Fortinet black logo

External Systems Configuration Guide

Apache Tomcat

Apache Tomcat

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
JMX

Generic information: Application version, Application port

Availability metrics: Uptime, Application Server State

CPU metrics: CPU utilization

Memory metrics: Total memory, Free memory, Memory utilization, Virtual committed memory, Total Swap Memory, Free Swap Memory, Swap memory utilization, Heap Utilization, Heap Used Memory, Heap max memory, Heap commit memory, Non-heap Utilization, Non-heap used memory, Non-heap max memory, Non-heap commit memory

Servlet metrics: Web application name, Servlet Name, Count allocated, Total requests, Request errors, Load time, Avg Request Processing time

Session metrics: Web context path, Peak active sessions, Current active sessions, Duplicate sessions, Expired sessions, Rejected sessions, Average session lifetime, Peak session lifetime, Session processing time, Session create rate, Session expire rate, Process expire frequency, Max session limited, Max inactive Interval

Performance Monitoring
JMX

Database metrics: Web context path, Data source, Database driver, Peak active sessions, Current active sessions, Peak idle sessions, Current idle sessions

Thread pool metrics: Thread pool name, Application port, Total threads, Busy threads, Keep alive threads, Max threads, Thread priority, Thread pool daemon flag

Request processor metrics: Request processor name, Received Bytes, Sent Bytes, Average Request Process time, Max Request Processing time, Request Rate, Request Errors

Performance Monitoring

Event Types

In ADMIN > Device Support > Event, search for "tomcat" in the Device Type and Description column to see the event types associated with this device.

Reports

In RESOURCE > Reports , search for "tomcat" in the Name column to see the reports associated with this application or device.

Configuration

JMX

Add the necessary parameters to the Tomcat startup script.

Windows

Modify the file ${CATALINA_BASE}\bin\catalina.bat by adding these arguments for JVM before the comment:

rem ----Execute The Requested Command ------

JMX Configuration for Windows

set JAVA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${Your

JMX Port} \ -Dcom.sun.management.jmxremote.authenticate=true \ -

Dcom.sun.management.jmxremote.ssl=false \ -

Dcom.sun.management.jmxremote.access.file=jmxremote.access \ -

Dcom.sun.management.jmxremote.password.file=jmxremote.password \

Linux

Modify the file ${CATALINA_BASE}/bin/catalina.sh by adding these arguments for JVM before the comment:

# ----Execute The Requested Command ------

JMX Configuration for Linux

JAVA_OPTS=" $ JAVA_OPTS -Dcom.sun.management.jmxremote \ -

Dcom.sun.management.jmxremote.port=${ Your JMX Port} \ -

Dcom.sun.management.jmxremote.authenticate=true \ -Dcom.sun.management.jmxremote.ssl=false

\ -Dcom.sun.management.jmxremote.access.file=jmxremote.access \ -

Dcom.sun.management.jmxremote.password.file=jmxremote.password" \

  1. Edit the access authorization file jmxremote.access.
    monitorRole  readonly
    controlRole  readwrite 
    
  2. Edit the password file jmxremote.password.
    The first column is user name and the second column is password). FortiSIEM only needs monitor access.
    monitorRole  <FortiSIEMUserName>controlRole  <userName>
  3. In Linux, set permissions for the jmxremote.access and jmxremote.password files so that they are read-only and accessible only by the Tomcat operating system user.
    chmod 600 jmxremote.access
    chmod 600 jmxremote.password
    

You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access your Apache Tomcat application server over JMX:

SettingValue
NameEnter a name for the credential.
Device TypeApache Apache Tomcat
Access ProtocolJMX
Pull Interval (minutes)5
Port0
User NameThe user you created in step 3
PasswordThe password you created in step 3

Sample Event for Tomcat Metrics

<134>Jan 22 01:57:32 10.1.2.16 java: [PH_DEV_MON_TOMCAT_CPU]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[appServerState]=STARTED,[sysUpTime]=2458304,[cpuUtil]=0

<134>Jan 22 01:57:32 10.1.2.16 java: [PH_DEV_MON_TOMCAT_MEMORY]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[appServerState]=STARTED,[freeMemKB]=116504,[freeSwapMemKB]=2974020,[memTotalMB]=4095,[swapMemTotalMB]=8189,[virtMemCommitKB]=169900,[memUtil]=98,[swapMemUtil]=65,[heapUsedKB]=18099,[heapMaxKB]=932096,[heapCommitKB]=48896,[heapUtil]=37,[nonHeapUsedKB]=22320,[nonHeapMaxKB]=133120,[nonHeapCommitKB]=24512,[nonHeapUtil]=91

<134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_SERVLET]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[webAppName]=//localhost/host-manager,[servletName]=HTMLHostManager,[countAllocated]=0,[totalRequests]=0,[reqErrors]=0,[loadTime]=0,[reqProcessTimeAvg]=0,[maxInstances]=20,[servletState]=STARTED

<134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_SESSION]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[webContextPath]=/host-manager,[activeSessionsPeak]=0,[activeSessions]=0,[duplicateSession]=0,[expiredSession]=0,[rejectedSession]=0,[sessionLifetimeAvg]=0,[sessionLifetimePeak]=0,[sessionProcessTimeMs]=0,[sessionCreateRate]=0,[sessionExpireRate]=0,[webAppState]=STARTED,[processExpiresFrequency]=6,[maxSessionLimited]=-1,[maxInactiveInterval]=1800

<134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_DB]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[webContextPath]=/host-manager,[dataSource]="jdbc/postgres1",[dbDriver]=org.postgresql.Driver,[activeSessionsPeak]=20,[activeSessions]=0,[idleSessionsPeak]=10,[idleSessions]=0

<134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_THREAD_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[threadPoolName]=ajp-apr-18009,[appPort]=18009,[totalThreads]=0,[busyThreads]=0,[keepAliveThreads]=0[maxThreads]=200,[threadPriority]=5,[threadPoolIsDaemon]=true

<134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_REQUEST_PROCESSOR]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[reqProcessorName]="http-apr-18080",[recvBytes]=0,[sentBytes]=62748914,[totalRequests]=4481,[reqProcessTimeAvg]=44107,[reqProcessTimeMax]=516,[reqRate]=0,[reqErrors]=7

Apache Tomcat

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
JMX

Generic information: Application version, Application port

Availability metrics: Uptime, Application Server State

CPU metrics: CPU utilization

Memory metrics: Total memory, Free memory, Memory utilization, Virtual committed memory, Total Swap Memory, Free Swap Memory, Swap memory utilization, Heap Utilization, Heap Used Memory, Heap max memory, Heap commit memory, Non-heap Utilization, Non-heap used memory, Non-heap max memory, Non-heap commit memory

Servlet metrics: Web application name, Servlet Name, Count allocated, Total requests, Request errors, Load time, Avg Request Processing time

Session metrics: Web context path, Peak active sessions, Current active sessions, Duplicate sessions, Expired sessions, Rejected sessions, Average session lifetime, Peak session lifetime, Session processing time, Session create rate, Session expire rate, Process expire frequency, Max session limited, Max inactive Interval

Performance Monitoring
JMX

Database metrics: Web context path, Data source, Database driver, Peak active sessions, Current active sessions, Peak idle sessions, Current idle sessions

Thread pool metrics: Thread pool name, Application port, Total threads, Busy threads, Keep alive threads, Max threads, Thread priority, Thread pool daemon flag

Request processor metrics: Request processor name, Received Bytes, Sent Bytes, Average Request Process time, Max Request Processing time, Request Rate, Request Errors

Performance Monitoring

Event Types

In ADMIN > Device Support > Event, search for "tomcat" in the Device Type and Description column to see the event types associated with this device.

Reports

In RESOURCE > Reports , search for "tomcat" in the Name column to see the reports associated with this application or device.

Configuration

JMX

Add the necessary parameters to the Tomcat startup script.

Windows

Modify the file ${CATALINA_BASE}\bin\catalina.bat by adding these arguments for JVM before the comment:

rem ----Execute The Requested Command ------

JMX Configuration for Windows

set JAVA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${Your

JMX Port} \ -Dcom.sun.management.jmxremote.authenticate=true \ -

Dcom.sun.management.jmxremote.ssl=false \ -

Dcom.sun.management.jmxremote.access.file=jmxremote.access \ -

Dcom.sun.management.jmxremote.password.file=jmxremote.password \

Linux

Modify the file ${CATALINA_BASE}/bin/catalina.sh by adding these arguments for JVM before the comment:

# ----Execute The Requested Command ------

JMX Configuration for Linux

JAVA_OPTS=" $ JAVA_OPTS -Dcom.sun.management.jmxremote \ -

Dcom.sun.management.jmxremote.port=${ Your JMX Port} \ -

Dcom.sun.management.jmxremote.authenticate=true \ -Dcom.sun.management.jmxremote.ssl=false

\ -Dcom.sun.management.jmxremote.access.file=jmxremote.access \ -

Dcom.sun.management.jmxremote.password.file=jmxremote.password" \

  1. Edit the access authorization file jmxremote.access.
    monitorRole  readonly
    controlRole  readwrite 
    
  2. Edit the password file jmxremote.password.
    The first column is user name and the second column is password). FortiSIEM only needs monitor access.
    monitorRole  <FortiSIEMUserName>controlRole  <userName>
  3. In Linux, set permissions for the jmxremote.access and jmxremote.password files so that they are read-only and accessible only by the Tomcat operating system user.
    chmod 600 jmxremote.access
    chmod 600 jmxremote.password
    

You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access your Apache Tomcat application server over JMX:

SettingValue
NameEnter a name for the credential.
Device TypeApache Apache Tomcat
Access ProtocolJMX
Pull Interval (minutes)5
Port0
User NameThe user you created in step 3
PasswordThe password you created in step 3

Sample Event for Tomcat Metrics

<134>Jan 22 01:57:32 10.1.2.16 java: [PH_DEV_MON_TOMCAT_CPU]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[appServerState]=STARTED,[sysUpTime]=2458304,[cpuUtil]=0

<134>Jan 22 01:57:32 10.1.2.16 java: [PH_DEV_MON_TOMCAT_MEMORY]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[appServerState]=STARTED,[freeMemKB]=116504,[freeSwapMemKB]=2974020,[memTotalMB]=4095,[swapMemTotalMB]=8189,[virtMemCommitKB]=169900,[memUtil]=98,[swapMemUtil]=65,[heapUsedKB]=18099,[heapMaxKB]=932096,[heapCommitKB]=48896,[heapUtil]=37,[nonHeapUsedKB]=22320,[nonHeapMaxKB]=133120,[nonHeapCommitKB]=24512,[nonHeapUtil]=91

<134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_SERVLET]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[webAppName]=//localhost/host-manager,[servletName]=HTMLHostManager,[countAllocated]=0,[totalRequests]=0,[reqErrors]=0,[loadTime]=0,[reqProcessTimeAvg]=0,[maxInstances]=20,[servletState]=STARTED

<134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_SESSION]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[webContextPath]=/host-manager,[activeSessionsPeak]=0,[activeSessions]=0,[duplicateSession]=0,[expiredSession]=0,[rejectedSession]=0,[sessionLifetimeAvg]=0,[sessionLifetimePeak]=0,[sessionProcessTimeMs]=0,[sessionCreateRate]=0,[sessionExpireRate]=0,[webAppState]=STARTED,[processExpiresFrequency]=6,[maxSessionLimited]=-1,[maxInactiveInterval]=1800

<134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_DB]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[webContextPath]=/host-manager,[dataSource]="jdbc/postgres1",[dbDriver]=org.postgresql.Driver,[activeSessionsPeak]=20,[activeSessions]=0,[idleSessionsPeak]=10,[idleSessions]=0

<134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_THREAD_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[threadPoolName]=ajp-apr-18009,[appPort]=18009,[totalThreads]=0,[busyThreads]=0,[keepAliveThreads]=0[maxThreads]=200,[threadPriority]=5,[threadPoolIsDaemon]=true

<134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_REQUEST_PROCESSOR]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[reqProcessorName]="http-apr-18080",[recvBytes]=0,[sentBytes]=62748914,[totalRequests]=4481,[reqProcessTimeAvg]=44107,[reqProcessTimeMax]=516,[reqRate]=0,[reqErrors]=7