Apache Tomcat
- What is Discovered and Monitored
- Event Types
- Reports
- Configuration
- Settings for Access Credentials
- Sample Event for Tomcat Metrics
What is Discovered and Monitored
| Protocol | Information discovered | Metrics collected | Used for |
|---|---|---|---|
| JMX |
Generic information: Application version, Application port Availability metrics: Uptime, Application Server State CPU metrics: CPU utilization Memory metrics: Total memory, Free memory, Memory utilization, Virtual committed memory, Total Swap Memory, Free Swap Memory, Swap memory utilization, Heap Utilization, Heap Used Memory, Heap max memory, Heap commit memory, Non-heap Utilization, Non-heap used memory, Non-heap max memory, Non-heap commit memory Servlet metrics: Web application name, Servlet Name, Count allocated, Total requests, Request errors, Load time, Avg Request Processing time Session metrics: Web context path, Peak active sessions, Current active sessions, Duplicate sessions, Expired sessions, Rejected sessions, Average session lifetime, Peak session lifetime, Session processing time, Session create rate, Session expire rate, Process expire frequency, Max session limited, Max inactive Interval |
Performance Monitoring | |
| JMX |
Database metrics: Web context path, Data source, Database driver, Peak active sessions, Current active sessions, Peak idle sessions, Current idle sessions Thread pool metrics: Thread pool name, Application port, Total threads, Busy threads, Keep alive threads, Max threads, Thread priority, Thread pool daemon flag Request processor metrics: Request processor name, Received Bytes, Sent Bytes, Average Request Process time, Max Request Processing time, Request Rate, Request Errors |
Performance Monitoring |
Event Types
In ADMIN > Device Support > Event Types, search for "tomcat" to see the event types associated with this device.
Reports
In RESOURCES > Reports, search for "tomcat" in the main content panel Search... field to see the reports associated with this application or device.
Configuration
JMX
Add the necessary parameters to the Tomcat startup script.
Windows
Modify the file ${CATALINA_BASE}\bin\catalina.bat by adding these
arguments for JVM before the comment:
rem ----Execute The Requested Command ------
JMX Configuration for Windows
set JAVA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${Your
JMX Port} \ -Dcom.sun.management.jmxremote.authenticate=true \ -
Dcom.sun.management.jmxremote.ssl=false \ -
Dcom.sun.management.jmxremote.access.file=jmxremote.access \ -
Dcom.sun.management.jmxremote.password.file=jmxremote.password \
Linux
Modify the file ${CATALINA_BASE}/bin/catalina.sh by adding these arguments for JVM before the comment:
# ----Execute The Requested Command ------
JMX Configuration for Linux
JAVA_OPTS=" $ JAVA_OPTS -Dcom.sun.management.jmxremote \ -
Dcom.sun.management.jmxremote.port=${ Your JMX Port} \ -
Dcom.sun.management.jmxremote.authenticate=true \ -Dcom.sun.management.jmxremote.ssl=false
\ -Dcom.sun.management.jmxremote.access.file=jmxremote.access \ -
Dcom.sun.management.jmxremote.password.file=jmxremote.password" \
- Edit the access authorization file
jmxremote.access.monitorRole readonly controlRole readwrite
- Edit the password file
jmxremote.password.The first column is user name and the second column is password). FortiSIEM only needs monitor access.monitorRole <FortiSIEMUserName>controlRole <userName>
- In Linux, set permissions for the jmxremote.access and jmxremote.password files so that they are read-only and accessible only by the Tomcat operating system user.
chmod 600 jmxremote.access chmod 600 jmxremote.password
You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.
Settings for Access Credentials
Use these Access Method Definition settings to allow FortiSIEM to access your Apache Tomcat application server over JMX:
| Setting | Value |
|---|---|
| Name | Enter a name for the credential. |
| Device Type | Apache Apache Tomcat |
| Access Protocol | JMX |
| Pull Interval (minutes) | 5 |
| Port | 0 |
| User Name | The user you created in step 3 |
| Password | The password you created in step 3 |
Sample Event for Tomcat Metrics
<134>Jan 22 01:57:32 10.1.2.16 java: [PH_DEV_MON_TOMCAT_CPU]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[appServerState]=STARTED,[sysUpTime]=2458304,[cpuUtil]=0 <134>Jan 22 01:57:32 10.1.2.16 java: [PH_DEV_MON_TOMCAT_MEMORY]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[appServerState]=STARTED,[freeMemKB]=116504,[freeSwapMemKB]=2974020,[memTotalMB]=4095,[swapMemTotalMB]=8189,[virtMemCommitKB]=169900,[memUtil]=98,[swapMemUtil]=65,[heapUsedKB]=18099,[heapMaxKB]=932096,[heapCommitKB]=48896,[heapUtil]=37,[nonHeapUsedKB]=22320,[nonHeapMaxKB]=133120,[nonHeapCommitKB]=24512,[nonHeapUtil]=91 <134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_SERVLET]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[webAppName]=//localhost/host-manager,[servletName]=HTMLHostManager,[countAllocated]=0,[totalRequests]=0,[reqErrors]=0,[loadTime]=0,[reqProcessTimeAvg]=0,[maxInstances]=20,[servletState]=STARTED <134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_SESSION]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[webContextPath]=/host-manager,[activeSessionsPeak]=0,[activeSessions]=0,[duplicateSession]=0,[expiredSession]=0,[rejectedSession]=0,[sessionLifetimeAvg]=0,[sessionLifetimePeak]=0,[sessionProcessTimeMs]=0,[sessionCreateRate]=0,[sessionExpireRate]=0,[webAppState]=STARTED,[processExpiresFrequency]=6,[maxSessionLimited]=-1,[maxInactiveInterval]=1800 <134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_DB]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[webContextPath]=/host-manager,[dataSource]="jdbc/postgres1",[dbDriver]=org.postgresql.Driver,[activeSessionsPeak]=20,[activeSessions]=0,[idleSessionsPeak]=10,[idleSessions]=0 <134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_THREAD_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[threadPoolName]=ajp-apr-18009,[appPort]=18009,[totalThreads]=0,[busyThreads]=0,[keepAliveThreads]=0[maxThreads]=200,[threadPriority]=5,[threadPoolIsDaemon]=true <134>Jan 22 01:57:33 10.1.2.16 java: [PH_DEV_MON_TOMCAT_REQUEST_PROCESSOR]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=9218,[appVersion]=Apache Tomcat/7.0.27,[reqProcessorName]="http-apr-18080",[recvBytes]=0,[sentBytes]=62748914,[totalRequests]=4481,[reqProcessTimeAvg]=44107,[reqProcessTimeMax]=516,[reqRate]=0,[reqErrors]=7