The Simple Network Management Protocol (SNMP) is an industry standard for network management. Objects managed by SNMP are arranged in management information bases (MIBs). The SNMP agent publishes the standard MIB for the Java virtual machine (Java VM) instrumentation. The file JVM-MANAGEMENT-MIB.mib is the standard MIB for monitoring and management of the Java VM.
To monitor a Java VM with SNMP, you must first enable an SNMP agent when you start the Java VM. You can enable the SNMP agent for either a single-user environment or a multiple-user environment. Then, you can monitor the Java VM with an SNMP-compliant tool.
For general information on setting system properties when you start the Java VM, see Setting System Properties. How to enable the SNMP agent in single-user and multiple-user environments is described in the following sections. The process is the same for both environments, but the actions performed are slightly different.
An access control list (ACL) template file is provided with the Java Platform, Standard Edition (Java SE platform) in JRE_HOME/lib/management/snmp.acl.template
, where JRE_HOME
is the directory in which the Java Runtime Environment (JRE) implementation is installed. Copy this file to either JRE_HOME/lib/management/snmp.acl
or to your home directory, depending on whether you are operating in a single-user or multiple-user environment. Ensure that only you have read permissions, because the file contains nonencrypted SNMP community strings. For security reasons, the system checks that only the owner has read permissions on the file and exits with an error if this is not the case. Thus, in a multiple-user environment, you should put this file in private location, such as your home directory.
Example 5-1 shows some possible entries in an ACL file.
Example 5-1 Sample ACL Entries
#The communities public and private are allowed access from the local host. acl = { { communities = public, private access = read-only managers = localhost } } # Traps are sent to localhost only trap = { { trap-community = public hosts = localhost } }
com.sun.management.snmp.port=portNum
The portNum
is the port number to use for monitoring. Setting this property starts an SNMP agent that listens on the specified port number for incoming SNMP requests.
Copy the ACL template file from JRE_HOME/lib/management/snmp.acl.template
to JRE_HOME/lib/management/snmp.acl
.
Ensure that the ACL file is readable by only the owner and add community strings as needed.
com.sun.management.snmp.port=portNum com.sun.management.snmp.acl.file=ACLFilePath
The ACLFilePath
is the path to the ACL file.
Copy the ACL template file from JRE_HOME/lib/management/snmp.acl.template
to a file named snmp.acl
in your home directory.
Ensure that the ACL file is readable by only the owner, and add community strings as needed.
You can set SNMP monitoring and management properties in a configuration file or on the command line. Properties specified on the command line override properties in a configuration file. The default location for the configuration file is JRE_HOME/lib/management/management.properties
. The Java VM reads this file if the command-line property com.sun.management.snmp.port
is set.
You can specify a different location for the configuration file with the following command-line option:
com.sun.management.config.file=ConfigFilePath
In the preceding property, ConfigFilePath
is the path to the configuration file.
You must specify all system properties when you start the Java VM. After the Java VM has started, any changes to system properties (for example, using the setProperty
method), to the password file, to the ACL file, or to the configuration file will have no effect.
Table 5-1 describes all the SNMP management properties.
Table 5-1 SNMP Monitoring and Management Properties
Property Name | Description | Default |
---|---|---|
|
Remote port to which the SNMP agent sends traps. |
162 |
|
Optional. The local host |
Not applicable |
|
The enabling or disabling of SNMP ACL checks. |
|
|
Path to a valid ACL file. After the Java VM has started, modifying the ACL file has no effect. |
|
If any errors occur during the startup of the SNMP agent, then the Java VM will throw an exception and exit. Configuration errors include the following:
Failure to bind to the port number.
The password file is readable by anyone other than the owner.
Invalid SNMP ACL file.
If your application runs a security manager, then additional permissions are required in the security permissions file.