| 1 |
##################################################################### |
| 2 |
# Default Configuration File for Java Platform Management |
| 3 |
##################################################################### |
| 4 |
# |
| 5 |
# The Management Configuration file (in java.util.Properties format) |
| 6 |
# will be read if one of the following system properties is set: |
| 7 |
# -Dcom.sun.management.jmxremote.port=<port-number> |
| 8 |
# or -Dcom.sun.management.snmp.port=<port-number> |
| 9 |
# or -Dcom.sun.management.config.file=<this-file> |
| 10 |
# |
| 11 |
# The default Management Configuration file is: |
| 12 |
# |
| 13 |
# $JRE/lib/management/management.properties |
| 14 |
# |
| 15 |
# Another location for the Management Configuration File can be specified |
| 16 |
# by the following property on the Java command line: |
| 17 |
# |
| 18 |
# -Dcom.sun.management.config.file=<this-file> |
| 19 |
# |
| 20 |
# If -Dcom.sun.management.config.file=<this-file> is set, the port |
| 21 |
# number for the management agent can be specified in the config file |
| 22 |
# using the following lines: |
| 23 |
# |
| 24 |
# ################ Management Agent Port ######################### |
| 25 |
# |
| 26 |
# For setting the JMX RMI agent port use the following line |
| 27 |
# com.sun.management.jmxremote.port=<port-number> |
| 28 |
# |
| 29 |
# For setting the SNMP agent port use the following line |
| 30 |
# com.sun.management.snmp.port=<port-number> |
| 31 |
|
| 32 |
##################################################################### |
| 33 |
# Optional Instrumentation |
| 34 |
##################################################################### |
| 35 |
# |
| 36 |
# By default only the basic instrumentation with low overhead is on. |
| 37 |
# The following properties allow to selectively turn on optional |
| 38 |
# instrumentation which are off by default and may have some |
| 39 |
# additional overhead. |
| 40 |
# |
| 41 |
# com.sun.management.enableThreadContentionMonitoring |
| 42 |
# |
| 43 |
# This option enables thread contention monitoring if the |
| 44 |
# Java virtual machine supports such instrumentation. |
| 45 |
# Refer to the specification for the java.lang.management.ThreadMBean |
| 46 |
# interface - see isThreadContentionMonitoringSupported() method. |
| 47 |
# |
| 48 |
|
| 49 |
# To enable thread contention monitoring, uncomment the following line |
| 50 |
# com.sun.management.enableThreadContentionMonitoring |
| 51 |
|
| 52 |
##################################################################### |
| 53 |
# SNMP Management Properties |
| 54 |
##################################################################### |
| 55 |
# |
| 56 |
# If the system property -Dcom.sun.management.snmp.port=<port-number> |
| 57 |
# is set then |
| 58 |
# - The SNMP agent (with the Java virtual machine MIB) is started |
| 59 |
# that listens on the specified port for incoming SNMP requests. |
| 60 |
# - the following properties for read for SNMP management. |
| 61 |
# |
| 62 |
# The configuration can be specified only at startup time. |
| 63 |
# Later changes to the above system property (e.g. via setProperty method), this |
| 64 |
# config file, or the ACL file has no effect to the running SNMP agent. |
| 65 |
# |
| 66 |
|
| 67 |
# |
| 68 |
# ##################### SNMP Trap Port ######################### |
| 69 |
# |
| 70 |
# com.sun.management.snmp.trap=<trap-destination-port-number> |
| 71 |
# Specifies the remote port number at which managers are expected |
| 72 |
# to listen for trap. For each host defined in the ACL file, |
| 73 |
# the SNMP agent will send traps at <host>:<trap-destination-port-number> |
| 74 |
# Default for this property is 162. |
| 75 |
# |
| 76 |
|
| 77 |
# To set port for sending traps to a different port use the following line |
| 78 |
# com.sun.management.snmp.trap=<trap-destination-port-number> |
| 79 |
|
| 80 |
# |
| 81 |
# ################ SNMP listen interface ######################### |
| 82 |
# |
| 83 |
# com.sun.management.snmp.interface=<InetAddress> |
| 84 |
# Specifies the local interface on which the SNMP agent will bind. |
| 85 |
# This is useful when running on machines which have several |
| 86 |
# interfaces defined. It makes it possible to listen to a specific |
| 87 |
# subnet accessible through that interface. |
| 88 |
# Default for this property is "localhost". |
| 89 |
# |
| 90 |
# The format of the value for that property is any string accepted |
| 91 |
# by java.net.InetAddress.getByName(String). |
| 92 |
# |
| 93 |
|
| 94 |
# For restricting the port on which SNMP agent listens use the following line |
| 95 |
# com.sun.management.snmp.interface=<InetAddress> |
| 96 |
|
| 97 |
# |
| 98 |
# #################### SNMP ACL file ######################### |
| 99 |
# |
| 100 |
# com.sun.management.snmp.acl=true|false |
| 101 |
# Default for this property is true. (Case for true/false ignored) |
| 102 |
# If this property is specified as false then the ACL file |
| 103 |
# is not checked: all manager hosts are allowed all access. |
| 104 |
# |
| 105 |
|
| 106 |
# For SNMP without checking ACL file uncomment the following line |
| 107 |
# com.sun.management.snmp.acl=false |
| 108 |
|
| 109 |
# |
| 110 |
# com.sun.management.snmp.acl.file=filepath |
| 111 |
# Specifies location for ACL file |
| 112 |
# This is optional - default location is |
| 113 |
# $JRE/lib/management/snmp.acl |
| 114 |
# |
| 115 |
# If the property "com.sun.management.snmp.acl" is set to false, |
| 116 |
# then this property and the ACL file are ignored. |
| 117 |
# Otherwise the ACL file must exist and be in the valid format. |
| 118 |
# If the ACL file is empty or non existent then no access is allowed. |
| 119 |
# |
| 120 |
# The SNMP agent will read the ACL file at startup time. |
| 121 |
# Modification to the ACL file has no effect to any running SNMP |
| 122 |
# agents which read that ACL file at startup. |
| 123 |
# |
| 124 |
|
| 125 |
# For a non-default acl file location use the following line |
| 126 |
# com.sun.management.snmp.acl.file=filepath |
| 127 |
|
| 128 |
##################################################################### |
| 129 |
# RMI Management Properties |
| 130 |
##################################################################### |
| 131 |
# |
| 132 |
# If system property -Dcom.sun.management.jmxremote.port=<port-number> |
| 133 |
# is set then |
| 134 |
# - A MBean server is started |
| 135 |
# - JRE Platform MBeans are registered in the MBean server |
| 136 |
# - RMI connector is published in a private readonly registry at |
| 137 |
# specified port using a well known name, "jmxrmi" |
| 138 |
# - the following properties are read for JMX remote management. |
| 139 |
# |
| 140 |
# The configuration can be specified only at startup time. |
| 141 |
# Later changes to above system property (e.g. via setProperty method), |
| 142 |
# this config file, the password file, or the access file have no effect to the |
| 143 |
# running MBean server, the connector, or the registry. |
| 144 |
# |
| 145 |
|
| 146 |
# |
| 147 |
# ########## RMI connector settings for local management ########## |
| 148 |
# |
| 149 |
# com.sun.management.jmxremote.local.only=true|false |
| 150 |
# Default for this property is true. (Case for true/false ignored) |
| 151 |
# If this property is specified as true then the local JMX RMI connector |
| 152 |
# server will only accept connection requests from clients running on |
| 153 |
# the host where the out-of-the-box JMX management agent is running. |
| 154 |
# In order to ensure backwards compatibility this property could be |
| 155 |
# set to false. However, deploying the local management agent in this |
| 156 |
# way is discouraged because the local JMX RMI connector server will |
| 157 |
# accept connection requests from any client either local or remote. |
| 158 |
# For remote management the remote JMX RMI connector server should |
| 159 |
# be used instead with authentication and SSL/TLS encryption enabled. |
| 160 |
# |
| 161 |
|
| 162 |
# For allowing the local management agent accept local |
| 163 |
# and remote connection requests use the following line |
| 164 |
# com.sun.management.jmxremote.local.only=false |
| 165 |
|
| 166 |
# |
| 167 |
# ###################### RMI SSL ############################# |
| 168 |
# |
| 169 |
# com.sun.management.jmxremote.ssl=true|false |
| 170 |
# Default for this property is true. (Case for true/false ignored) |
| 171 |
# If this property is specified as false then SSL is not used. |
| 172 |
# |
| 173 |
|
| 174 |
# For RMI monitoring without SSL use the following line |
| 175 |
# com.sun.management.jmxremote.ssl=false |
| 176 |
|
| 177 |
# com.sun.management.jmxremote.ssl.config.file=filepath |
| 178 |
# Specifies the location of the SSL configuration file. A properties |
| 179 |
# file can be used to supply the keystore and truststore location and |
| 180 |
# password settings thus avoiding to pass them as cleartext in the |
| 181 |
# command-line. |
| 182 |
# |
| 183 |
# The current implementation of the out-of-the-box management agent will |
| 184 |
# look up and use the properties specified below to configure the SSL |
| 185 |
# keystore and truststore, if present: |
| 186 |
# javax.net.ssl.keyStore=<keystore-location> |
| 187 |
# javax.net.ssl.keyStorePassword=<keystore-password> |
| 188 |
# javax.net.ssl.trustStore=<truststore-location> |
| 189 |
# javax.net.ssl.trustStorePassword=<truststore-password> |
| 190 |
# Any other properties in the file will be ignored. This will allow us |
| 191 |
# to extend the property set in the future if required by the default |
| 192 |
# SSL implementation. |
| 193 |
# |
| 194 |
# If the property "com.sun.management.jmxremote.ssl" is set to false, |
| 195 |
# then this property is ignored. |
| 196 |
# |
| 197 |
|
| 198 |
# For supplying the keystore settings in a file use the following line |
| 199 |
# com.sun.management.jmxremote.ssl.config.file=filepath |
| 200 |
|
| 201 |
# com.sun.management.jmxremote.ssl.enabled.cipher.suites=<cipher-suites> |
| 202 |
# The value of this property is a string that is a comma-separated list |
| 203 |
# of SSL/TLS cipher suites to enable. This property can be specified in |
| 204 |
# conjunction with the previous property "com.sun.management.jmxremote.ssl" |
| 205 |
# in order to control which particular SSL/TLS cipher suites are enabled |
| 206 |
# for use by accepted connections. If this property is not specified then |
| 207 |
# the SSL/TLS RMI Server Socket Factory uses the SSL/TLS cipher suites that |
| 208 |
# are enabled by default. |
| 209 |
# |
| 210 |
|
| 211 |
# com.sun.management.jmxremote.ssl.enabled.protocols=<protocol-versions> |
| 212 |
# The value of this property is a string that is a comma-separated list |
| 213 |
# of SSL/TLS protocol versions to enable. This property can be specified in |
| 214 |
# conjunction with the previous property "com.sun.management.jmxremote.ssl" |
| 215 |
# in order to control which particular SSL/TLS protocol versions are |
| 216 |
# enabled for use by accepted connections. If this property is not |
| 217 |
# specified then the SSL/TLS RMI Server Socket Factory uses the SSL/TLS |
| 218 |
# protocol versions that are enabled by default. |
| 219 |
# |
| 220 |
|
| 221 |
# com.sun.management.jmxremote.ssl.need.client.auth=true|false |
| 222 |
# Default for this property is false. (Case for true/false ignored) |
| 223 |
# If this property is specified as true in conjunction with the previous |
| 224 |
# property "com.sun.management.jmxremote.ssl" then the SSL/TLS RMI Server |
| 225 |
# Socket Factory will require client authentication. |
| 226 |
# |
| 227 |
|
| 228 |
# For RMI monitoring with SSL client authentication use the following line |
| 229 |
# com.sun.management.jmxremote.ssl.need.client.auth=true |
| 230 |
|
| 231 |
# com.sun.management.jmxremote.registry.ssl=true|false |
| 232 |
# Default for this property is false. (Case for true/false ignored) |
| 233 |
# If this property is specified as true then the RMI registry used |
| 234 |
# to bind the RMIServer remote object is protected with SSL/TLS |
| 235 |
# RMI Socket Factories that can be configured with the properties: |
| 236 |
# com.sun.management.jmxremote.ssl.config.file |
| 237 |
# com.sun.management.jmxremote.ssl.enabled.cipher.suites |
| 238 |
# com.sun.management.jmxremote.ssl.enabled.protocols |
| 239 |
# com.sun.management.jmxremote.ssl.need.client.auth |
| 240 |
# If the two properties below are true at the same time, i.e. |
| 241 |
# com.sun.management.jmxremote.ssl=true |
| 242 |
# com.sun.management.jmxremote.registry.ssl=true |
| 243 |
# then the RMIServer remote object and the RMI registry are |
| 244 |
# both exported with the same SSL/TLS RMI Socket Factories. |
| 245 |
# |
| 246 |
|
| 247 |
# For using an SSL/TLS protected RMI registry use the following line |
| 248 |
# com.sun.management.jmxremote.registry.ssl=true |
| 249 |
|
| 250 |
# |
| 251 |
# ################ RMI User authentication ################ |
| 252 |
# |
| 253 |
# com.sun.management.jmxremote.authenticate=true|false |
| 254 |
# Default for this property is true. (Case for true/false ignored) |
| 255 |
# If this property is specified as false then no authentication is |
| 256 |
# performed and all users are allowed all access. |
| 257 |
# |
| 258 |
|
| 259 |
# For RMI monitoring without any checking use the following line |
| 260 |
# com.sun.management.jmxremote.authenticate=false |
| 261 |
|
| 262 |
# |
| 263 |
# ################ RMI Login configuration ################### |
| 264 |
# |
| 265 |
# com.sun.management.jmxremote.login.config=<config-name> |
| 266 |
# Specifies the name of a JAAS login configuration entry to use when |
| 267 |
# authenticating users of RMI monitoring. |
| 268 |
# |
| 269 |
# Setting this property is optional - the default login configuration |
| 270 |
# specifies a file-based authentication that uses the password file. |
| 271 |
# |
| 272 |
# When using this property to override the default login configuration |
| 273 |
# then the named configuration entry must be in a file that gets loaded |
| 274 |
# by JAAS. In addition, the login module(s) specified in the configuration |
| 275 |
# should use the name and/or password callbacks to acquire the user's |
| 276 |
# credentials. See the NameCallback and PasswordCallback classes in the |
| 277 |
# javax.security.auth.callback package for more details. |
| 278 |
# |
| 279 |
# If the property "com.sun.management.jmxremote.authenticate" is set to |
| 280 |
# false, then this property and the password & access files are ignored. |
| 281 |
# |
| 282 |
|
| 283 |
# For a non-default login configuration use the following line |
| 284 |
# com.sun.management.jmxremote.login.config=<config-name> |
| 285 |
|
| 286 |
# |
| 287 |
# ################ RMI Password file location ################## |
| 288 |
# |
| 289 |
# com.sun.management.jmxremote.password.file=filepath |
| 290 |
# Specifies location for password file |
| 291 |
# This is optional - default location is |
| 292 |
# $JRE/lib/management/jmxremote.password |
| 293 |
# |
| 294 |
# If the property "com.sun.management.jmxremote.authenticate" is set to |
| 295 |
# false, then this property and the password & access files are ignored. |
| 296 |
# Otherwise the password file must exist and be in the valid format. |
| 297 |
# If the password file is empty or non-existent then no access is allowed. |
| 298 |
# |
| 299 |
|
| 300 |
# For a non-default password file location use the following line |
| 301 |
# com.sun.management.jmxremote.password.file=filepath |
| 302 |
|
| 303 |
# |
| 304 |
# ################ RMI Access file location ##################### |
| 305 |
# |
| 306 |
# com.sun.management.jmxremote.access.file=filepath |
| 307 |
# Specifies location for access file |
| 308 |
# This is optional - default location is |
| 309 |
# $JRE/lib/management/jmxremote.access |
| 310 |
# |
| 311 |
# If the property "com.sun.management.jmxremote.authenticate" is set to |
| 312 |
# false, then this property and the password & access files are ignored. |
| 313 |
# Otherwise, the access file must exist and be in the valid format. |
| 314 |
# If the access file is empty or non-existent then no access is allowed. |
| 315 |
# |
| 316 |
|
| 317 |
# For a non-default password file location use the following line |
| 318 |
# com.sun.management.jmxremote.access.file=filepath |
