Fortinet black logo

External Systems Configuration Guide

IBM WebSphere

IBM WebSphere

What is Discovered and Monitored

HTTPS Preferred for Monitoring over JMX IBM WebSphere performance metrics can be obtained via HTTP(S) or JMX. The HTTP(S) based method is highly recommended since it consumes significantly less resources on FortiSIEM.

Protocol Information discovered Metrics collected Used for
HTTP / HTTP(S)

Generic information: Application version, Application port

Availability metrics: Uptime, Application Server State

CPU metrics: Application server instance, CPU utilization

Memory metrics: Heap utilization, Heap used memory, Heap free memory, Heap max memory, Heap commit memory

Servlet metrics: Application name, Web application name, Servlet Name, Invocation count

Database pool metrics: Application server instance, JDBC provider, Data source, Pool size, Closed connections, Active Connections, Requests wait for connections, Connection use time, Connection factory type, Peak connections

Thread pool metrics: Application server instance, Thread pool name, Execute threads, Peak execute threads

Transaction metrics: Application server instance, Active Transaction, Committed Transaction, Rolled back Transaction

Authentication metrics: Application name, Application server instance, Authentication Method, Count

Performance Monitoring
JMX

Generic information: Application version, Application port

Availability metrics: Uptime, Application Server State

CPU metrics: Application server instance, CPU utilization

Memory metrics: Heap utilization, Heap used memory, Heap free memory, Heap max memory, Heap commit memory, Max System dumps on disk, Max heap dumps on disk

Servlet metrics: Application name, Web application name, Servlet Name, Invocation count, Request errors

Database pool metrics: Application server instance, JDBC provider, Data source, Pool size, Closed connections, Active Connections, Requests wait for connections, Connection use time, Connection factory type, Peak connections

Thread pool metrics: Application server instance, Thread pool name, Execute threads, Peak execute threads

Application level metrics: Application name, Web application name, Application server instance, Web application context root, Active sessions, Peak active sessions

EJB metrics: Application name, Application server instance, EJB component name

Performance Monitoring
Syslog Log analysis

Event Types

In ADMIN > Device Support > Event Types, search for "websphere" to see the event types associated with this device.

  • PH_DEV_MON_WEBSPHERE_CPU (from HTTPS)
    <134>Dec 08 16:11:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_CPU]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[cpuUtil]=0,[sysUpTime]=2340206,[appServerState]=RUNNING 
    
  • PH_DEV_MON_WEBSPHERE_CPU (from JMX)
    <134>Jan 22 02:15:23 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_CPU]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[cpuUtil]=0,[sysUpTime]=42206,[appServerState]=STARTED
    
  • PH_DEV_MON_WEBSPHERE_MEMORY (from HTTPS)
    <134>Dec 08 16:11:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_MEMORY]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[appServerState]=running,[heapFreeKB]=93208,[heapUsedKB]=168936,[heapCommitKB]=232576,[heapMaxKB]=262144,[heapUtil]=72  
  • PH_DEV_MON_WEBSPHERE_MEMORY (from JMX)
    <134>Jan 22 02:15:25 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_MEMORY]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[appServerState]=STARTED,[maxSystemDumpsOnDisk]=10,[maxHeapDumpsOnDisk]=10,[heapFreeKB]=48140,[heapUsedKB]=172018,[heapCommitKB]=217815,[heapMaxKB]=262144,[heapUtil]=78 
  • PH_DEV_MON_WEBSPHERE_APP (from HTTPS)
     <134>Dec 08 16:11:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_APP]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[appName]=isclite,[webAppName]=ISCAdminPortlet.war,[activeSessions]=0,[activeSessionsPeak]=1
  • PH_DEV_MON_WEBSPHERE_APP (from JMX)
    <134>Jan 22 02:18:24 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_APP]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[appName]=isclite,[webAppName]=isclite.war,[webContextRoot]=admin_host/ibm/console,[activeSessions]=0,[activeSessionsPeak]=1
  • PH_DEV_MON_WEBSPHERE_SERVLET (from HTTPS)
     <134>Dec 08 16:11:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_SERVLET]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[appName]=isclite,[webAppName]=isclite.war,[servletName]=/com.ibm.ws.console.servermanagement/collectionTableLayout.jsp,[invocationCount]=2
    
  • PH_DEV_MON_WEBSPHERE_SERVLET (from JMX)
     <134>Jan 22 02:15:24 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_SERVLET]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[appName]=isclite,[webAppName]=isclite.war,[servletName]=action,[reqErrors]=0,[invocationCount]=14
    
  • PH_DEV_MON_WEBSPHERE_DB_POOL (from HTTPS)
    <134>Dec 08 16:14:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_DB_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[jdbcProvider]=Derby JDBC Provider (XA),[dataSource]=jdbc/DefaultEJBTimerDataSource,[poolSize]=0,[closedConns]=0,[activeConns]=0,[waitForConnReqs]=0,[connUseTime]=0
    
  • PH_DEV_MON_WEBSPHERE_DB_POOL (from JMX)
    <134>Jan 22 02:15:23 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_DB_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[jdbcProvider]=Derby JDBC Provider (XA),[dataSource]=DefaultEJBTimerDataSource,[poolSize]=0,[closedConns]=0,[activeConns]=0,[waitForConnReqs]=0,[connUseTime]=0,[connFactoryType]=,[peakConns]=0
    
  • PH_DEV_MON_WEBSPHERE_THREAD_POOL (from HTTPS)
     <134>Dec 08 16:14:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_THREAD_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[threadPoolName]=WebContainer,[executeThreads]=2,[executeThreadPeak]=6
    
  • PH_DEV_MON_WEBSPHERE_THREAD_POOL (from JMX)
    <134>Jan 22 02:18:25 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_THREAD_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[threadPoolName]=ORB.thread.pool,[executeThreads]=0,[executeThreadPeak]=0
  • PH_DEV_MON_WEBSPHERE_TRANSACTION (from HTTPS)
    <134>Dec 08 16:14:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_TRANSACTION]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[activeTxCount]=0,[committedTxCount]=3406,[rolledBackTxCount]=0
    
  • PH_DEV_MON_WEBSPHERE_AUTHENTICATION (from HTTPS)
     <134>Dec 08 16:14:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_AUTHENTICATION]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[authenMethod]=TokenAuthentication,[count]=0
  • PH_DEV_MON_WEBSPHERE_EJB (from JMX)
    <134>Jan 22 02:15:24 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_EJB]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[appName]=SchedulerCalendars,[ejbComponentName]=Calendars.jar

Reports

In RESOURCES > Reports, search for "websphere" in the main content panel Search... field to see the reports associated with this device.

Configuration

HTTP(S)
Install the perfServletApp Application
  1. Log in to your Websphere administration console.
  2. Go to Applications > Application Types > WebSphere enterprise application.
  3. Click Install.
  4. Select Remote file system and browse to {WebSphere_Home}/AppServer/installableApps/PerfServletApp.ear.
  5. Click Next.
    The Context Root for the application will be set to /wasPerfTool, but you can edit this during installation.
Configure Security for the Application
  1. Go to Security > Global Security.
  2. Select Enable application security.
  3. Go to Applications > Application Types > Websphere Enterprise Applications.
  4. Select perfServletApp.
  5. Click Security role to user/group mapping.
  6. Click Map Users/Groups.
  7. Use the Search feature to find and select the FortiSIEM user you want to provide with access to the application,
  8. Click Map Special Subjects.
  9. Select All Authenticated in Application's Realm.
  10. Click OK.
Start the Application
  1. Go to Applications > Application Types > WebSphere enterprise application.
  2. Select perfServletApp.
  3. Click Start.
  4. In a web browser, launch the application by going to http://<ip>:<port>/wasPerfTool/servlet/perfservlet. Default HTTP Port The default port for HTTP is 9080, HTTPS is 9443. You can change these by going to Servers > Server Types > WebSphere application servers > {serverInstance} > Configuration > Ports.
JMX
Configuring the Default JMX Port

By default, your Websphere application server uses port 8880 for JMX. You can change this by logging in to your application server console and going to Application servers > {Server Name} > Ports > SOAP_CONNECTOR_ADDRESS. The username and password for JMX are the same as the credentials logging into the console. To configure JMX communications between your Websphere application server and FortiSIEM, you must copy several files from your application server to the Websphere configuration directory for each FortiSIEM virtual appliance that will be used for discovery and performance monitoring jobs. FortiSIEM does not include these files because of licensing restrictions.

  1. Copy these files to the directory /opt/phoenix/config/websphere/ for each Supervisor, Worker, and Collector in your FortiSIEM deployment.
    File TypeLocation
    Client Jars
    • ${WebSphere_Home}/AppServer/runtimes/com.ibm.ws.admin.client.jar
    • ${WebSphere_Home}/AppServer/plugins/com.ibm.ws.security.crypto.jar
    SSL files
    • ${WebSphere_Home}/AppServer/profiles/${Profile_Name}/etc/DummyClientKeyFile.jks
    • ${WebSphere_Home}/AppServer/profiles/${Profile_Name}/etc/DummyClientTrustFile.jks
  2. Install IBM JDK 1.6 or higher in the location /opt/phoenix/config/websphere/java for each Supervisor, Worker, and Collector in your FortiSIEM deployment.

You can now configure FortiSIEM to communicate with your device by following the instructions in the User Guide > Section: Setting Credentials, and then initiate discovery of the device as described in the topics under Discovery Settings.

Settings for Access Credentials

Use these Access Method Definition options to let FortiSIEM access your IBM Websphere device over HTTPS and SNMP. When you set the Device Credential Mapping Definition, make sure to map both the HTTPS and SNMP credentials to the same IP address for your Websphere device.

Settings for IBM Websphere HTTPS Access Credentials
SettingValue
Namewebsphere_https
Device TypeIBM Websphere App Server
Access ProtocolHTTPS
Port9443
URL/wasPerfTools/servlet/perfservlet
User NameUse the user name that you provided with access to the application
PasswordThe password associated with the user that has access to the application
Settings for IBM Websphere SNMP Access Credentials

Use these Access Method Definition settings to let FortiSIEM access your IBM Websphere device over SNMP. When you set the Device Credential Mapping Definition, make sure to map both the HTTPS and SNMP credentials to the same IP address for your Websphere device.

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

SettingValue
Name<set name>
Device TypeGeneric
Access ProtocolSNMP
Community String<your own>
Settings for IBM Websphere JMX Access Credentials

Use these Access Method Definition settings to let FortiSIEM access your IBM Websphere device over JMX.

SettingValue
Namewebsphere
Device TypeIBM Websphere App Server
Access ProtocolJMX
Pull Interval (minutes)5
Port8880
User NameThe administrative user for the application server
PasswordThe password associated with the administrative user

IBM WebSphere

What is Discovered and Monitored

HTTPS Preferred for Monitoring over JMX IBM WebSphere performance metrics can be obtained via HTTP(S) or JMX. The HTTP(S) based method is highly recommended since it consumes significantly less resources on FortiSIEM.

Protocol Information discovered Metrics collected Used for
HTTP / HTTP(S)

Generic information: Application version, Application port

Availability metrics: Uptime, Application Server State

CPU metrics: Application server instance, CPU utilization

Memory metrics: Heap utilization, Heap used memory, Heap free memory, Heap max memory, Heap commit memory

Servlet metrics: Application name, Web application name, Servlet Name, Invocation count

Database pool metrics: Application server instance, JDBC provider, Data source, Pool size, Closed connections, Active Connections, Requests wait for connections, Connection use time, Connection factory type, Peak connections

Thread pool metrics: Application server instance, Thread pool name, Execute threads, Peak execute threads

Transaction metrics: Application server instance, Active Transaction, Committed Transaction, Rolled back Transaction

Authentication metrics: Application name, Application server instance, Authentication Method, Count

Performance Monitoring
JMX

Generic information: Application version, Application port

Availability metrics: Uptime, Application Server State

CPU metrics: Application server instance, CPU utilization

Memory metrics: Heap utilization, Heap used memory, Heap free memory, Heap max memory, Heap commit memory, Max System dumps on disk, Max heap dumps on disk

Servlet metrics: Application name, Web application name, Servlet Name, Invocation count, Request errors

Database pool metrics: Application server instance, JDBC provider, Data source, Pool size, Closed connections, Active Connections, Requests wait for connections, Connection use time, Connection factory type, Peak connections

Thread pool metrics: Application server instance, Thread pool name, Execute threads, Peak execute threads

Application level metrics: Application name, Web application name, Application server instance, Web application context root, Active sessions, Peak active sessions

EJB metrics: Application name, Application server instance, EJB component name

Performance Monitoring
Syslog Log analysis

Event Types

In ADMIN > Device Support > Event Types, search for "websphere" to see the event types associated with this device.

  • PH_DEV_MON_WEBSPHERE_CPU (from HTTPS)
    <134>Dec 08 16:11:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_CPU]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[cpuUtil]=0,[sysUpTime]=2340206,[appServerState]=RUNNING 
    
  • PH_DEV_MON_WEBSPHERE_CPU (from JMX)
    <134>Jan 22 02:15:23 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_CPU]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[cpuUtil]=0,[sysUpTime]=42206,[appServerState]=STARTED
    
  • PH_DEV_MON_WEBSPHERE_MEMORY (from HTTPS)
    <134>Dec 08 16:11:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_MEMORY]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[appServerState]=running,[heapFreeKB]=93208,[heapUsedKB]=168936,[heapCommitKB]=232576,[heapMaxKB]=262144,[heapUtil]=72  
  • PH_DEV_MON_WEBSPHERE_MEMORY (from JMX)
    <134>Jan 22 02:15:25 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_MEMORY]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[appServerState]=STARTED,[maxSystemDumpsOnDisk]=10,[maxHeapDumpsOnDisk]=10,[heapFreeKB]=48140,[heapUsedKB]=172018,[heapCommitKB]=217815,[heapMaxKB]=262144,[heapUtil]=78 
  • PH_DEV_MON_WEBSPHERE_APP (from HTTPS)
     <134>Dec 08 16:11:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_APP]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[appName]=isclite,[webAppName]=ISCAdminPortlet.war,[activeSessions]=0,[activeSessionsPeak]=1
  • PH_DEV_MON_WEBSPHERE_APP (from JMX)
    <134>Jan 22 02:18:24 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_APP]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[appName]=isclite,[webAppName]=isclite.war,[webContextRoot]=admin_host/ibm/console,[activeSessions]=0,[activeSessionsPeak]=1
  • PH_DEV_MON_WEBSPHERE_SERVLET (from HTTPS)
     <134>Dec 08 16:11:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_SERVLET]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[appName]=isclite,[webAppName]=isclite.war,[servletName]=/com.ibm.ws.console.servermanagement/collectionTableLayout.jsp,[invocationCount]=2
    
  • PH_DEV_MON_WEBSPHERE_SERVLET (from JMX)
     <134>Jan 22 02:15:24 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_SERVLET]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[appName]=isclite,[webAppName]=isclite.war,[servletName]=action,[reqErrors]=0,[invocationCount]=14
    
  • PH_DEV_MON_WEBSPHERE_DB_POOL (from HTTPS)
    <134>Dec 08 16:14:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_DB_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[jdbcProvider]=Derby JDBC Provider (XA),[dataSource]=jdbc/DefaultEJBTimerDataSource,[poolSize]=0,[closedConns]=0,[activeConns]=0,[waitForConnReqs]=0,[connUseTime]=0
    
  • PH_DEV_MON_WEBSPHERE_DB_POOL (from JMX)
    <134>Jan 22 02:15:23 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_DB_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[jdbcProvider]=Derby JDBC Provider (XA),[dataSource]=DefaultEJBTimerDataSource,[poolSize]=0,[closedConns]=0,[activeConns]=0,[waitForConnReqs]=0,[connUseTime]=0,[connFactoryType]=,[peakConns]=0
    
  • PH_DEV_MON_WEBSPHERE_THREAD_POOL (from HTTPS)
     <134>Dec 08 16:14:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_THREAD_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[threadPoolName]=WebContainer,[executeThreads]=2,[executeThreadPeak]=6
    
  • PH_DEV_MON_WEBSPHERE_THREAD_POOL (from JMX)
    <134>Jan 22 02:18:25 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_THREAD_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[threadPoolName]=ORB.thread.pool,[executeThreads]=0,[executeThreadPeak]=0
  • PH_DEV_MON_WEBSPHERE_TRANSACTION (from HTTPS)
    <134>Dec 08 16:14:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_TRANSACTION]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[activeTxCount]=0,[committedTxCount]=3406,[rolledBackTxCount]=0
    
  • PH_DEV_MON_WEBSPHERE_AUTHENTICATION (from HTTPS)
     <134>Dec 08 16:14:55 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_AUTHENTICATION]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=Host-10.1.2.16,[destDevPort]=9443,[appVersion]=8.5.5.3,[appServerInstance]=server1,[authenMethod]=TokenAuthentication,[count]=0
  • PH_DEV_MON_WEBSPHERE_EJB (from JMX)
    <134>Jan 22 02:15:24 10.1.2.16 java: [PH_DEV_MON_WEBSPHERE_EJB]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=8880,[appVersion]=IBM WebSphere Application Server 7.0.0.11,[appServerInstance]=server1,[appName]=SchedulerCalendars,[ejbComponentName]=Calendars.jar

Reports

In RESOURCES > Reports, search for "websphere" in the main content panel Search... field to see the reports associated with this device.

Configuration

HTTP(S)
Install the perfServletApp Application
  1. Log in to your Websphere administration console.
  2. Go to Applications > Application Types > WebSphere enterprise application.
  3. Click Install.
  4. Select Remote file system and browse to {WebSphere_Home}/AppServer/installableApps/PerfServletApp.ear.
  5. Click Next.
    The Context Root for the application will be set to /wasPerfTool, but you can edit this during installation.
Configure Security for the Application
  1. Go to Security > Global Security.
  2. Select Enable application security.
  3. Go to Applications > Application Types > Websphere Enterprise Applications.
  4. Select perfServletApp.
  5. Click Security role to user/group mapping.
  6. Click Map Users/Groups.
  7. Use the Search feature to find and select the FortiSIEM user you want to provide with access to the application,
  8. Click Map Special Subjects.
  9. Select All Authenticated in Application's Realm.
  10. Click OK.
Start the Application
  1. Go to Applications > Application Types > WebSphere enterprise application.
  2. Select perfServletApp.
  3. Click Start.
  4. In a web browser, launch the application by going to http://<ip>:<port>/wasPerfTool/servlet/perfservlet. Default HTTP Port The default port for HTTP is 9080, HTTPS is 9443. You can change these by going to Servers > Server Types > WebSphere application servers > {serverInstance} > Configuration > Ports.
JMX
Configuring the Default JMX Port

By default, your Websphere application server uses port 8880 for JMX. You can change this by logging in to your application server console and going to Application servers > {Server Name} > Ports > SOAP_CONNECTOR_ADDRESS. The username and password for JMX are the same as the credentials logging into the console. To configure JMX communications between your Websphere application server and FortiSIEM, you must copy several files from your application server to the Websphere configuration directory for each FortiSIEM virtual appliance that will be used for discovery and performance monitoring jobs. FortiSIEM does not include these files because of licensing restrictions.

  1. Copy these files to the directory /opt/phoenix/config/websphere/ for each Supervisor, Worker, and Collector in your FortiSIEM deployment.
    File TypeLocation
    Client Jars
    • ${WebSphere_Home}/AppServer/runtimes/com.ibm.ws.admin.client.jar
    • ${WebSphere_Home}/AppServer/plugins/com.ibm.ws.security.crypto.jar
    SSL files
    • ${WebSphere_Home}/AppServer/profiles/${Profile_Name}/etc/DummyClientKeyFile.jks
    • ${WebSphere_Home}/AppServer/profiles/${Profile_Name}/etc/DummyClientTrustFile.jks
  2. Install IBM JDK 1.6 or higher in the location /opt/phoenix/config/websphere/java for each Supervisor, Worker, and Collector in your FortiSIEM deployment.

You can now configure FortiSIEM to communicate with your device by following the instructions in the User Guide > Section: Setting Credentials, and then initiate discovery of the device as described in the topics under Discovery Settings.

Settings for Access Credentials

Use these Access Method Definition options to let FortiSIEM access your IBM Websphere device over HTTPS and SNMP. When you set the Device Credential Mapping Definition, make sure to map both the HTTPS and SNMP credentials to the same IP address for your Websphere device.

Settings for IBM Websphere HTTPS Access Credentials
SettingValue
Namewebsphere_https
Device TypeIBM Websphere App Server
Access ProtocolHTTPS
Port9443
URL/wasPerfTools/servlet/perfservlet
User NameUse the user name that you provided with access to the application
PasswordThe password associated with the user that has access to the application
Settings for IBM Websphere SNMP Access Credentials

Use these Access Method Definition settings to let FortiSIEM access your IBM Websphere device over SNMP. When you set the Device Credential Mapping Definition, make sure to map both the HTTPS and SNMP credentials to the same IP address for your Websphere device.

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

SettingValue
Name<set name>
Device TypeGeneric
Access ProtocolSNMP
Community String<your own>
Settings for IBM Websphere JMX Access Credentials

Use these Access Method Definition settings to let FortiSIEM access your IBM Websphere device over JMX.

SettingValue
Namewebsphere
Device TypeIBM Websphere App Server
Access ProtocolJMX
Pull Interval (minutes)5
Port8880
User NameThe administrative user for the application server
PasswordThe password associated with the administrative user