|
Architecture - JVM Plugin
FriendlySNMP JVM management and monitoring
JVM plugin is an optional FriendlySNMP agent plugin.
It is loaded if the following parameter is present in
configuration:
snmp.plugin.jvm=org.friendlysnmp.plugin.jvm.PluginJVM
|
The plugin provides access to various JVM data declared in the
JVM-MANAGEMENT-MIB.
This MIB has minor modification made by Frank Fock.
The original JVM Management MIB is available
here.
The plugin's code is a trivial bulky routine code to access JVM MBeans
and map their values to scalars and tables declared in JVM-MANAGEMENT-MIB.
The following MBeans are used:
java.lang.management.ClassLoadingMXBeanjava.lang.management.CompilationMXBeanjava.lang.management.GarbageCollectorMXBeanjava.lang.management.MemoryMXBeanjava.lang.management.MemoryManagerMXBeanjava.lang.management.MemoryPoolMXBeanjava.lang.management.OperatingSystemMXBeanjava.lang.management.RuntimeMXBeanjava.lang.management.ThreadMXBean
Built-in SNMP JVM management and monitoring
The JVM has built-in SNMP agent which could be accessed directly.
It's discussed
here.
The following arguments should be specified in the command line
to initialize JVM built-in SNMP agent (ports could be any):
-Dcom.sun.management.snmp.port=161
-Dcom.sun.management.snmp.trap=162
|
The JVM reads Access Control List file at startup.
See details how to prepare this file below.
ACL file preparation
ACL file must be located at
JRE_HOME/lib/management/snmp.acl
and prepared in advance.
You could use file
JRE_HOME/lib/management/snmp.acl.template as a template.
Add the following lines at the end of the template file for the testing on localhost:
acl = {
{
communities = public, private
access = read-write
managers = localhost
}
}
trap = {
{
trap-community = public
hosts = localhost
}
}
|
ACL file troubleshooting
Error: SNMP ACL file not found: C:\\lib\management\snmp.acl
Create missing JRE_HOME/lib/management/snmp.acl file.
Error: Password file read access must be restricted: C:\\lib\management\snmp.acl
ACL file must be readable only by owner.
It’s OK to allow read/write to the acl-file on WinXP with a single owner.
Use command: "cacls filename /P username:R" to secure a file.
See discussion how to use this command
here.
The same result could be achieved by changing properties of this file (on WinXP):
- Open
snmp.acl file properties.
- Go to the tab Security.
- Click button Advanced.
- Go to the tab Permissions and uncheck inherit with copy from parent.
- Go to the tab Permissions and remove all users, except a single one with current login.
- Go to the tab Owner and select current owner.
- Click button Apply.
Which one to use?
Both FriendlySNMP and Sun's built-in JVM management and monitoring
has pros and cons.
FriendlySNMP JVM management and monitoring plugin should be preferred
if FriendlySNMP agent is created and initialized in the application.
This JVM plugin requires minimal additional memory and
does not require ports allocation.
Sun's SNMP JVM management and monitoring should be preferred if
the application does not have FriendlySNMP agent.
|
