Enabling JMX on Tomcat
Enabling JMX without Authentication
JMX is enabled by setting some Java properties in the command used to start an application. You will need to set the CATALINA_OPTS environment variable so the correct properties get set for to Tomcat when it starts. Furthermore, the properties you set will determine if application can access the JMX interface remotely and if they need to authenticate. This section describes how to setup JMX so that applications can access the interface remotely without authenticating. Authentication should be used in production environments, this configuration should only be used for testing. The following commands show how to set the CATALINA_OPTS environment variable so that clients can connect to TCP port 8999 of the host localhost without any authentication:
For Windows:
. set CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djava.rmi.server.hostname=localhost"; .
For Linux:
. $ CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djava.rmi.server.hostname=localhost"; $ export CATALINA_OPTS; .
The values in bold should be set to values appropriate for your system. The property com.sun.management.jmxremote indicates that JMX should be activated. The property com.sun.management.jmxremote.port indicates that remote access is allowed and it should occur on the given port (in the example 8999). The next two properties, com.sun.management.jmxremote.ssl=false and com.sun.management.jmxremote.authenticate=false disable SSL and authentication respectively. The final property java.rmi.server.hostname indicates the name of the host on which tomcat is running (NOTE: The JMX documentation did not say this was required but I found that attempting remote access returned ‘Connection failed’ when this property was not set). After setting CATALINA_OPTS you need to restart Tomcat:
$ CATALINA_HOME/bin/shutdown.sh
$ CATALINA_HOME/bin/startup.sh
After the restart JMX is running and you may test it by following the instructions in the section titled Using JConsole to Monitor Tomcat.
Enabling JMX with Password Authentication
You should enable some type of authentication if you are going to run JMX on Tomcat in a non-testing environment. Simple password authentication is probably the easiest to setup. You may want to setup client SSL authentication instead but instructions for that are left to the Sun documentation. The first thing you need to do is create a password file with the user accounts that can access the monitoring information. I created a file called $CATALINA_HOME/conf/jmxremote.password but it can be located anywhere on the filesystem. The file takes the form of a username and a password separated by a space on each line. An example is below:
user passwd
admin password
The file above create two users, oscars and admin. The “oscars” account has a password “oscars” and the admin account has the password “password”. The next step is to assign permissions to each account. This is done in another text file that I named $CATALINA_HOME/conf/jmxremote.access. An example of that file is below:
user readonly
admin readwrite
See the Sun documentation for more information on what the readonly and readwrite permissions means. After creating these two file you need to set the file permissions such that only the owner can read them. An example of the commands to do this are as follows:
$ chmod 600 $CATALINA_HOME/conf/jmxremote.password
$ chmod 600 $CATALINA_HOME/conf/jmxremote.access
The final step is to add properties to CATALINA_OPTS that initialize JMX and point to the given files. An example of the commands needed to do this are as follows:
. set CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Djava.rmi.server.hostname=localhost -Dcom.sun.management.jmxremote.password.file=$CATALINA_HOME/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=$CATALINA_HOME/conf/jmxremote.access"; .
For Linux:
. $ CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Djava.rmi.server.hostname=localhost -Dcom.sun.management.jmxremote.password.file=$CATALINA_HOME/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=$CATALINA_HOME/conf/jmxremote.access"; $ export CATALINA_OPTS; .
The values in bold should be set to values appropriate for your system. The property com.sun.management.jmxremote indicates that JMX should be activated. The property com.sun.management.jmxremote.port indicates that remote access is allowed and it should occur on the given port (in the example 8999). The next two properties, com.sun.management.jmxremote.ssl=false and com.sun.management.jmxremote.authenticate=false disable SSL and enable authentication respectively. The next property java.rmi.server.hostname indicates the name of the host on which tomcat is running (NOTE: The JMX documentation did not say this was required but I found that attempting remote access returned ‘Connection failed’ when this property was not set). The last two parameters, com.sun.management.jmxremote.password.file and com.sun.management.jmxremote.password.access, point to your password and access files, respectively. After setting CATALINA_OPTS restart Tomcat and you are ready to test JMX. See the section Using JConsole to Monitor Tomcat for information on how to test.
Using JConsole to Monitor Tomcat
JConsole is a GUI application designed for monitoring Java applications. It acts as a client to the JMX interface and can monitory statistics locally or remotely. JConsole comes preinstalled on many systems that have Java (i.e. Mac OS X). If you don’t have it then you can get it from the latest JDK download here. Basic instructions for running JConsole are below:
1. Open a command-line window (on Mac OS X go to /Applications/Utilities/Terminal).
2. Enter the command jconsole
| 3. A window will load. What the window displays will depend on whether you are running jconsole on the same machine as you are running Tomcat. If you are running it on the same machine as Tomcat you should see an option to select the Tomcat server in the local tab and should proceed to step 4a. If this is the case your window will look similar to the following: |  |
| If you are running Tomcat on a remote machine then you will see a blank box and should proceed to step 4b. If this is the case your window will look similar to the following: |  |
4a. You should be at this step if you want to connect to a Tomcat server running on the same machine as jconsole. To connect to the server select the item listed and click “Connect”.
| 4b. You should be at this step if Tomcat is running on a machine remote from jconsole. Click on the Remote tab. Enter the hostname to which you’d like to connct and the port on which JMX is listening (these were both specified when configuring Tomcat to use JMX with the java.rmi.server.hostname and com.sun.management.jmxremote.port properties). If authentication is enabled for JMX enter a username and password, otherwise leave those fields blank. When the fields are filled-in click “Connect”. |  |
5. You should connect to the server and see some summary statistics. Navigate the tabs to view the set of information offered. Some screenshots are shown below:
 |
 |
 |
 |
 |
 |
Original post from: https://wiki.internet2.edu/confluence/display/CPD/Monitoring+Tomcat+with+JMX