Java Applications
Last updated on 01 October, 2024LogicMonitor uses JMX for monitoring Java applications. For information about Tomcat monitoring, see here.
Enabling JMX
JMX is enabled by passing parameters to the Java JVM during startup. For full instructions on enabling JMX monitoring within your Java applications, see Monitoring and Management Using JMX.
To enable JMX monitoring of a java process with user name/password access:
- define the TCP port that JMX will listen on when you start the JVM:
- com.sun.management.jmxremote.port=portNum
- com.sun.management.jmxremote.rmi.port=portNum
- create a password file jmxremote.password, with the contents being a role and a password, space separated: e.g. monitorRole SecretPass
- create a password file jmxremote.access, with the contents being a role and an access level, space separated: e.g. monitorRole readonly
- ensure both files are owned by the user of the java process, and readable only by that user. (chmod 600 filename on linux)
You then need to pass these parameters to Java when you start your process:
com.sun.management.jmxremote.access.file=location of jmxremote.access file
com.sun.management.jmxremote.password.file=location of jmxremote.password file
com.sun.management.jmxremote.port=JMX port
com.sun.management.jmxremote.ssl=false
e.g.
In LogicMonitor, you would set the properties jmx.user, jmx.pass and jmx.ports to the appropriate username, password and port(s) required for jmx access. (You could set these properties at the global, group or device level. See Defining authentication credentials.
Note: jmx.ports can be a comma separated list of ports to check for JMX access on, if you run multiple JMX apps on different ports.
If JMX Access does not work
Note that during establishment of the JMX connection, the host being queried will reply back with the address for the RMI connection – this requires that that the /etc/hosts file on the Java system is correctly set up, such that the /etc/hosts file contain that hostname and resolves it to the same address that the querying host resolves it to.
e.g. a system with this for /etc/hosts:
127.0.0.1 demo1.logicmonitor.com
would have all JMX connections to demo1.logicmonitor.com fail (as it will send a response indicating that the dynamic RMI connection should be made to 127.0.0.1), whereas if the /etc/hosts contained this:
10.4.4.4 demo1.logicmonitor.com
it would succeed (assuming 10.4.4.4 was its actual IP address.)
An alternative to avoiding name resolution issues is to explicitly identify the hostname to use for RMI connections when starting the Java application, by the -Djava.rmi.server.hostname= parameter. We recommend using Jconsole to ensure you have JMX access set up correctly.
Note: by default, JMX access opens a dynamic port for RMI, above 1024. You may need to change firewall rules to allow the collector to make this connection to the Java server on non-privileged ports above 1024. You can also control the port used for the RMI access by explicitly setting it with the flag:
-Dcom.sun.management.jmxremote.rmi.port=PORT.
It works to set the RMI port to the same port that JMX is using – so this means you only need to open up one port through a firewall.