tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From C├ędric Couralet <>
Subject Re: JMX with Listener
Date Tue, 11 Dec 2012 18:08:55 GMT
> Okay.
>> Now for my problems or questions: - Apparently, the Jmx listener
>> listens on (confirmed by a netstat) on the two ports
>> configured for the listener, is it normal ? I thought that
>> useLocalPorts would restrain the listening only to
> useLocalePorts /should/ force (actually "localhost"...
> whatever that resolves to on your server). Can you confirm that you
> are editing the correct server.xml? If you edit it in one place and
> then deploy it, please make sure you have the latest version installed
> under CATALINA_BASE/conf.

So it should force, ok !

>> - with jvisualvm i am able to connect through jmx with the url
>> service:jmx:rmi://localhost:10002/jndi/rmi://localhost:10001/jmxrmi
> without entering the credentials (nagios:nagios).
>> I thought that by entering
>>, even read access
>> would be restricted.
> I think you need to double-check that you are actually using the
> configuration you think you are.

I think too now :) i'll double check it.

Is there a way to dump the jmx configuration in the jvm?
It happens on all the tomcat in use (a lot) and i'm quite sure I am
not mistaken the server.xml for every one of them.

One question, though, in the tomcat doc (for 6.0.x) for the
JMXRemoteListener, the configuration is :$CATALINA_BASE/conf/jmxremote.password$CATALINA_BASE/conf/jmxremote.access

while mine is${CATALINA_BASE}/conf/jmxremote.password
(notice the {} ).

is it my mistake?

> Another note: using traditional JMX with Nagios is going to suck. You
> are probably going to make, say, 5 connections to your server every
> minute to check on things like heap size, request-time, etc. Each of
> those connections requires a complete JMX connection which is not
> cheap to make -- especially if the client is running on the same
> server. That's 5 JVMs, 5 JMX connections, etc. every minute (or 5 or
> whatever).

We don't really use nagios as is. We use check_MK, an agent installed
on the  host for which i developped a plug in to get only the
informations I want, with one connection to JMX (thus my need to
restrict to localhost).

> If you just want to make some quick checks, consider looking at the
> JMXProxyServlet which is provided by the manager webapp. I believe it
> will be a much lighter-weight solution (and does not require all of
> this crazy setup to configure JMX authentication, etc.).

Some ancient rules force us to disactivate the manager webapp (those
rules originated from some vulnerabilities with the manager webapp I
believe), but i'm trying to get it back with the appropriate security,
evebn if only to ease deployments :).

Thanks for the help !

> - -chris
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools -
> Comment: Using GnuPG with undefined -
> pmMAn0J1tFmswgyMAd4AXQBKyfNTMb1u
> =BzhT
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message