicates that an attempt to remove a file from an Amazon S3 bucket failed. amazon-s3-upload-file-failed - Indicates that an attempt to upload a file to an Amazon S3 bucket failed. backend-disabled - Indicates that a Directory Proxy Server backend is disabled. backend-initialization-failed - Indicates that an error occurred while attempting to initialize a Directory Proxy Server backend. backup-failed - Indicates that an error occurred while trying to perform a backup. cannot-acquire-shared-backend-lock - Indicates that an error occurred while trying to acquire a shared lock for a backend. cannot-copy-schema-files - Indicates that an error occurred while trying to copy schema files during a schema update. cannot-decode-entry - Indicates that an error occurred while trying to decode an entry stored in a Directory Proxy Server backend. cannot-find-recurring-task - Indicates that the server could not find the task definition for a recurring task in order to schedule the next iteration. cannot-register-backend - Indicates that an error occurred while trying to register a backend. cannot-release-shared-backend-lock - Indicates that an error occurred while trying to release a shared lock for a backend. cannot-rename-current-task-file - Indicates that an error occurred while trying to rename the current task file. cannot-rename-new-task-file - Indicates that an error occurred while trying to rename the new task file. cannot-restore-backup - Indicates that an error occurred while trying to restore a backup. cannot-schedule-recurring-task-iteration - Indicates that an error occurred while trying to schedule a recurring task iteration. cannot-write-configuration - Indicates that an error occurred while trying to write an updated copy of the server configuration. cannot-write-new-schema-files - Indicates that an error occurred while trying to write a new copy of schema files during a schema update. cannot-write-server-state-file - Indicates that an error occurred while trying to write the server state file. cannot-write-task-backing-file - Indicates that an error occurred while trying to write to the task backing file. config-change - Indicates that a configuration change has been made in the Directory Proxy Server. console-logger-without-no-detach - Indicates that a console-based access or error logger has been enabled when the server is not running no-detach mode. crypto-manager-error - Indicates that the CryptoManager encountered an expected error while attempting to synchronize settings between the topology registry and the trust store backend. continuous-garbage-collection-detected - Indicates that the JVM garbage collector is running continuously. deadlock-detected - Indicates that a deadlock has been detected in the JVM in which the server is running. debug-logging-enabled - Indicates that Debug Logging is enabled. delegated-admin-configuration-errors - Indicates that Delegated Admin is not configured properly. duplicate-alerts-suppressed - This alert type is no longer used. Use the per-severity values, such as duplicate-error-alerts-suppressed, instead. duplicate-error-alerts-suppressed - Indicates that the server suppressed one or more duplicate error alert notifications. duplicate-fatal-alerts-suppressed - Indicates that the server suppressed one or more duplicate fatal alert notifications. duplicate-info-alerts-suppressed - Indicates that the server suppressed one or more duplicate info alert notifications. duplicate-warning-alerts-suppressed - Indicates that the server suppressed one or more duplicate warning alert notifications. encryption-settings-database-access-restored - Indicates that access to the encryption settings database has been restored after an outage. encryption-settings-database-inaccessible - Indicates that the encryption settings database was found to be inaccessible without relying on caching performed by the cipher stream provider. encryption-settings-database-prolonged-outage - Indicates that the encryption settings database has been inaccessible for a prolonged period of time. entering-lockdown-mode - Indicates that the server is entering lockdown mode, in which case it will only accept requests from users holding the lockdown-mode privilege, and only on connections from the loopback interface. entry-references-removed-attribute-type - Indicates that the server has encountered an entry whose encoded representation references an attribute type that was once defined in the server schema, but whose definition has since been removed. exec-task-launching-command - Indicates that the server is launching a command via the exec task. external-config-file-edit-handled - Indicates that the server has detected an external modification to the configuration file and copied that modification to a separate file. external-config-file-edit-lost - Indicates that the server has detected an external modification to the configuration file but that change was lost. external-server-initialization-failed - Indicates that an attempt to initialize an external server failed. failed-to-apply-mirrored-configuration - Indicates that although mirrored configuration was synchronized successfully from the master server, there were errors when applying it to the local server. A server restart is recommended in this case. file-retention-task-delete-failure - Indicates that a file retention task was unable to delete a file that matched the filename pattern and was outside the configured retention criteria. force-gc-complete - Indicates that the server has completed a forced synchronous garbage collection. force-gc-starting - Indicates that the server is about to invoke a forced synchronous garbage collection. global-index-insufficient-disk-space-error - Indicates that there is not enough space on the disk to persist the global index for a particular entry balancing request processor. global-index-persistence-error - Indicates that an unexpected error occurred while persisting the global index for a particular entry balancing request processor. global-index-read-error - Indicates that an unexpected error occurred while reading the global index for a particular entry balancing request processor from a previous persisted file. global-referential-integrity-update-failure - Indicates that an error occurred while attempting to identify or update references to an entry during global referential integrity processing. globally-unique-attribute-conflict - Indicates that the server has detected a conflict in a globally-unique attribute after a change involving that attribute had already been applied. health-check-available-to-degraded - Indicates that the health of an LDAP external server has been reclassified from AVAILABLE to DEGRADED. health-check-available-to-unavailable - Indicates that the health of an LDAP external server has been reclassified from AVAILABLE to UNAVAILABLE. health-check-degraded-to-available - Indicates that the health of an LDAP external server has been reclassified from DEGRADED to AVAILABLE. health-check-degraded-to-unavailable - Indicates that the health of an LDAP external server has been reclassified from DEGRADED to UNAVAILABLE. health-check-unavailable-to-available - Indicates that the health of an LDAP external server has been reclassified from UNAVAILABLE to AVAILABLE. health-check-unavailable-to-degraded - Indicates that the health of an LDAP external server has been reclassified from UNAVAILABLE to DEGRADED. http-connection-handler-duplicate-context-path - Indicates that more than one HTTP servlet or web application extension is registered to handle the same context path. The extension that handles requests for this context path will be indeterminate until the conflict is resolved. http-connection-handler-duplicate-servlet-extension - Indicates that two or more HTTP servlet extensions registered to an HTTP connection handler are based on the same type, but only one extension of that type may be assigned to the same HTTP connection handler. insecure-access-token-validator-enabled - Indicates that a Mock Access Token Validator is enabled. Mock Access Token Validators allow unauthenticated access to HTTP APIs, and should only be enabled in test or demonstration deployments. invalid-privilege - Indicates that a user has been configured with an invalid privilege. jvm-misconfiguration - Indicates that the recommended JVM flags for this server are either missing or misconfigured. lba-no-available-servers - Indicates that none of the LDAP external servers associated with a load-balancing algorithm are available. ldap-connection-handler-cannot-listen - Indicates that an LDAP connection encountered an error when it attempted to begin listening for client connections and will therefore be disabled. ldap-connection-handler-consecutive-failures - Indicates that an LDAP connection handler has encountered consecutive failures and will be disabled. ldap-connection-handler-uncaught-error - Indicates that an LDAP connection handler has encountered an uncaught error and will be disabled. ldif-backend-cannot-write - Indicates that a problem has occurred while trying to write to the backing file for an LDIF backend. ldif-connection-handler-parse-error - Indicates that an error occurred while trying to parse an LDIF file provided to an LDIF connection handler. ldif-connection-handler-io-error - Indicates that an LDIF connection handler has encountered an I/O error while trying to look for or process a set of changes. leaving-lockdown-mode - Indicates that the server is leaving lockdown mode and resuming normal operation. log-file-rotation-listener-invoke-error - Indicates that an error has occurred while attempting to invoke a log file rotation listener. log-file-rotation-listener-processing-takes-too-long - Indicates that one or more of the configured log file rotation listeners is taking too long to complete (log files are being rotated more quickly than the listeners can be invoked to process them). logging-error - Indicates that an error has occurred while attempting to log a message. low-disk-space-error - Indicates that the amount of usable disk space has dropped below the low space error threshold. low-disk-space-warning - Indicates that the amount of usable disk space has dropped below the low space warning threshold. mirrored-subtree-manager-forced-as-master-error - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, found that more than one server was forced to act as master either because no master could be found, or because more than one master was detected. mirrored-subtree-manager-forced-as-master-warning - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, found that a server was forced to act as master either because no master could be found, or because more than one master was detected. mirrored-subtree-manager-no-master-found - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, was unable to determine a suitable server to act as the master of the topology, which means that mirrored data cannot be updated. mirrored-subtree-server-not-in-topology - Indicates that this server is no longer functional because it does not exist in the topology registry most likely because it was removed from the topology with the remove-defunct-server tool. mirrored-subtree-manager-operation-error - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, encountered an unexpected error while processing an update operation. mirrored-subtree-manager-failed-outbound-connection - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, encountered an error while establishing a connection to a peer server within the configured grace period. mirrored-subtree-manager-connection-asymmetry - Indicates that the mirrored subtree manager, which is used to keep configuration data up-to-date across servers, has had an unequal number of outbound and inbound connections with its peer servers for more than the configured grace period. missing-schema-elements-referenced-by-backend - Indicates that a backend detected references to one or more schema elements that have been removed from the schema. monitoring-endpoint-unable-to-connect - Indicates that a monitoring endpoint was unable to connect or write to the configured host and port. no-enabled-alert-handlers - Indicates that this server does not have any alert handlers enabled beyond the default that logs to logs/error. offline-config-change-detected - Indicates that the server detected that an offline configuration change was made. out-of-disk-space-error - Indicates that the amount of usable disk space has dropped below the out of space error threshold. proxy-entry-balancing-operation-failure - Indicates that an entry balancing request processor attempted to execute an operation on all configured backend sets, but the operation failed on one or more sets. proxy-entry-balancing-error-multiple-operations-succeeded - Indicates that an entry balancing request processor successfully executed an operation on multiple backend sets. Only one backend set was expected to succeed with the operation. proxy-entry-rebalancing-admin-action-required - Indicates that administrative action is required to bring the entry-balanced servers back to a consistent state after an attempted rebalancing operation. restart-required - Indicates that the server must be restarted for configuration changes to take effect. schema-checking-disabled - Indicates that schema checking is disabled in the server. scim-lookthrough-limit-exceeded - Indicates that a search initiated by the SCIM 2 servlet extension failed because the lookthrough limit was exceeded. server-shutting-down - Indicates that the server has begun the shutdown process. server-starting - Indicates that the server has begun its startup process. server-started - Indicates that the server has completed its startup process. system-nanotime-stopped - Indicates that Java's System.nanoTime() has stopped returning updated values. system-current-time-shifted - Indicates that Java's System Current Time has shifted backwards. task-started - Indicates that an administrative task has started running. task-completed - Indicates that an administrative task completed successfully. task-failed - Indicates that an administrative task failed to complete successfully. third-party-extension-exception - Indicates that a third-party extension threw an unexpected exception. thread-exit-holding-lock - Indicates that a thread has exited while still holding one or more locks. uncaught-exception - Indicates that the server has detected an uncaught exception that may have caused a thread to terminate. unindexed-internal-search - Indicates that an internal component has initiated an unindexed search. unlicensed-product - Indicates that the server's license key is not set, is invalid, or has expired. unrecognized-alert-type - Indicates that the server encountered an alert type that it did not recognize. user-defined-error - Indicates that an externally-developed component has generated an error alert notification. user-defined-fatal - Indicates that an externally-developed component has generated a fatal error alert notification. user-defined-info - Indicates that an externally-developed component has generated an informational alert notification. user-defined-warning - Indicates that an externally-developed component has generated a warning alert notification. worker-thread-caught-error - Indicates that a worker thread encountered an unexpected error that has caused it to terminate. work-queue-backlogged - Indicates that the work queue has accumulated a significant backlog. work-queue-full - Indicates that the server work queue has reached its maximum capacity and has begun rejecting client requests. work-queue-no-threads-remaining - Indicates that the server will shut down because all worker threads have exited due to errors. server-jvm-paused - Indicates that the server's JVM paused possibly due to misconfiguration. sensitive-trace-data-logged-warning - Indicates that the configuration of a Trace Log Publisher might result in sensitive information being logged. account-temporarily-locked-account-status-notification - Indicates that an account status notification has been generated because a user's account has been temporarily locked as a result of too many failed authentication attempts. account-permanently-locked-account-status-notification - Indicates that an account status notification has been generated because a user's account has been permanently locked as a result of too many failed authentication attempts. account-unlocked-account-status-notification - Indicates that an account status notification has been generated because a user's account has been unlocked by an administrator. account-idle-locked-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because it has been too long since the user last successfully authenticated. account-reset-locked-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because the user did not choose a new password in a timely manner after an administrative password reset. account-disabled-account-status-notification - Indicates that an account status notification has been generated because a user account has been administratively disabled. account-enabled-account-status-notification - Indicates that an account status notification has been generated because a user account has been administratively enabled. account-not-yet-active-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because the user's account has an activation time that is in the future. account-expired-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because the user's account has an expiration time that is in the past. password-expired-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because the user's password is expired. password-expiring-account-status-notification - Indicates that an account status notification has been generated because a user has received their first warning about an upcoming password expiration. password-reset-account-status-notification - Indicates that an account status notification has been generated because a user's password has been reset by an administrator. password-changed-account-status-notification - Indicates that an account status notification has been generated because a user has changed their own password. account-authenticated-account-status-notification - Indicates that an account status notification has been generated because an account authenticated with a bind operation that matches a defined set of criteria. account-created-account-status-notification - Indicates that an account status notification has been generated because a new entry has been created with an add operation that matches a defined set of criteria. account-deleted-account-status-notification - Indicates that an account status notification has been generated because an entry has been removed with a delete operation that matches a defined set of criteria. account-updated-account-status-notification - Indicates that an account status notification has been generated because an entry has been updated with a modify or modify DN operation that matches a defined set of criteria. bind-password-failed-validation-account-status-notification - Indicates that an account status notification has been generated because an authentication attempt has failed because the provided password failed to satisfy all of the configured password validators. must-change-password-account-status-notification - Indicates that an account status notification has been generated because a user has successfully authenticated but must choose a new password before they will be allowed to request other operations. privilege-assigned - Indicates that one or more privileges have been assigned to a user or set of users. insecure-request-rejected - Indicates that a request was rejected because it was received over an insecure connection and the server has been configured to reject insecure requests. replace-certificate-succeeded - Indicates that an attempt to process a replace certificate extended operation succeeded. replace-certificate-failed - Indicates that an attempt to process a replace certificate extended operation failed. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
backend-id (Advanced Property, Read-Only)
| Property Group | General Configuration |
| Description | Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. |
| Default Value | alerts |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
base-dn (Advanced Property, Read-Only)
| Property Group | General Configuration |
| Description | Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. |
| Default Value | cn=alerts |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
Although it is currently supported, the use of multiple base DNs per backend is not recommended and this capability may be removed in the future. If you are considering the use of multiple base DNs in a backend, you should first contact Ping Identity support to discuss this configuration |
set-degraded-alert-when-disabled (Advanced Property)
| Property Group | General Configuration |
| Description | Determines whether the Directory Proxy Server enters a DEGRADED state (and sends a corresponding alert) when this Backend is disabled. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
return-unavailable-when-disabled (Advanced Property)
| Property Group | General Configuration |
| Description | Determines whether any LDAP operation that would use this Backend is to return UNAVAILABLE when this Backend is disabled. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
backup-file-permissions (Advanced Property)
| Property Group | General Configuration | ||||||
| Description | Specifies the permissions that should be applied to files and directories created by a backup of the backend. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the file or directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Execute permissions are only applied to directories. If the underlying platform does not allow the full level of granularity specified in the permissions, then an attempt will be made to set them as closely as possible to the provided permissions, erring on the side of security. Due to Java platform limitations, it may not be possible to set group member permissions independently of other user permissions, even on UNIX. | ||||||
| Default Value | 700 | ||||||
| Allowed Values | Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions). Example values
| ||||||
| Multi-Valued | No | ||||||
| Required | No | ||||||
| Admin Action Required | None. Modification requires no further action |
ldif-file (Advanced Property, Read-Only)
| Property Group | Storage Configuration |
| Description | Specifies the path to the LDIF file that serves as the backing file for this backend. |
| Default Value | config/alerts.ldif |
| Allowed Values | A filesystem path |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Backends:
dsconfig list-backends
[--property {propertyName}] ...
To view the configuration for an existing Backend:
dsconfig get-backend-prop
--backend-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Backend:
dsconfig set-backend-prop
--backend-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...