SNMP Monitoring and Management

Simple Network Management Protocol (SNMP) is an industry standard for network management. Objects managed by SNMP are arranged in management information bases (MIBs). The SNMP agent publishes the standard MIB for the Java virtual machine instrumentation.

Enabling the SNMP Agent

To monitor a Java virtual machine (JVM) with SNMP:

  1. Enable a SNMP agent when you start the JVM. You can enable the SNMP agent for:
  2. Monitor the JVM with an SNMP-compliant tool.

For general information on setting system properties when you start the JVM, see Setting System Properties.

Single-user Environment

To enable the SNMP agent for a single user environment, set this system property when you start the JVM:

com.sun.management.snmp.port=portNum

where portNum is the port number to use for monitoring.  Setting this property starts an SNMP agent that listens on the specified port number for incoming SNMP requests.

Copy the ACL template file in JRE_HOME/lib/management/snmp.acl.template to JRE_HOME/lib/management/snmp.acl, make it readable and writeable by only the owner, and add community strings as needed.

Multi-user environment

To enable the SNMP agent for a multi-user installation of the JRE, set the following system properties when you start the JVM:

com.sun.management.snmp.port=portNum
com.sun.management.snmp.acl.file=ACLFilePath

where portNum is the port number to use for monitoring, and ACLFilePath is the path to the ACL file.

Copy the ACL template file from JRE_HOME/lib/management/snmp.acl.template to a file named snmp.acl in your home directory, make it readable and writeable by only the owner, and add community strings as needed.

Access Control List File 

An Access Control List (ACL) template file is provided at JRE_HOME/lib/management/snmp.acl.template. Copy this file to JRE_HOME/lib/management/snmp.acl or to your home directory. Ensure that only you have read and write permissions, since the file contains unencrypted SNMP community strings.  For security reasons, the system checks that only the owner has read and write permissions on the file and exits with an error if not. Thus, in a multi-user environment, put this file in private location such as your home directory.

Sample ACL entries:

#The communities public and private are allowed access from the local host.
acl = {
{
communities = public, private
access = read-only
managers = localhost
}
}
# Traps are sent to localhost only
trap = {
{
trap-community = public
hosts = localhost
}
}

SNMP Monitoring and Management Properties

You can set monitoring and management properties in a configuration file or on the command line. Properties specified on the command line override properties in a configuration file. The default location for the configuration file is JRE_HOME/lib/management/management.properties, where JRE_HOME is the directory where the JDK is installed. The JVM reads this file if the command-line property com.sun.management.snmp.port is set. JMX management uses the same configuration file.

You can specify a different location for the configuration file with the command-line option:

com.sun.management.config.file=ConfigFilePath

where ConfigFilePath is the path to the configuration file.

You must specify all system properties when you start the JVM. After the JVM has started, changes to system properties (for example, via setProperty method), to the password file, ACL file, or configuration file have no effect.

The following table describes all the SNMP management properties.

SNMP Management and Monitoring Properties
Property Name Description Default
com.sun.management.snmp.
trap
Remote port to which the SNMP agent sends traps. 162
com.sun.management.snmp.
interface
Optional. The local host InetAddress, to force the SNMP agent to bind to the given InetAddress. This is for multi-home hosts if one wants to listen to a specific subnet only. N/A
com.sun.management.snmp.
acl.file
Path to a valid ACL file. After the JVM has started, modifying the ACL file has no effect. JRE_HOME/lib/management/snmp.acl

Configuration Errors

If any errors occur during start up of the the SNMP agent, the JVM will throw an exception and exit. Configuration errors include:

If your application runs a security manager, then additional permissions are required in the security permissions file.