我正在使用工具described here对Java应用程序进行SNMP监视。
ACL模板的格式部分描述了access和managers选项的含义:
##############################################################
# Format of the acl group
##############################################################
#
# communities: a list of SNMP community strings to which the
# access control applies separated by commas.
#
# access: either "read-only" or "read-write".
#
# managers: a list of hosts to be granted the access rights.
# Each can be expressed as any one of the following:
# - hostname: hubble
# - ip v4 and v6 addresses: 123.456.789.12 , fe80::a00:20ff:fe9b:ea82
# - ip v4 and v6 netmask prefix notation: 123.456.789.0/24,
# fe80::a00:20ff:fe9b:ea82/64
# see RFC 2373 (http://www.ietf.org/rfc/rfc2373.txt)
#
# An example of two community groups for multiple hosts:
# acl = {
# {
# communities = public, private
# access = read-only
# managers = hubble, snowbell, nanak
# }
# {
# communities = jerry
# access = read-write
# managers = hubble, telescope
# }
# }
如果授予管理员
access = read-write,该管理员可以在正在运行的JVM中实际写或更改什么?写访问权限是否允许管理器执行触发GC或堆转储之类的操作?
最佳答案
使用JVM SNMP写访问没有什么可以做的,但是可以调用GC。
要查找可以通过SNMP修改的JVM中的所有内容,可以遍历属于JDK built-in SNMP server的所有Jvm*Meta类,并查找非平凡的SnmpValue设置器:
public SnmpValue set(SnmpValue x, long var, Object data)
这是JDK 8u121中带有相应JMX方法的所有可写OID的列表:
ClassLoadingMXBean.setVerbose(1.3.6.1.4.1.42.2.145.3.163.1.1.1.4)
MemoryMXBean.setVerbose(1.3.6.1.4.1.42.2.145.3.163.1.1.2.2)MemoryMXBean.gc(1.3.6.1.4.1.42.2.145.3.163.1.1.2.3)MemoryPoolMXBean.setCollectionUsageThreshold(1.3.6.1.4.1.42.2.145.3.163.1.1.2.110.1.131)MemoryPoolMXBean.setUsageThreshold(1.3.6.1.4.1.42.2.145.3.163.1.1.2.110.1.110)MemoryPoolMXBean.resetPeakUsage(1.3.6.1.4.1.42.2.145.3.163.1.1.2.110.1.5)ThreadMXBean.setThreadContentionMonitoringEnabled(1.3.6.1.4.1.42.2.145.3.163.1.1.3.5)ThreadMXBean.setThreadCpuTimeEnabled(1.3.6.1.4.1.42.2.145.3.163.1.1.3.6)ThreadMXBean.resetPeakThreadCount(1.3.6.1.4.1.42.2.145.3.163.1.1.3.7)