Fortinet black logo

External Systems Configuration Guide

Oracle WebLogic

Oracle WebLogic

Supported Added: FortiSIEM 4.7.2

Last Modification: FortiSIEM 6.7.0

Vendor Version Tested: Oracle WebLogic 12c

Vendor: Oracle

Product Information: https://www.oracle.com/java/weblogic/

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

JMX

Generic information: Application version, Application port, SSL listen port, Listen port enabled flag, SSL listen port enabled

Availability metrics: Uptime, Application Server State

Memory metrics: Total memory, Free memory, Used memory, Memory utilization, Heap utilization, Heap used memory, Heap max memory, Heap commit memory, Total nursery memory

Servlet metrics: Application name, App server instance, Web application name, Web context name, Servlet name, Invocation count, Servlet execution time

Database pool metrics: Application name, App server instance, Data source, Active connection count, Connection limit, Leaked connections, Reserve requests, Requests wait for connections

Thread pool metrics: App server instance, Completed requests, Execute threads, Pending requests, Standby threads, Total threads

EJB metrics: EJB component name, EJB state, EJB idle beans, EJB used beans, EJB pooled beans, EJB Waiter threads, EJB committed Transactions, EJB timedout transactions, EJB rolledback transactions, EJB activations, EJB Passivations, EJB cache hits, EJB cache misses, EJB cache accesses, EJB cache hit ratio

Application level metrics: Application name, App server instance, Web application name, Web context root, Peak active sessions, Current active sessions, Total active sessions, Servlet count, Single threaded servlet pool count,

Performance Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "WebLogic" to see the event types associated with this device.

Reports

In RESOURCES > Reports, search for "WebLogic" in the main content panel Search... field to see the reports associated with this application or device.

WebLogic Configuration

Enable IIOP

To configure Oracle WebLogic for FortiSIEM, take the following steps.

  1. Login to the WebLogic 12c administrative console.

  2. In the upper left pane labeled Change Center, take the following steps.

    1. If a Lock & Edit button appears, click it.

      If no Lock & Edit button is visible, proceed to the next step.


  3. Go to the Domain Structure pane, and expand Environment > Servers.

  4. On the right pane, click on the server that you want to monitor by clicking its name.

  5. Click on the Protocols tab.

  6. Click the IIOP sub-tab.

  7. Enable IIOP by clicking on the Enable IIOP checkbox.

  8. Click Save.

  9. Push the configuration change by taking one of the following steps.

    1. If Lock & Edit was performed in step 2a, under Change Center, click Activate Changes.

    2. If the Lock & Edit button was not present in step 2a, Oracle WebLogic will request a restart for changes to take effect.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Create a WebLogic User for FortiSIEM

To add an Oracle WebLogic user, take the following steps.

  1. Go to the Domain Structure pane, and expand Security Realms.

  2. On the right pane, click on myrealm.


  3. Select user and groups.

  4. Under user, click New.

  5. Configure the following fields:

    1. In the Name field, enter the user's name.

    2. From the Provider drop-down list, leave it as DefaultAuthenticator.

    3. In the Password field, enter the user's password.

    4. In the Confirm Password field, re-enter the user's password.

    5. Click OK.

  6. Click on the newly created user.

  7. Go to the Groups tab.

  8. Choose Operators, so it appears in the Chosen window.

  9. Click Save.

Create WebLogic Credential in FortiSIEM

Use these Access Method Definition settings to allow FortiSIEM to access your Oracle WebLogic application server over JMX.

The port for JMX is the same as the web console, and the default value is 7001.

Setting Value
Name weblogic
Device Type Oracle WebLogic App Server
Access Protocol JMX
Pull Interval (minutes) 5
Port 7001
User Name WebLogic user created in Create a WebLogic User for FortiSIEM.
WebLogic user password created in previous step WebLogic user password created in Create a WebLogic User for FortiSIEM.

Sample Event for WebLogic Metrics

<134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_GEN]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appServerState]=RUNNING,[sysUpTime]=1358476145,[appPort]=7001,[sslListenPort]=7002,[listenPortEnabled]=true,[sslListenPortEnabled]=true

<134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_MEMORY]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appServerState]=RUNNING,[heapUsedKB]=153128,[heapCommitKB]=262144,[heapFreeKB]=109015,[heapUtil]=59,[heapMaxKB]=524288,[usedMemKB]=4086224,[freeMemKB]=107624,[memTotalMB]=4095,[memUtil]=97,[nurserySizeKB]=88324
 
<134>Jan 22 02:12:22 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_SERVLET]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appName]=consoleapp,[webAppName]=examplesServer_/console,[servletName]=/framework/skeletons/wlsconsole/placeholder.jsp,[webContextRoot]=/console,[invocationCount]=1094,[servletExecutionTimeMs]=63
 
<134>Jan 22 02:15:24 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_DB_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appName]=examples-demoXA-2,[dataSource]=examples-demoXA-2,[activeConns]=0,[connLimit]=1,[leakedConns]=0,[reserveRequests]=0,[waitForConnReqs]=0
 
<134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_THREAD_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[completedRequests]=14066312,[executeThreads]=7,[pendingRequests]=0,[standbyThreads]=5,[totalThreads]=43
 
<134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_EJB]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[ejbComponentName]=ejb30,[ejbIdleBeans]=0,[ejbUsedBeans]=0,[ejbPooledBeans]=0,[ejbWaiter]=0,[ejbCommitTransactions]=0,[ejbTimedOutTransactions]=0,[ejbRolledBackTransactions]=0,[ejbActivations]=0,[ejbPassivations]=0,[ejbCacheHits]=0,[ejbCacheMisses]=0,[ejbCacheAccesses]=0,[ejbCacheHitRatio]=0

<134>Jan 22 02:12:23 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_APP]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appName]=webservicesJwsSimpleEar,[webAppName]=examplesServer_/jws_basic_simple,[webContextRoot]=/jws_basic_simple,[activeSessions]=0,[activeSessionsPeak]=0,[activeSessionTotal]=0,[numServlet]=4,[singleThreadedServletPool]=5

Oracle WebLogic

Supported Added: FortiSIEM 4.7.2

Last Modification: FortiSIEM 6.7.0

Vendor Version Tested: Oracle WebLogic 12c

Vendor: Oracle

Product Information: https://www.oracle.com/java/weblogic/

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

JMX

Generic information: Application version, Application port, SSL listen port, Listen port enabled flag, SSL listen port enabled

Availability metrics: Uptime, Application Server State

Memory metrics: Total memory, Free memory, Used memory, Memory utilization, Heap utilization, Heap used memory, Heap max memory, Heap commit memory, Total nursery memory

Servlet metrics: Application name, App server instance, Web application name, Web context name, Servlet name, Invocation count, Servlet execution time

Database pool metrics: Application name, App server instance, Data source, Active connection count, Connection limit, Leaked connections, Reserve requests, Requests wait for connections

Thread pool metrics: App server instance, Completed requests, Execute threads, Pending requests, Standby threads, Total threads

EJB metrics: EJB component name, EJB state, EJB idle beans, EJB used beans, EJB pooled beans, EJB Waiter threads, EJB committed Transactions, EJB timedout transactions, EJB rolledback transactions, EJB activations, EJB Passivations, EJB cache hits, EJB cache misses, EJB cache accesses, EJB cache hit ratio

Application level metrics: Application name, App server instance, Web application name, Web context root, Peak active sessions, Current active sessions, Total active sessions, Servlet count, Single threaded servlet pool count,

Performance Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "WebLogic" to see the event types associated with this device.

Reports

In RESOURCES > Reports, search for "WebLogic" in the main content panel Search... field to see the reports associated with this application or device.

WebLogic Configuration

Enable IIOP

To configure Oracle WebLogic for FortiSIEM, take the following steps.

  1. Login to the WebLogic 12c administrative console.

  2. In the upper left pane labeled Change Center, take the following steps.

    1. If a Lock & Edit button appears, click it.

      If no Lock & Edit button is visible, proceed to the next step.


  3. Go to the Domain Structure pane, and expand Environment > Servers.

  4. On the right pane, click on the server that you want to monitor by clicking its name.

  5. Click on the Protocols tab.

  6. Click the IIOP sub-tab.

  7. Enable IIOP by clicking on the Enable IIOP checkbox.

  8. Click Save.

  9. Push the configuration change by taking one of the following steps.

    1. If Lock & Edit was performed in step 2a, under Change Center, click Activate Changes.

    2. If the Lock & Edit button was not present in step 2a, Oracle WebLogic will request a restart for changes to take effect.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Create a WebLogic User for FortiSIEM

To add an Oracle WebLogic user, take the following steps.

  1. Go to the Domain Structure pane, and expand Security Realms.

  2. On the right pane, click on myrealm.


  3. Select user and groups.

  4. Under user, click New.

  5. Configure the following fields:

    1. In the Name field, enter the user's name.

    2. From the Provider drop-down list, leave it as DefaultAuthenticator.

    3. In the Password field, enter the user's password.

    4. In the Confirm Password field, re-enter the user's password.

    5. Click OK.

  6. Click on the newly created user.

  7. Go to the Groups tab.

  8. Choose Operators, so it appears in the Chosen window.

  9. Click Save.

Create WebLogic Credential in FortiSIEM

Use these Access Method Definition settings to allow FortiSIEM to access your Oracle WebLogic application server over JMX.

The port for JMX is the same as the web console, and the default value is 7001.

Setting Value
Name weblogic
Device Type Oracle WebLogic App Server
Access Protocol JMX
Pull Interval (minutes) 5
Port 7001
User Name WebLogic user created in Create a WebLogic User for FortiSIEM.
WebLogic user password created in previous step WebLogic user password created in Create a WebLogic User for FortiSIEM.

Sample Event for WebLogic Metrics

<134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_GEN]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appServerState]=RUNNING,[sysUpTime]=1358476145,[appPort]=7001,[sslListenPort]=7002,[listenPortEnabled]=true,[sslListenPortEnabled]=true

<134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_MEMORY]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appServerState]=RUNNING,[heapUsedKB]=153128,[heapCommitKB]=262144,[heapFreeKB]=109015,[heapUtil]=59,[heapMaxKB]=524288,[usedMemKB]=4086224,[freeMemKB]=107624,[memTotalMB]=4095,[memUtil]=97,[nurserySizeKB]=88324
 
<134>Jan 22 02:12:22 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_SERVLET]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appName]=consoleapp,[webAppName]=examplesServer_/console,[servletName]=/framework/skeletons/wlsconsole/placeholder.jsp,[webContextRoot]=/console,[invocationCount]=1094,[servletExecutionTimeMs]=63
 
<134>Jan 22 02:15:24 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_DB_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appName]=examples-demoXA-2,[dataSource]=examples-demoXA-2,[activeConns]=0,[connLimit]=1,[leakedConns]=0,[reserveRequests]=0,[waitForConnReqs]=0
 
<134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_THREAD_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[completedRequests]=14066312,[executeThreads]=7,[pendingRequests]=0,[standbyThreads]=5,[totalThreads]=43
 
<134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_EJB]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[ejbComponentName]=ejb30,[ejbIdleBeans]=0,[ejbUsedBeans]=0,[ejbPooledBeans]=0,[ejbWaiter]=0,[ejbCommitTransactions]=0,[ejbTimedOutTransactions]=0,[ejbRolledBackTransactions]=0,[ejbActivations]=0,[ejbPassivations]=0,[ejbCacheHits]=0,[ejbCacheMisses]=0,[ejbCacheAccesses]=0,[ejbCacheHitRatio]=0

<134>Jan 22 02:12:23 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_APP]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appName]=webservicesJwsSimpleEar,[webAppName]=examplesServer_/jws_basic_simple,[webContextRoot]=/jws_basic_simple,[activeSessions]=0,[activeSessionsPeak]=0,[activeSessionTotal]=0,[numServlet]=4,[singleThreadedServletPool]=5