VISUALVM Connecting remote Java processes

Source: Internet
Author: User
Tags visualvm

JSTATD is an RMI (Remove Method invocation) server application that monitors the creation and termination of the JVM, and provides an interface for monitoring tools such as VISUALVM to remotely connect to the native JVMs. Note that this is JVMs, which means that after running the JSTATD command, you can use the monitoring tool to monitor all Java programs that have been started by this user (the user running the JSTATD command).

JSTATD installation, start-up, connection

The JDK is jstatd by default, for example, the JDK under Mac is installed by default in the/library/java/javavirtualmachines/version number directory.

The startup mode is as follows:

1. Create a new file on the server, named Jstatd.all.policy content:

Grant CodeBase "file:${java.home}/. /lib/tools.jar "{
Permission java.security.AllPermission;
};

2. Start the JSTATD on the remote host and do not close it.

Execute the following command on the server under the directory where the Jstatd.all.policy is located
Where/USR/LOCAL/JAVA/BIN/JSTATD is the path of JSTATD, which is ${java_home}/bin/jstatd

/usr/local/java/bin/jstatd-j-djava.security.policy=jstatd.all.policy

To specify a port, you can use the following command:

jstatd -J-Djava.security.policy=jstatd.policy -p 1099

3, VisualVM in the connection

When the client deploys the JSTATD server IP with the VISUALVM connection, the following is displayed:

Reference: http://comeonbabye.iteye.com/blog/1463133

After adding the host, we also need to add the JMX connection and the JSTATD connection.

JSTATD's security issues

The JSTATD service can only monitor the JVM with the appropriate local access rights, so the jstatd process and the monitored JVM must be running in the same user right. However, there are special user rights, such as the Unix-based (TM) system root user, which has access to the resources of all the JVMs in the system, and if the JSTATD process is running in this privilege, it can monitor all the JVMs in the system, but this also poses additional security issues.

The JSTATD service does not perform any validation on the client, so the JVMs of the JSTATD service is running, and any user on the network has access, which is not what we want, so the local security policy must be considered before starting the jstatd. Especially in a production environment or in an insecure network environment.

If no other security manager is installed, the JSTATD service installs an instance of Rmisecuritypolicy, so you need to specify in a security policy file that the policy file must conform to the policy file syntax that is enforced by the default policy.

The following example policy will allow the JSTATD service to have full access to the JVM:

Grant CodeBase "file:${java.home}/. /lib/tools.jar "{
Permission java.security.AllPermission;
};

Note: The java.home in this strategy, and java_home is not a concept, do not make a mistake, here Java.home refers to the path of the JRE, this is the Java System Properties, do not need to be specified manually, usually this JDK under the JRE path, that can be considered ${ Java.home} and ${java_home}/jre are equivalent, if you want to see the value of this variable, you can find a running JAVA application, found its PID, and then the following Jinfo command to view the value of the Java.home can be viewed:

Jinfo ${pid}|grep Java.home

Reference:

http://blog.csdn.net/fenglibing/article/details/17323515

http://bijian1013.iteye.com/blog/2221434

JMX Connection

JSTATD remote monitoring, CPU monitoring I can not see here, this time to use the connection of JMX.

JMX Configuration

The remote machine program needs to add the JVM parameters

-dcom.sun.management.jmxremote=true
-dcom.sun.management.jmxremote.port=9090
-dcom.sun.management.jmxremote.ssl=false
-dcom.sun.management.jmxremote.authenticate=false

Note: Another need to check to hostname –i see if the resolution is a local IP, if 127.0.0.1 or IP is one of multiple IPs, then the other IP is invalid, will not connect.

You can also specify the hostname or IP address manually using the following parameters

-Djava.rmi.server.hostname=192.168.0.1

You can then use "Add JMX Connection" in the menu to connect to the remote address.

In Tomcat, for example, we need to modify the catalina.sh file.
Add the text above the line below.
    1. #-----Execute The requested Command-----------------------------------------
Text to add:

Java_opts= "-djava.rmi.server.hostname=10.12.49.64
-dcom.sun.management.jmxremote
-dcom.sun.management.jmxremote.port=8081
-dcom.sun.management.jmxremote.ssl=false
-dcom.sun.management.jmxremote.authenticate=false $JAVA _opts "
Export java_opts

Note: The IP of the first line is the IP of the server where Tomcat is located, the port on the third line is the port used by JMX to ensure that the port is not occupied; (don't start with the first line, I don't have the first line when I first configure it, JMX is not connected)

Start Tomcat,netstat-aux See if the 8080,8081 port is listening, if it is listening, the configuration is successful, and then in VISUALVM remote Select IP, right-click, add "JMX connection", successful connection succeeded

Reference: http://abc08010051.iteye.com/blog/2162970

Reference:
Http://www.360doc.com/content/11/1010/09/7656248_154804096.shtml


VISUALVM Connecting remote Java processes

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.