SNMP Monitoring and Management (original) (raw)
Simple Network Management Protocol (SNMP) is an industry standard for network management. Objects managed by SNMP are arranged in management information bases (MIBs). The SNMP agent publishes thestandard MIB for the Java virtual machine instrumentation.
Enabling the SNMP Agent
To monitor a Java virtual machine (JVM) with SNMP:
- Enable a SNMP agent when you start the JVM. You can enable the SNMP agent for:
- Monitor the JVM with an SNMP-compliant tool.
For general information on setting system properties when you start the JVM, see Setting System Properties.
Single-user Environment
To enable the SNMP agent for a single user environment, set this system property when you start the JVM:
com.sun.management.snmp.port=_portNum_
where portNum is the port number to use for monitoring. Setting this property starts an SNMP agent that listens on the specified port number for incoming SNMP requests.
Copy the ACL template file in_JREHOME_/lib/management/snmp.acl.templateto _JREHOME_/lib/management/snmp.acl, make it readable and writeable by only the owner, and add community strings as needed.
Multi-user environment
To enable the SNMP agent for a multi-user installation of the JRE, set the following system properties when you start the JVM:
com.sun.management.snmp.port=portNum com.sun.management.snmp.acl.file=ACLFilePath
where portNum is the port number to use for monitoring, and ACLFilePath is the path to the ACL file.
Copy the ACL template file from_JREHOME_/lib/management/snmp.acl.template to a file named snmp.acl in your home directory, make it readable and writeable by only the owner, and add community strings as needed.
Access Control List File
An Access Control List (ACL) template file is provided at_JREHOME_/lib/management/snmp.acl.template. Copy this file to _JREHOME_/lib/management/snmp.aclor to your home directory. Ensure that only you have read and write permissions, since the file contains unencrypted SNMP community strings. For security reasons, the system checks that only the owner has read and write permissions on the file and exits with an error if not. Thus, in a multi-user environment, put this file in private location such as your home directory.
Sample ACL entries:
#The communities public and private are allowed access from the local host.
acl = {
{
communities = public, private
access = read-only
managers = localhost
}
}
Traps are sent to localhost only
trap = {
{
trap-community = public
hosts = localhost
}
}
SNMP Monitoring and Management Properties
You can set monitoring and management properties in a configuration file or on the command line. Properties specified on the command line override properties in a configuration file. The default location for the configuration file is_JREHOME_/lib/management/management.properties, where JRE_HOME is the directory where the JDK is installed. The JVM reads this file if the command-line propertycom.sun.management.snmp.port is set. JMX management uses the same configuration file.
You can specify a different location for the configuration file with the command-line option:
com.sun.management.config.file=ConfigFilePath
where ConfigFilePath is the path to the configuration file.
You must specify all system properties when you start the JVM. After the JVM has started, changes to system properties (for example, via setProperty method), to the password file, ACL file, or configuration file have no effect.
The following table describes all the SNMP management properties.
SNMP Management and Monitoring Properties
| Property Name | Description | Default |
|---|---|---|
| com.sun.management.snmp.trap | Remote port to which the SNMP agent sends traps. | 162 |
| com.sun.management.snmp.interface | Optional. The local host InetAddress, to force the SNMP agent to bind to the given InetAddress. This is for multi-home hosts if one wants to listen to a specific subnet only. | N/A |
| com.sun.management.snmp.acl.file | Path to a valid ACL file. After the JVM has started, modifying the ACL file has no effect. | JRE_HOME/lib/management/snmp.acl |
Configuration Errors
If any errors occur during start up of the the SNMP agent, the JVM will throw an exception and exit. Configuration errors include:
- Failure to bind to the port number
- Password file is readable by anyone other than the owner.
- Invalid SNMP ACL file
If your application runs a security manager, then additional permissions are required in the security permissions file.