SNMP Agents: Configuration: General
Configuration Options Related Tasks Related Topics
An SNMP agent receives requests from SNMP managers and sends responses and notifications to managers.
Name Description Enabled
Specifies whether this SNMP agent is enabled.
SNMP UDP Port
The port on which you want this SNMP agent to listen for incoming requests from SNMP managers that use the UDP protocol.
SNMP managers can use this port to ping the SNMP agent and request the status of specific attributes.
If you target this SNMP agent to multiple server instances, and if two or more servers are running on the same computer, WebLogic Server will automatically increment this UDP port value by 1 for each agent. WebLogic Server never assigns port 162 because it is the default port that an agent uses to send notifications. In addition, if any port is already in use, WebLogic Server skips the port and assigns the next available port.
For example, if you use the default value of this attribute and then target this agent to ManagedServer1 and ManagedServer2, and if both servers are running on the same computer, then the agent on ManagedServer1 will listen on UDP port 161 and the agent on ManagedServer2 will listen on UDP port 163.
The incremented port number is not persisted in the domain's configuration; when WebLogic Server increments port numbers, it does so in the order in which servers are started on the same computer.
If WebLogic Server re-assigns the UDP port for an SNMP agent, look in the agent's SNMPAgentRuntimeMBean to see the agent's runtime UDP port.
SNMP agents can also communicate through the host server's TCP listen port (7001 by default) or through a TCP port that is configured by a custom network channel.
Master AgentX Port
The port that this SNMP agent uses to communicate with its subagents.
The agent uses subagents to provide access to custom MBeans (MBeans that you create and register) and to other software components. WebLogic Server SNMP agents do not enable users to register their own subagents.
Community Based Access Enabled
Specifies whether this SNMP agent supports SNMPv1 and v2.
SNMPv1 and v2 use community strings for authentication. If you disable community strings for this SNMP agent, the agent will process only SNMPv3 requests. If an SNMP manager sends a v1 or v2 message, the agent discards the message and returns an error code to the manager.
The password (community name) that you want this SNMP agent to use to secure SNMPv1 or v2 communication with SNMP managers. Requires you to enable community based access for this agent.
SNMPv3 does not use community names. Instead, it encrypts user names and passwords in its PDUs.
When you use SNMPv1 or v2, there are two community names that are needed when the WebLogic SNMP agent and SNMP managers interact:
The name that you specify in this community prefix. All SNMP managers must send this name when connecting to this SNMP agent.
The community name that the SNMP manager defines. The SNMP agent must send this name when connecting to the manager. (You supply this community name when you configure a trap destination.)
In addition to using the community prefix as a password, an SNMP agent on an Administration Server uses the prefix to qualify requests from SNMP managers. Because the Administration Server can access data for all WebLogic Server instances in a domain, a request that specifies only an attribute name is potentially ambiguous. For example, the attribute
serverUptimeexists for each WebLogic Server instance in a domain. To clarify requests that you send to SNMP agents on Administration Servers, use the community prefix as follows:
To request the value of an attribute on a specific Managed Server, when you send a request from an SNMP manager, append the name of the server instance to the community prefix:
To request the value of an attribute for all server instances in a domain, send a community name with the following form:
To secure access to the values of the WebLogic attributes when using the SNMPv1 or v2 protocols, it is recommended that you set community prefix to a value other than
You cannot specify a null (empty) value for the community prefix when SNMP agent is enabled. If you do not want this agent to receive SNMPv1 or v2 requests, disable community based access.
A unique value, should not be public or private
The SNMP notification version that this SNMP agent generates.
Send Automatic Traps Enabled
Specifies whether this SNMP agent sends automatically generated notifications to SNMP managers.
The SNMP agent generates automatic notifications when any of the following events occur:
The WebLogic Server instance that is hosting the SNMP agent starts.
This type of notification (coldStart) has no variable bindings.
A server instance starts or stops.
An SNMP agent on a Managed Server generates these notifications only when its host Managed Server starts or stops. An SNMP agent on an Administration Server generates these notifications when any server in the domain starts or stops.
These notification types (serverStart and serverShutdown) contain variable bindings to identify the server that started or stopped and the time at which the notification was generated.
An identifier for this SNMP agent that is unique amongst all other SNMP agents in the current WebLogic Server domain.
If you use SNMPv3 to send messages to this SNMP agent, you must specify the SNMP engine ID when you configure the SNMP manager.
For an SNMP agent on an Administration Server, the default value is the name of the WebLogic Server domain. For an agent on a Managed Server, the default is the name of the server.
The protocol that this SNMP agent uses to ensure that only authorized users can request or receive information about your WebLogic Server domain. Applicable only with SNMPv3.
The protocol also ensures message integrity and prevents masquerading and reordered, delayed, or replayed messages.
To use this protocol when receiving requests from SNMP managers, you must configure credential mapping in the WebLogic Server security realm. To use this protocol when sending responses or notifications, you must configure the security level of your trap destinations.
If you do not choose an authentication protocol, then the SNMP agent does not authenticate incoming SNMPv3 requests; anyone can use SNMPv3 to retrieve information about your WebLogic Server domain.
The protocol that this SNMP agent uses to encrypt and unencrypt messages. Applicable only with SNMPv3. Requires you to also use an authentication protocol.
To use this protocol when sending responses or notifications, you must also configure the security level of your trap destinations.
If you do not choose a privacy protocol, then communication between this agent and managers can be viewed (but not altered) by unauthorized users.
Configures this SNMP agent to send notifications as an INFORM instead of a TRAP. Requires you to specify the agent's SNMPTrapVersion as SNMPv2 or SNMPv3.
When an agent sends an INFORM notification, it waits for a confirmation response from the SNMP manager. If it does not receive a response, it resends the INFORM notification.
Inform Retry Interval
The number of milliseconds that this SNMP agent will wait for a response to an INFORM notification.
If the agent does not receive a response within the specified interval, it will resend the notification.
Maximum Inform Retry Count
The maximum number of times that this SNMP agent will resend INFORM notifications for which it has not received a response.
Credential Cache Invalidation Interval
The number of milliseconds after which WebLogic Server invalidates its cache of SNMP security keys. Setting a high value creates a risk that users whose credentials have been removed can still access SNMP data.
An SNMP security key is an encrypted version of an SNMP agent's engine ID and an authentication password or privacy password. WebLogic Server generates one security key for each entry that you create in the SNMP credential map. When a WebLogic Server SNMP agent receives an SNMPv3 request, it compares the key that is in the request with its WebLogic Server keys. If it finds a match, it processes the request. The SNMP agent also encodes these keys in its responses and notifications. (You configure which keys are encoded when you create a trap destination.)
Instead of regenerating the keys for each SNMPv3 communication, WebLogic Server caches the keys. To make sure that the cache contains the latest set of SNMP credentials, WebLogic Server periodically invalidates the cache. After the cache is invalidated, the next time an SNMP agent requests credentials, WebLogic Server regenerates the cache.
Note that making a change to the credential map does not automatically update the cache. Instead, the cache is updated only after it has been invalidated.
For example, if you update a privacy password in an existing entry in the SNMP credential map, the SNMP agent is not aware of the new password until the key cache is invalidated and regenerated. An SNMP user with the old security password can still access WebLogic Server data until the cache is invalidated.
You can invalidate a key immediately instead of waiting for this invalidation interval to expire.
Access For User MBeans Enabled
Configures this SNMP agent to provide read-only access to MBean types that you have created and registered (custom MBeans).
If you enable this access, when you register a custom MBean in a WebLogic Server MBeanServer, this SNMP agent dynamically updates a runtime MIB module that WebLogic Server maintains for custom MBeans.
For each custom MBean type, WebLogic Server adds a table to the MIB module. For each instance of the custom MBean, it adds a table row. While WebLogic Server does not persist the MIB as a file or other data structure, the OIDs in the MIB remain constant across server sessions.
The MIB module for custom MBeans is managed by a subAgent. Its master agent is this WebLogic Server SNMP agent and it communicates with the master agent through the AgentX port.
- Use SNMP to monitor WebLogic Server
- Create an SNMP network channel
- Secure SNMPv3 communication
- Configure INFORM notifications
- Verify notification generation