Oracle WebLogic
Supported Added: FortiSIEM 4.7.2
Last Modification: FortiSIEM 6.7.0
Vendor Version Tested: Oracle WebLogic 12c
Vendor: Oracle
Product Information: https://www.oracle.com/java/weblogic/
- What is Discovered and Monitored
- Event Types
- Reports
- WebLogic Configuration
- Create WebLogic Credential in FortiSIEM
- Sample Event for WebLogic Metrics
What is Discovered and Monitored
Protocol |
Information discovered |
Metrics collected |
Used for |
---|---|---|---|
JMX |
Generic information: Application version, Application port, SSL listen port, Listen port enabled flag, SSL listen port enabled Availability metrics: Uptime, Application Server State Memory metrics: Total memory, Free memory, Used memory, Memory utilization, Heap utilization, Heap used memory, Heap max memory, Heap commit memory, Total nursery memory Servlet metrics: Application name, App server instance, Web application name, Web context name, Servlet name, Invocation count, Servlet execution time Database pool metrics: Application name, App server instance, Data source, Active connection count, Connection limit, Leaked connections, Reserve requests, Requests wait for connections Thread pool metrics: App server instance, Completed requests, Execute threads, Pending requests, Standby threads, Total threads EJB metrics: EJB component name, EJB state, EJB idle beans, EJB used beans, EJB pooled beans, EJB Waiter threads, EJB committed Transactions, EJB timedout transactions, EJB rolledback transactions, EJB activations, EJB Passivations, EJB cache hits, EJB cache misses, EJB cache accesses, EJB cache hit ratio Application level metrics: Application name, App server instance, Web application name, Web context root, Peak active sessions, Current active sessions, Total active sessions, Servlet count, Single threaded servlet pool count, |
Performance Monitoring |
Event Types
In ADMIN > Device Support > Event Types, search for "WebLogic" to see the event types associated with this device.
Reports
In RESOURCES > Reports, search for "WebLogic" in the main content panel Search... field to see the reports associated with this application or device.
WebLogic Configuration
Enable IIOP
To configure Oracle WebLogic for FortiSIEM, take the following steps.
-
Login to the WebLogic 12c administrative console.
-
In the upper left pane labeled Change Center, take the following steps.
-
If a Lock & Edit button appears, click it.
If no Lock & Edit button is visible, proceed to the next step.
-
-
Go to the Domain Structure pane, and expand Environment > Servers.
-
On the right pane, click on the server that you want to monitor by clicking its name.
-
Click on the Protocols tab.
-
Click the IIOP sub-tab.
-
Enable IIOP by clicking on the Enable IIOP checkbox.
-
Click Save.
-
Push the configuration change by taking one of the following steps.
-
If Lock & Edit was performed in step 2a, under Change Center, click Activate Changes.
-
If the Lock & Edit button was not present in step 2a, Oracle WebLogic will request a restart for changes to take effect.
-
You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.
Create a WebLogic User for FortiSIEM
To add an Oracle WebLogic user, take the following steps.
-
Go to the Domain Structure pane, and expand Security Realms.
-
On the right pane, click on myrealm.
-
Select user and groups.
-
Under user, click New.
-
Configure the following fields:
-
In the Name field, enter the user's name.
-
From the Provider drop-down list, leave it as DefaultAuthenticator.
-
In the Password field, enter the user's password.
-
In the Confirm Password field, re-enter the user's password.
-
Click OK.
-
-
Click on the newly created user.
-
Go to the Groups tab.
-
Choose Operators, so it appears in the Chosen window.
-
Click Save.
Create WebLogic Credential in FortiSIEM
Use these Access Method Definition settings to allow FortiSIEM to access your Oracle WebLogic application server over JMX.
The port for JMX is the same as the web console, and the default value is 7001.
Setting | Value |
---|---|
Name | weblogic |
Device Type | Oracle WebLogic App Server |
Access Protocol | JMX |
Pull Interval (minutes) | 5 |
Port | 7001 |
User Name | WebLogic user created in Create a WebLogic User for FortiSIEM. |
WebLogic user password created in previous step | WebLogic user password created in Create a WebLogic User for FortiSIEM. |
Sample Event for WebLogic Metrics
<134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_GEN]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appServerState]=RUNNING,[sysUpTime]=1358476145,[appPort]=7001,[sslListenPort]=7002,[listenPortEnabled]=true,[sslListenPortEnabled]=true <134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_MEMORY]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appServerState]=RUNNING,[heapUsedKB]=153128,[heapCommitKB]=262144,[heapFreeKB]=109015,[heapUtil]=59,[heapMaxKB]=524288,[usedMemKB]=4086224,[freeMemKB]=107624,[memTotalMB]=4095,[memUtil]=97,[nurserySizeKB]=88324 <134>Jan 22 02:12:22 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_SERVLET]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appName]=consoleapp,[webAppName]=examplesServer_/console,[servletName]=/framework/skeletons/wlsconsole/placeholder.jsp,[webContextRoot]=/console,[invocationCount]=1094,[servletExecutionTimeMs]=63 <134>Jan 22 02:15:24 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_DB_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appName]=examples-demoXA-2,[dataSource]=examples-demoXA-2,[activeConns]=0,[connLimit]=1,[leakedConns]=0,[reserveRequests]=0,[waitForConnReqs]=0 <134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_THREAD_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[completedRequests]=14066312,[executeThreads]=7,[pendingRequests]=0,[standbyThreads]=5,[totalThreads]=43 <134>Jan 22 02:12:20 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_EJB]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[ejbComponentName]=ejb30,[ejbIdleBeans]=0,[ejbUsedBeans]=0,[ejbPooledBeans]=0,[ejbWaiter]=0,[ejbCommitTransactions]=0,[ejbTimedOutTransactions]=0,[ejbRolledBackTransactions]=0,[ejbActivations]=0,[ejbPassivations]=0,[ejbCacheHits]=0,[ejbCacheMisses]=0,[ejbCacheAccesses]=0,[ejbCacheHitRatio]=0 <134>Jan 22 02:12:23 10.1.2.16 java: [PH_DEV_MON_WEBLOGIC_APP]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[appVersion]=WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appName]=webservicesJwsSimpleEar,[webAppName]=examplesServer_/jws_basic_simple,[webContextRoot]=/jws_basic_simple,[activeSessions]=0,[activeSessionsPeak]=0,[activeSessionTotal]=0,[numServlet]=4,[singleThreadedServletPool]=5