Installing and configuring the IBM WebSphere SNMP Capability

You must first install and configure the IBM® WebSphere® Simple Network Management Protocol (SNMP) Capability on IBM WebSphere Application Server to enable the collection of performance metrics.

Before you begin

Before you install the IBM WebSphere SNMP Capability, confirm that the WebSphere Application Server Version is 8.5 or later and is installed with a stand-alone thin client.

About this task

The IBM WebSphere Snmp Agent files are located in the <WAS_HOME>/optionalLibraries/IBM/SNMPAgent directory:

The IBM WebSphere Snmp Agent must be created as a generic server using the provided template configuration archive file, which is <WAS_HOME>/optionalLibraries/IBM/SNMPAgent/templateSnmpAgentServer.car.

To install the IBM WebSphere Snmp Agent, perform the following steps:

Procedure

Start the deployment manager server on all nodes.
Start wsadmin with -lang jacl to connect to the deployment manager server.
Create the WebSphere WAS_NODE_NAME variable at node scope, with node name as the value:
```
$AdminTask setVariable {-scope Cell=<cell name>,Node=<node name> -variableName WAS_NODE_NAME -variableValue <node name> }
```
where <nodename> is the name of the node in which the IBM WebSphere Snmp Agent generic server is to be created.
Create the IBM WebSphere Snmp Agent as a generic server using the provided template configuration archive:
```
$AdminTask importServer {-archive <washome>/optionalLibraries/IBM/SNMPAgent/config/templates
/templateSnmpAgentServer.car -nodeName <node name> -serverName SnmpAgent }
```
where <washome> is the complete installation path of WebSphere Application Server, and <nodename> is the name of the node to which the IBM WebSphere Snmp Agent is to be created.
Save the configuration.
```
$AdminConfig save
```

What to do next

One or more IBM WebSphere Snmp agents can be created as generic servers connecting to different application servers and administration servers, such as deployment manager, NodeAgent and AdminAgent.

Configure the IBM WebSphere Snmp Agent by modifying three xml files: agentConfig.xml, jmxConfig.xml and trapConfig.xml. These xml files are located in the WebSphere configuration repository under the cells/<tcell name>;/nodes/<tnode name>/servers/<server name> directory.

In a network deployment environment, configure these three xml files under the deployment manager profile that contains the master configuration.

Before you configure the three xml files, you must first enable Performance Monitoring Infrastructure (PMI) monitoring from the administrative console on the required server.

To configure the three xml files for the IBM WebSphere Snmp Agent, perform the following steps:

In your file explorer or command line go to the following directory <WAS_INSTALL_ROOT>/WebSphere/AppServer/profiles/<Dmgr profile name>/config/cells/<cellname>/nodes/<nodename>/servers/<Snmp Agent server name>.
When the previous wsadmin command runs successfully there should be the agentConfig.xml, jmxConfig.xml, and trapConfig.xml files.

Modify the agentConfig.xml file.

Make a backup of the agentConfig.xml file.

Open and edit the agentConfig.xml file. This file configures the hostname, port and community on which the IBM WebSphere Snmp Agent runs. You should only edit the registryPort, ipAddress and authMode attributes.

Modifying any other attribute can result in unexpected behavior.

<!--An agentConfig.xml Example -->
<?xml version="1.0" encoding="UTF-8"?><agentConfig agents="WsSNMP" name="WsSNMPAGENT" registryPort="1135">
    <metadata mibs="nh-smi.smi,rfc1213-mib.mib,rmon-mib.mib,snmpv2-tc.mib,tokenring-rmon-mib.mib,websphere-mib.mib,rmon2-mib.mib" mibsFolder="properties/mibs"/>
  
    <WsSNMP Behaviors="getScalars,getCollection,getControl,getCounter,getData,getTrapDestinations" ipAddress="localhost" jmxConfigFile="jmxConfig.xml" snmpPort="10162" views="V1" authMode="MD5" password="your_username" user="your_password" >
  		<V1 communityNames="public" jmacfgFiles="oid.out" trapConfig="trapConfig.xml"/>
        
  		<getScalars class="com.ibm.ws.pmi.snmp.behaviors.GetScalarsBehavior" oid="1.3.6.1.4.1.1977.22.10.1.0"/>
  		
  		<getCollection class="com.ibm.ws.pmi.snmp.behaviors.GetCollectionBehavior" oid="1.3.6.1.4.1.1977.22.10.10.1.2"/>
  		
  		<getControl class="com.ibm.ws.pmi.snmp.behaviors.GetControlBehavior" oid="1.3.6.1.4.1.1977.22.10.11.1.2"/>
  		
		<getCounter class="com.ibm.ws.pmi.snmp.behaviors.GetCounterBehavior" oid="1.3.6.1.4.1.1977.22.10.12.1.2"/>
        
        <getData class="com.ibm.ws.pmi.snmp.behaviors.GetDataBehavior" oid="1.3.6.1.4.1.1977.22.10.13.1.1"/>
        
        <getTrapDestinations class="com.ibm.ws.pmi.snmp.behaviors.TrapDestinationBehavior" oid="1.3.6.1.2.1.16.19.13.1.2"/>  			  			
    </WsSNMP>  
   </agentConfig>

Table 1. Attributes in the agentConfig.xml file
Attribute Name	Description
registryPort	The port number to register the bootstrap agent with the Java™ RMI service registry. This attribute is present in the <agentConfig> tag. Specify a port number higher than 1024 to avoid using reserved ports.
ipAddress	The address of the host on which the IBM WebSphere Snmp Agent runs. The same value should be set in SNMP monitoring software to communicate with the IBM WebSphere Snmp Agent. This attribute is present in the <agentConfig> tag. Specify the fully qualified hostname/IP address instead of the default value: `localhost`.
snmpPort	The port number on which the WebSphere Snmp Agent listens for the Snmp packets. The same value should be set in SNMP monitoring software to communicate with the IBM WebSphere Snmp Agent. This attribute is present in the <agentConfig> tag.
user	The name of the user authorized to connect to the IBM WebSphere Snmp Agent. The same value should be set in SNMP monitoring software to communicate with the IBM WebSphere Snmp Agent. This attribute is present in the <agent> tag. "user" and "password" are the user/password credentials used for the SNMP monitor that is to connect to the SNMP Agent. These credentials are not the WebSphere Application Server credentials used to log in to the administrative console.
authMode	The authentication mode used for communicating with the IBM WebSphere Snmp Agent. The same value should be set in SNMP monitoring software to communicate with the IBM WebSphere Snmp Agent. This attribute is present in the <agent> tag.
password	The password of the authorized user defined in the ‘user’ attribute. The same value should be set in SNMP monitoring software to communicate with the IBM WebSphere Snmp Agent. This attribute is present in the <agent> tag.

The privacy mode of SNMP Version 3 is not supported in the current release of the IBM WebSphere Snmp Agent.

Modify the jmxConfig.xml file.

Make a backup of the jmxConfig.xml file.

Open the jmxConfig.xml file and modify it for your needs.

This configuration file contains information about the Mbean server from which the PMI data must be collected. You must set all of the attributes that are specified in this file.

All nodes and attributes, except those under <Mbean>, are static (that is, they can be configured only before starting the IBM WebSphere Snmp Agent). However, the nodes and attributes under <Mbean> can be modified even when the IBM WebSphere Snmp Agent is running.

In the following table, the only attributes that can be configured when security is enabled are: Security, User, Password, connectorSOAPconfig/connectorRMIconfig, sslRMIConfig, trustStore, tsPassword, keyStore and ksPassword.

Table 2. Attributes in the jmxConfig.xml file
Attribute name	Description
connectorType	You can only specify the following values as the connector type: SOAP RMI Specify the SOAPmbeanServer attribute if you are using the connector type SOAP and the RMIm-beanServer attribute if you are using connector type RMI. If you specify any other value, IBM WebSphere Snmp Agent uses SOAP by default.
Security	Specifies whether WebSphere Application Server security is enabled. You can only specify the following values: To enable security, set the value to `yes` or `y`. To disable security, set the value to `no` or `n`. If you specify any other value, IBM WebSphere Snmp Agent uses `no` by default.
Address	Specifies the Hostname or IPAddress of the WebSphere Application Server.
Port	Specifies the SOAP_CONNECTOR port for SOAP connection and the BOOTSTRAP for RMI connection.
sampleInterval	Specifies the interval (number of seconds) in which the WebSphere Snmp Agent should retrieve PMI data. This value should be at least 60.
User	If you have enabled the security attribute, set the username required to log in to the administrative console.
Password	If you have enabled the security attribute, set the password required to log in to the administrative console.
connectorSOAPconfig/connectorRMIconfig	If security is enabled, and the username or password (or both) are not specified, the WebSphere Snmp Agent looks for the username and password in the file that this attribute points to. The files, soap.client.props and sas.client.props respectively, are present with the WebSphere Application Server installation, and are located in the </was_profile>/properties directory. Modify the value to point to the location on your system. If you are using RMI, set the value of the following properties in the sas.client.props file: com.ibm.CORBA.securityServerHost= When `validateBasicAuth=true`, this property can be set for the security code to lookup SecurityServer. Set this property for any running WebSphere Application Server host in the cell that you are authenticating to. com.ibm.CORBA.securityServerPort= When `validateBasicAuth=true`, this property canbe set for the security code to lookup SecurityServer. Set this property to the bootstrap port of the previously chosen host. com.ibm.CORBA.loginSource=properties com.ibm.CORBA.loginUserid= When the client is communication with multiple realms, the loginUserid must be set if login source is set to `properties`. Multiple values may be entered by using the `\|` separator. For example, `user1\|user2\|user3`. The number of entries must match the number of entries in the -loginPassword and -loginRealm entries. See loginRealm for more information. com.ibm.CORBA.loginPassword= When the client is communicating with multiple realms, loginPassword must be set if the if the login source is set to `properties`. Multiple values may be entered by using the `\|` separator. For example, `user1password\|user2password\|user3password`. The number of entries must match the number of entries in the -loginUserid and -loginRealm entries. See loginRealm for more information.
sslRMIConfig	If you choose the RMI connection, the SSL handshake is performed when this security attribute is enabled. You can use the default ssl.client.props file file, which is located in the </was_profile>/properties directory, or you can modify it according to the instructions contained in the file. For connectorRMIConfig and sslRMIConfig, the path name should be preceded by file. For example: `sslRMIConfig="file:/opt/IBM/Websphere/AppServer/profiles/Dmgr01/properties/ssl.client.props"`.
trustStore	Specifies the location of the truststore file on the host on which the WebSphere Snmp Agent is running. The SnmpAgent just accept the JKS format of a truststore file. There are default Dummy jks files available in every profile that can be used. The files are located in: <`WAS_INSTALL_ROOT`>\WebSphere\AppServer\profiles\<`profilename`>\etc. Another option is to use ikeyman tool to open an existing trust.p12 file (default password or such a file is "WebAS"). Once it is opened the same can be saved in JKS format.
tsPassword	Specifies the password required to access the truststore.
keyStore	Specifies the location of the keystore file on the host on which the WebSphere Snmp Agent is running. The SnmpAgent accepts the JKS format of a keystore file. There are default Dummy jks files available in every profile that can be used. The files are located in: <`WAS_INSTALL_ROOT`>\WebSphere\AppServer\profiles\<`profilename`>\etc The name is DummyServerKeyFile.jks. Another option is to use ikeyman tool to open an existing key.p12 file (default password or such a file is "WebAS"). Once it is opened the same can be saved in JKS format.
ksPassword	Specifies the password required to access the keystore.
Mbean	Specifies the Mbeans that must be monitored. This node can have any number of collection children nodes. Each collection node has three attributes: expression Any regular expression supported by Java, and is used to specify the pattern of Mbeans that must be monitored. counterMode Can be automatic or manual counter If counterMode is automatic, all of the counters of the matched Mbeans are monitored. If counterMode is manual, the counters attribute should have a comma-separated list of counters to be monitored for the matched Mbeans.

Example of a jmxConfig.xml file when using SOAP:

<?xml version="1.0" encoding="UTF-8"?>
<jmxConfig connectorType="SOAP" security="yes" serverTypes="SOAPmbeanServer">
<!-- port – SOAP_CONNECTOR port for SOAP connection and BOOTSTRAP for RMI connection  -->
<!--  If security is disabled, security-related attributes are not used. But it is recommended that
      if security is disabled, all security related attributes could either be “” or some random value, 
      but they should be present.  -->
<SOAPmbeanServer address="localhost" port="8920" user="your_username" password="your_password" connectorSOAPConfig="file:C:\IBM\WebSphere\AppServer\profiles\BatchNode1\properties\soap.client.props" keyStore="file:C:\IBM\WebSphere\AppServer\profiles\BatchNode1\config\cells\BatchCell\nodes\BatchNode1\key.jks" ksPassword="WebAS" trustStore="file:C:\IBM\WebSphere\AppServer\profiles\BatchNode1\config\cells\BatchCell\nodes\BatchNode1\trust.jks" tsPassword="WebAS" sampleInterval="60" >	
	  </SOAPmbeanServer>
	
	<mbean>
        <collection counterMode="automatic" counters="" expression=".*"/>
	</mbean>
	
</jmxConfig>

Modify the trapConfig.xml file.
1. Make a backup of the trapConfig.xml file.
2. Edit and modify the trapConfig.xml file. This file contains the list of trap listeners. Multiple listeners might listen for SNMP trap messages. An administrator can add multiple trap destinations in the trapConfig.xml file in the following format:
```
<?xml version="1.0" encoding="UTF-8"?><tns:TrapDestinations xmlns:tns="https://www.ibm.com/schema/WsT/SNMPSchema/TRAPConfig/" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://www.ibm.com/schema/WsT/SNMPSchema/TRAPConfig/TrapConfig.xsd ">
    <TrapDestination community="public" index="1" name="${Explorer}" protocol="1" status="1" version="2">
        <HostName>localhost</HostName>
        <Port>8920</Port>
    </TrapDestination>
</tns:TrapDestinations>
```
  Where:
  Community
  
  The community name to which this entry belongs
  
  Protocol
  The protocol to be used:
  - 1 – for ip (default)
  - 2 – for ipx
  Version
  
  SNMP version to use when generating the trap
  
  Index
  
  The unique integer index ID. It is ignored if multiple trap destinations have the same index value.
  
  Status
  Status of the table entry. It contains one of the following values:
  - 1 - active
  - 2 - notInService
  - 3 - notReady
  - 4 - createAndGo
  - 5 – createAndWait
  - 6 – destroy
  <TrapDestinations>
  
  Main root element of the trapConfig.xml
  
  <TrapDestination>
  
  Defines a trap destination listener
  
  <tHostName>
  
  The hostname or IP address of the listener
  
  <tPort>
  
  The port number where the listener is running
  
  <Status>
  
  Used to enable or disable specific notifications
Synchronize the configuration changes with all Nodes (Do a full resynchronize to ensure that all configuration files are synchronized with all nodes).
Start the SNMPAgent server. In the integrated solutions console (admin console), the server should be listed at: Servers > All servers
You must enable security for the IBM WebSphere Snmp Agent to connect to a security-enabled WebSphere Application Server environment. Read the topic Enabling security for the IBM WebSphere SNMP Capability for more information.
Snmp Agent Troubleshooting
1. Create a new empty SNMPTrace.properties file in any location on your machine, such as in Windows C:\temp\SNMPTrace.properties.
2. Add the following three line content in that file and save the changes:
  - traceFileName=stdout
  - com.ibm.ws.pmi.snmp.*=all=enabled
  - com.tivoli.snmp.*=all=enabled
  The trace-string can be appended by adding additional lines with other trace-strings. For every single component, a separate line is needed.
3. In the integrated solutions console (admin console) go to Servers > All servers.
4. click SNMPAgent serverNnme
5. In the Additional Properties, click Process definition .
6. In the configuration window in the Additional Properties section, click to Java Virtual Machine.
7. In Java Virtual Machine, add the following properties in Generic JVM arguments:
  - -DtraceSettingsFile=C:\temp\SNMPTrace.properties
  - -Djava.util.logging.manager=com.ibm.ws.bootstrap.WsLogManager
  - -Djava.util.logging.configureByServer=true
8. Save the changes to the master configuration and synchronize the changes with all nodes.
9. Restart the SNMPAgent server. Use the Terminate button to stop the SNMPAgent server, and then start it.