5 SNMP Monitoring and Management

The Simple Network Management Protocol (SNMP) is an industry standard for network management. Objects managed by SNMP are arranged in management information bases (MIBs). The SNMP agent publishes the standard MIB for the Java virtual machine (Java VM) instrumentation. The file JVM-MANAGEMENT-MIB.mib is the standard MIB for monitoring and management of the Java VM.

Enabling the SNMP Agent

To monitor a Java VM with SNMP, you must first enable an SNMP agent when you start the Java VM. You can enable the SNMP agent for either a single-user environment or a multiple-user environment. Then, you can monitor the Java VM with an SNMP-compliant tool.

For general information on setting system properties when you start the Java VM, see Setting System Properties. How to enable the SNMP agent in single-user and multiple-user environments is described in the following sections. The process is the same for both environments, but the actions performed are slightly different.

Access Control List File

An access control list (ACL) template file is provided with the Java Platform, Standard Edition (Java SE platform) in JRE_HOME/lib/management/snmp.acl.template, where JRE_HOME is the directory in which the Java Runtime Environment (JRE) implementation is installed. Copy this file to either JRE_HOME/lib/management/snmp.acl or to your home directory, depending on whether you are operating in a single-user or multiple-user environment. Ensure that only you have read permissions, because the file contains nonencrypted SNMP community strings. For security reasons, the system checks that only the owner has read permissions on the file and exits with an error if this is not the case. Thus, in a multiple-user environment, you should put this file in private location, such as your home directory.

Example 5-1 shows some possible entries in an ACL file.

Example 5-1 Sample ACL Entries

#The communities public and private are allowed access from the local host.
acl = {
        {
          communities = public, private
          access = read-only
          managers = localhost
        }
      }
# Traps are sent to localhost only
trap = {
          {
            trap-community = public
            hosts = localhost
          }
        }

To Enable the SNMP Agent in a Single-User Environment

Set the following system property when you start the Java VM:
```
com.sun.management.snmp.port=portNum
```
The portNum is the port number to use for monitoring. Setting this property starts an SNMP agent that listens on the specified port number for incoming SNMP requests.
Create an ACL file:
Copy the ACL template file from JRE_HOME/lib/management/snmp.acl.template to JRE_HOME/lib/management/snmp.acl.
Set the permissions on the ACL file:
Ensure that the ACL file is readable by only the owner and add community strings as needed.

To Enable the SNMP Agent in a Multiple-User Environment

Set the following system properties when you start the Java VM:
```
com.sun.management.snmp.port=portNum
com.sun.management.snmp.acl.file=ACLFilePath
```
The ACLFilePath is the path to the ACL file.
Create an ACL file:
Copy the ACL template file from JRE_HOME/lib/management/snmp.acl.template to a file named snmp.acl in your home directory.
Set the permissions on the ACL file:
Ensure that the ACL file is readable by only the owner, and add community strings as needed.

SNMP Monitoring and Management Properties

You can set SNMP monitoring and management properties in a configuration file or on the command line. Properties specified on the command line override properties in a configuration file. The default location for the configuration file is JRE_HOME/lib/management/management.properties. The Java VM reads this file if the command-line property com.sun.management.snmp.port is set.

You can specify a different location for the configuration file with the following command-line option:

com.sun.management.config.file=ConfigFilePath

In the preceding property, ConfigFilePath is the path to the configuration file.

You must specify all system properties when you start the Java VM. After the Java VM has started, any changes to system properties (for example, using the setProperty method), to the password file, to the ACL file, or to the configuration file will have no effect.

Table 5-1 describes all the SNMP management properties.

Table 5-1 SNMP Monitoring and Management Properties

Property Name	Description	Default
`com.sun.management.snmp.trap`	Remote port to which the SNMP agent sends traps.	162
`com.sun.management.snmp. interface`	Optional. The local host `InetAddress,` to force the SNMP agent to bind to the given `InetAddress`. This is for multihome hosts if one wants to listen to a specific subnet only.	Not applicable
`com.sun.management.snmp.acl`	The enabling or disabling of SNMP ACL checks.	`true`
`com.sun.management.snmp. acl.file`	Path to a valid ACL file. After the Java VM has started, modifying the ACL file has no effect.	`JRE_HOME/lib/management/snmp.acl`

Configuration Errors

If any errors occur during the startup of the SNMP agent, then the Java VM will throw an exception and exit. Configuration errors include the following:

Failure to bind to the port number.
The password file is readable by anyone other than the owner.
Invalid SNMP ACL file.

If your application runs a security manager, then additional permissions are required in the security permissions file.