SNMP Monitoring and Management

The Simple Network Management Protocol (SNMP) is an industry standard for network management. Objects managed by SNMP are arranged in management information bases (MIBs). The SNMP agent publishes the standard MIB for the Java virtual machine (Java VM) instrumentation. The file JVM-MANAGEMENT-MIB.mib is the standard MIB for monitoring and management of the Java VM.

Enabling the SNMP Agent

To monitor a Java VM with SNMP you must first enable an SNMP agent when you start the Java VM. You can enable the SNMP agent for either a single-user environment or a multiple-user environment. Then, you can monitor the Java VM with an SNMP-compliant tool.

For general information on setting system properties when you start the Java VM, see Setting System Properties in Chapter 2, Monitoring and Management Using JMX Technology. How to enable the SNMP agent in single and multiple-user environments is described below. The process is the same for both environments, but the actions performed are slightly different.

Access Control List File

An Access Control List (ACL) template file is provided with the Java Platform, Standard Edition (Java SE platform) in JRE_HOME/lib/management/snmp.acl.template, where JRE_HOME is the directory in which the Java Runtime Environment (JRE) implementation is installed. You will copy this file to either JRE_HOME/lib/management/snmp.acl or to your home directory, depending on whether you are operating in a single or a multiple-user environment. Ensure that only you have read permissions, since the file contains non-encrypted SNMP community strings. For security reasons, the system checks that only the owner has read permissions on the file and exits with an error if this is not the case. Thus, in a multiple-user environment, you should put this file in private location, such as your home directory.

Example 5-1 shows some possible entries in an ACL file.

#The communities public and private are allowed access from the local host.
acl = {
        {
          communities = public, private
          access = read-only
          managers = localhost
        }
      }
# Traps are sent to localhost only
trap = {
          {
            trap-community = public
            hosts = localhost
          }
        }

To Enable the SNMP Agent in a Single-user Environment

1. Set the following system property when you start the Java VM.

   com.sun.management.snmp.port=portNum
   

   In the property above, portNum is the port number to use for monitoring. Setting this property starts an SNMP agent that listens on the specified port number for incoming SNMP requests.

2. Create an ACL File.

   Copy the ACL template file from JRE_HOME/lib/management/snmp.acl.template to JRE_HOME/lib/management/snmp.acl.

3. Set the permissions on the ACL file.

   Make sure the ACL file is readable by only the owner, and add community strings as needed.

To Enable the SNMP Agent in a Multiple-user Environment

1. Set the following system properties when you start the Java VM.

   com.sun.management.snmp.port=portNum
   com.sun.management.snmp.acl.file=ACLFilePath
   

   Where ACLFilePath is the path to the ACL file.

2. Create an ACL File.

   Copy the ACL template file from JRE_HOME/lib/management/snmp.acl.template to a file named snmp.acl in your home directory.

3. Set the permissions on the ACL file.

   Make sure the ACL file is readable by only the owner, and add community strings as needed.

SNMP Monitoring and Management Properties

You can set SNMP monitoring and management properties in a configuration file or on the command line. Properties specified on the command line override properties in a configuration file. The default location for the configuration file is JRE_HOME/lib/management/management.properties. The Java VM reads this file if the command-line property com.sun.management.snmp.port is set.

You can specify a different location for the configuration file with the following command-line option.

com.sun.management.config.file=ConfigFilePath

In the property above, ConfigFilePath is the path to the configuration file.

You must specify all system properties when you start the Java VM. After the Java VM has started, any changes to system properties (for example, via the setProperty method), to the password file, to the ACL file, or to the configuration file will have no effect.

Table 5-1 describes all the SNMP management properties.

Table 5-1 SNMP monitoring and management Properties

Configuration Errors

If any errors occur during start up of the SNMP agent, the Java VM will throw an exception and exit. Configuration errors include the following.

• Failure to bind to the port number.

• The password file is readable by anyone other than the owner.

• Invalid SNMP ACL file.

If your application runs a security manager, then additional permissions are required in the security permissions file.