---
title: SNMP-based monitoring
description: The interface stability of this legacy feature is Deprecated.
component: pingds
version: 7.4
page_id: pingds:monitoring-guide:snmp-monitoring
canonical_url: https://docs.pingidentity.com/pingds/7.4/monitoring-guide/snmp-monitoring.html
revdate: 2023-09-13T16:30:59Z
keywords: ["Monitoring", "Troubleshooting"]
---

# SNMP-based monitoring

|   |                                                                 |
| - | --------------------------------------------------------------- |
|   | The interface stability of this legacy feature is *Deprecated*. |

DS servers support SNMP, including the Management Information Base described in [RFC 2605: Directory Server Monitoring MIB](https://www.rfc-editor.org/info/rfc2605).

SNMP is not enabled by default. SNMP-based monitoring depends on an OpenDMK library. The OpenDMK binary bundle containing this library ships with DS servers as `snmp/opendmk.jar`. Installation requires that you accept the OpenDMK Binary License. OpenDMK installation is a separate step that you must perform before you can use SNMP.

1. Run the OpenDMK installer and accept the license, use the self-extracting .jar:

   ```bash
   $ java -jar /path/to/opendj/snmp/opendmk.jar
   ```

2. Install OpenDMK, and then copy the libraries to the `opendj/extlib` directory. For example, if you install OpenDMK in the `/path/to` directory, copy the libraries from the `/path/to/OpenDMK-bin/lib` directory:

   ```bash
   $ cp /path/to/OpenDMK-bin/lib/* /path/to/opendj/extlib/
   ```

3. Set up an SNMP connection handler:

   ```bash
   $ dsconfig \
    set-connection-handler-prop \
    --handler-name SNMP \
    --set enabled:true \
    --hostname localhost \
    --port 4444 \
    --bindDN uid=admin \
    --bindPassword password \
    --usePkcs12TrustStore /path/to/opendj/config/keystore \
    --trustStorePassword:file /path/to/opendj/config/keystore.pin \
    --no-prompt
   ```

4. If the server does not have access to the default ports, change them.

   By default, the SNMP connection handler listens on port `161`, and uses port `162` for traps. On Linux systems, only root can normally open these ports. The following command installs as a normal user, changing the listen and trap ports:

   ```bash
   $ dsconfig \
    set-connection-handler-prop \
    --handler-name SNMP \
    --set listen-port:11161 \
    --set trap-port:11162 \
    --hostname localhost \
    --port 4444 \
    --bindDN uid=admin \
    --bindPassword password \
    --usePkcs12TrustStore /path/to/opendj/config/keystore \
    --trustStorePassword:file /path/to/opendj/config/keystore.pin \
    --no-prompt
   ```

5. Restart the SNMP connection handler to take the changes into account:

   ```bash
   $ dsconfig \
    set-connection-handler-prop \
    --handler-name SNMP \
    --set enabled:false \
    --hostname localhost \
    --port 4444 \
    --bindDN uid=admin \
    --bindPassword password \
    --usePkcs12TrustStore /path/to/opendj/config/keystore \
    --trustStorePassword:file /path/to/opendj/config/keystore.pin \
    --no-prompt

   $ dsconfig \
    set-connection-handler-prop \
    --handler-name SNMP \
    --set enabled:true \
    --hostname localhost \
    --port 4444 \
    --bindDN uid=admin \
    --bindPassword password \
    --usePkcs12TrustStore /path/to/opendj/config/keystore \
    --trustStorePassword:file /path/to/opendj/config/keystore.pin \
    --no-prompt
   ```

6. Check that connection handler works as expected.

   The following command reads the response on the SNMP listen port:

   ```bash
   $ snmpwalk -v 2c -c OpenDJ@OpenDJ localhost:11161

   iso.3.6.1.2.1.66.1.1.1.1 = STRING: "ForgeRock Directory Services version"
   iso.3.6.1.2.1.66.1.1.2.1 = STRING: "/path/to/opendj" ...
   ```