Access Management 7.2.2

JMX monitoring

You can configure AM to let you listen for Java Management eXtension (JMX) clients, by default on port 9999. Either use the AM console page under Configure > Global Services > Monitoring and make sure both Monitoring Status and Monitoring RMI interface status are enabled, or use the ssoadm command:

$ ssoadm \
set-attr-defs \
--servicename iPlanetAMMonitoringService \
--schematype Global \
--adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
--password-file /tmp/pwd.txt \
--attributevalues iplanet-am-monitoring-enabled=true \
iplanet-am-monitoring-rmi-enabled=true

A number of tools support JMX, including jvisualvm and jconsole. When you use jconsole to browse AM MBeans for example, the default URL for the AM running on the local system is service:jmx:rmi:///jndi/rmi://localhost:9999/server.

$ jconsole service:jmx:rmi:///jndi/rmi://localhost:9999/server &

To browse MBeans, connect to your web application container, and go to the AM MBeans. By default, JMX monitoring for the container is likely to be accessible only locally, using the process ID.

You can monitor an instance over JMX.
Figure 1. JConsole browsing MBeans

Also see Monitoring and Management Using JMX for instructions on how to connect remotely, how to use SSL, and so on.

JMX has a limitation in that some Operations and CTS tables cannot be properly serialized from AM to JMX. As a result, only a portion of AM’s monitoring information is available through JMX.

ForgeRock recommends using Prometheus, Graphite, or Common REST monitoring.

For monitoring metrics reference, see Monitoring metrics.