Enabling SNMP Support for the eG Manager's JRE
Instead of JMX, you can configure the eG agent to report JVM-related metrics using SNMP-based access to the Java runtime MIB statistics.
In some environments, SNMP access might have to be authenticated by an ACL (Access Control List), and in some other cases, it might not require an ACL.
If SNMP access does not require ACL authentication, then follow the steps below to enable SNMP support:
- Login to the eG manager host.
- Ensure that the SNMP service and the SNMP Trap Service are running on the host.
- Next, edit the management.properties file in the <EG_INSTALL_DIR>\manager folder (on Windows; on Unix, this will be /opt/egurkha/manager) of the eG manager.
-
In the management.properties file, you will find a 'For SNMP Settings' block that is 'commented' by default.
################### For SNMP Settings #####################
#
#com.sun.management.snmp.port=<port-number>
#com.sun.management.snmp.acl=false
#com.sun.management.snmp.acl.file=filepath
#com.sun.management.snmp.interface=localhost
#
###########################################################
-
Uncomment the contents of this block as indicated below:
################### For SNMP Settings #####################
com.sun.management.snmp.port=<port-number>
com.sun.management.snmp.acl=false
com.sun.management.snmp.acl.file=filepath
com.sun.management.snmp.interface=localhost
###########################################################
-
Against the com.sun.management.snmp.port parameter in the 'uncommented' block, enter the SNMP Port of the eG manager.
For instance, if the SNMP port is 1166, then the first line of the above specification will be:
com.sun.management.snmp.port=1166
-
Next, set the com.sun.management.snmp.interface parameter to the IP address of the host from which the eG manager's JRE will accept SNMP requests. By default, it is set to localhost, indicating that the eG manager's JRE will accept SNMP requests from the eG manager's host only. To ensure that the JRE services only those SNMP requests that are received from the eG agent, set this parameter to the IP address of the agent host. For instance, if the eG agent that monitors the eG manager is executing on 192.168.10.152, then the com.sun.management.snmp.interface specification will be:
com.sun.management.snmp.interface=192.168.10.152
-
Next, edit the start-up script of the eG manager, include the following line it, and save the script file.
-Dcom.sun.management.config.file=<management.properties_file_path>
For instance, on a Windows host, the <management.properties_file_path> can be expressed as: D:\eGurkha\manager.
On other hand, on a Unix/Linux/Solaris host, a sample <management.properties_file_path> specification will be as follows: /opt/egurkha/manager
On the contrary, if SNMP access requires ACL authentication, then follow the steps below to enable SNMP support for the JRE:
- Login to the eG manager host. If the eG manager is executing on a Windows host, login as a local/domain administrator.
- Ensure that the SNMP service and SNMP Trap Service are running on the host.
- Copy the snmp.acl.template file in the <JAVA_HOME>\jre\lib\management folder to another location on the local host. Rename the snmap.acl.template file as snmp.acl, and copy the snmp.acl file back to the <JAVA_HOME>\jre\lib\management folder.
-
Next, edit the snmp.acl file, and set rules for SNMP access in the file.
Figure 1 : The snmp.acl file
-
For that, first scroll down the file to view the sample code block revealed by Figure 2.
-
Uncomment the code block by removing the # symbol preceding each line of the block as indicated by Figure 3.
- Next, edit the code block to suit your environment.
-
The acl block expects the following parameters:
- communities : Provide a comma-separated list of community strings, which an SNMP request should carry for it to be serviced by this JRE; in the example illustrated by Figure 17, the community strings recognized by this JRE are public and private. You can add more to this list, or remove a community string from this list, if need be.
- access : Indicate the access rights that SNMP requests containing the defined communities will have; in Figure 3, SNMP requests containing the community string public or private, will have only read-only access to the MIB statistics. To grant full access, you can specify read-write instead.
- managers : Specify a comma-separated list of SNMP managers or hosts from which SNMP requests will be accepted by this JRE; in the example illustrated by Figure 3, all SNMP requests from the localhost will be serviced by this JRE. Typically, since the SNMP requests originate from an eG agent, the IP of the eG agent should be configured against the managers parameter. For instance, if the IP address of the agent host is 192.16.10.160, then, to ensure that the JRE accepts requests from the eG agent alone, set managers to 192.168.10.160, instead of localhost.
-
Every acl block in the snmp.acl file should have a corresponding trap block. This trap block should be configured with the following values:
- trap-community: Provide a comma-separated list of community strings that can be used by SNMP traps sent by the eG manager to the managers specified in the acl block. In the example of Figure 3, all SNMP traps sent by the eG manager being monitored should use the community string public only.
- hosts: Specify a comma-separated list of IP addresses / host names of hosts from which SNMP traps can be sent. In the case of Figure 3, traps can be sent by the localhost only. If a single snmp.acl file is being centrally used by multiple applications/devices executing on multiple hosts, then to ensure that all such applications are able to send traps to the configured SNMP managers (in the acl block), you can provide the IP address/hostname of these applications as a comma-separated list against hosts.
-
Figure 4 depicts how the acl and trap blocks can be slightly changed to suit the monitoring needs of an application.
-
Then, proceed to make the snmp.acl file secure by granting a single user “full access” to that file. For monitoring an eG manager executing on Windows in particular, only the Owner of the snmp,.acl file should have full control of that file. To know how to grant this privilege to the Owner of a file, refer to the Monitoring Java Applications document. This section actually details the procedure for making the jmxremote.password file on Windows, secure. Use the same procedure for making the snmp.acl file on Windows secure, but make sure that you select the snmp.acl file and not the jmxremote.password file.
In case of an eG manager executing on Solaris / Linux hosts on the other hand, any user can be granted full access to the snmp.acl file, by following the steps below:
- Login to the eG manager host as the user who is to be granted full control of the snmp.acl file.
-
Issue the following command:
chmod 600 snmp.acl
- This will automatically grant the login user full access to the jmxremote.password file.
- Next, edit the management.properties file in the <EG_INSTALL_DIR>\manager folder (on Windows; on Unix, this will be: /opt/egurkha/manager).
-
Uncomment the 'For SNMP Settings' block therein as indicated below:
################### For SNMP Settings #####################
com.sun.management.snmp.port=<port-number>
com.sun.management.snmp.acl=false
com.sun.management.snmp.acl.file=filepath
com.sun.management.snmp.interface=localhost
###########################################################
-
Set the com.sun.management.snmp.port parameter in the block to the SNMP port of the eG manager. Then, set the com.sun.management.snmp.acl parameter to true (default: false). Next, against the com.sun.management.snmp.acl.file parameter, specify the full path to the snmp.acl file on the eG manager. Finally, provide the IP address of the host from which the eG manager's JRE should accept SNMP requests, against the com.sun.management.snmp.interface parameter. If this is set to, 0.0.0.0, then it indicates that the JRE will accept SNMP requests from any host in the environment. To ensure that the JRE services only those SNMP requests that are received from the eG agent, set the com.sun.management.snmp.interface parameter to the IP address of the agent host.
For example, if the eG manager being monitored listens for SNMP requests at port number 1166, the eG agent monitoring the eG manager is deployed on 192.168.10.152,and these SNMP requests need to be authenticated using the snmp.acl file in the D:\bea\jrockit_150_11\jre\lib directory, then the above specification will read as follows:
com.sun.management.snmp.port=1166
com.sun.management.snmp.acl=true com.sun.management.snmp.acl.file=D:\\bea\\jrockit_150_11\\jre\\lib\\management\\snmp.acl
com.sun.management.snmp.interface=192.168.10.152
However, if the eG manager being monitored is executing on a Unix/Solaris/Linux host, and the snmp.acl file is in the /usr/jdk1.5.0_05/jre/lib/management folder of the host, then the com.sun.management.snmp.acl.file parameter will be set to:
com.sun.management.snmp.acl.file =/usr/jdk1.5.0_05/jre/lib/management/snmp.acl
-
Next, edit the start-up script of the eG manager, include the following line in it, and save the script file.
-Dcom.sun.management.config.file=<management.properties_file_path>
For instance, on a Windows host, the <management.properties_file_path> can be expressed as: D:\eGurkha\manager.
On other hand, on a Unix/Linux/Solaris host, the <management.properties_file_path> specification will be as follows: /opt/egurkha/manager.