needed to monitor tomcat, and specifically tomcat behind a firewall.
The problem here is that JMX uses two ports, one for the RMI registry and another to export JMX RMI connection objects to which a client is expected to connect into.
- However, the second port is random which of course is a pain given we can’t open all ports on the firewall then Zabbix Java Agent can’t connect to the RMI port on the monitored host.
to overcome this we need to use JmxRemoteLifecycleListener and specify the secondary port, which can then be permitted in the firewall.
to make this work, locate the server.xml (eg /etc/tomcat6/server.xml) and add the following line
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002"/>
next on the Tomcat startup script (eg /etc/tomcat6/tomcat6.conf)
if you are on a network where the internal DNS name is different to that of the public, add the following
-Djava.rmi.server.hostname=your.public.dns
this address can be either a hostname or IP address
Big Nose Kates 