FortiSIEM Oracle WebLogic Configuration

Leave a reply

Oracle WebLogic Configuration

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
JMX   Generic information: Application version, Application port, SSL listen port, Listen port enabled flag, SSL listen port enabled

Availability metrics: Uptime, Application Server State

Memory metrics: Total memory, Free memory, Used memory, Memory utilization, Heap utilization, Heap used memory, Heap max memory,  Heap commit memory, Total nursery memory

Servlet metrics: Application name, App server instance, Web application name, Web context name, Servlet name, Invocation count, Servlet execution time

Database pool metrics: Application name, App server instance, Data source, Active connection count, Connection limit, Leaked connections, Reserve requests, Requests wait for connections

Thread pool metrics: App server instance, Completed requests, Execute threads, Pending requests, Standby threads, Total threads

EJB metrics: EJB component name, EJB state, EJB idle beans, EJB used beans, EJB pooled beans, EJB Waiter threads, EJB committed Transactions, EJB timedout transactions, EJB rolledback transactions, EJB activations, EJB Passivations, EJB cache hits, EJB cache misses, EJB cache accesses, EJB cache hit ratio

Application level metrics: Application name, App server instance, Web application name, Web context root, Peak active sessions, Current active sessions, Total active sessions, Servlet count, Single threaded servlet pool count,

 Performance

Monitoring

 

Event Types

In CMDB > Event Types, search for “WebLogic in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In Analytics > Reports, search for “WebLogic” in the Name column to see the reports associated with this application or device.

Configuration

JMX

Enable and Configure Internet Inter-ORB Protocol (IIOP)

  1. Log into the administration console of your WebLogic application server.
  2. In the Change Center of the administration console, click Lock & Edit.
  3. In the left-hand navigation, expand Environment and select Servers.
  4. Click the Protocols tab, then select IIOP.
  5. Select Enable IIOP.
  6. Expand the Advanced
  7. For Default IIOP Username and Default IIOP Password, enter the username and password that you will use as the access credentials when configuring AccelOps to communicate with your application server.

Enable IIOP Configuration Changes

  1. Go to the Change Center of the administration console.
  2. Click Activate Changes.

You can now configure AccelOps to communicate with your IBM Websphere device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Sample Event for WebLogic Metrics

<134>Jan 22 02:12:20 10.1.2.16 java:

[PH_DEV_MON_WEBLOGIC_GEN]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.1 6,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[a ppVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[appServerState]=RUNNING,[sysUpTime]

=1358476145,[appPort]=7001,[sslListenPort]=7002,[listenPortEnabled]=true

,[sslListenPortEnabled]=true

<134>Jan 22 02:12:20 10.1.2.16 java:

[PH_DEV_MON_WEBLOGIC_MEMORY]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.

2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001

,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967

,[appServerInstance]=examplesServer,[appServerState]=RUNNING,[heapUsedKB ]=153128,[heapCommitKB]=262144,[heapFreeKB]=109015,[heapUtil]=59,[heapMa xKB]=524288,[usedMemKB]=4086224,[freeMemKB]=107624,[memTotalMB]=4095,[me mUtil]=97,[nurserySizeKB]=88324  <134>Jan 22 02:12:22 10.1.2.16 java:

[PH_DEV_MON_WEBLOGIC_SERVLET]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1

.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=700

1,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008

1137967 ,[appServerInstance]=examplesServer,[appName]=consoleapp,[webAppName]=ex amplesServer_/console,[servletName]=/framework/skeletons/wlsconsole/plac eholder.jsp,[webContextRoot]=/console,[invocationCount]=1094,[servletExe cutionTimeMs]=63

<134>Jan 22 02:15:24 10.1.2.16 java:

[PH_DEV_MON_WEBLOGIC_DB_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1

.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=700

1,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008

1137967 ,[appServerInstance]=examplesServer,[appName]=examples-demoXA-2,[dataSou rce]=examples-demoXA-2,[activeConns]=0,[connLimit]=1,[leakedConns]=0,[re serveRequests]=0,[waitForConnReqs]=0  <134>Jan 22 02:12:20 10.1.2.16 java:

[PH_DEV_MON_WEBLOGIC_THREAD_POOL]:[eventSeverity]=PHL_INFO,[destIpAddr]=

10.1.2.16,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]

=7001,[appVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008

1137967 ,[appServerInstance]=examplesServer,[completedRequests]=14066312,[execut eThreads]=7,[pendingRequests]=0,[standbyThreads]=5,[totalThreads]=43  <134>Jan 22 02:12:20 10.1.2.16 java:

[PH_DEV_MON_WEBLOGIC_EJB]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.1 6,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[a ppVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967 ,[appServerInstance]=examplesServer,[ejbComponentName]=ejb30,[ejbIdleBea ns]=0,[ejbUsedBeans]=0,[ejbPooledBeans]=0,[ejbWaiter]=0,[ejbCommitTransa ctions]=0,[ejbTimedOutTransactions]=0,[ejbRolledBackTransactions]=0,[ejb Activations]=0,[ejbPassivations]=0,[ejbCacheHits]=0,[ejbCacheMisses]=0,[ ejbCacheAccesses]=0,[ejbCacheHitRatio]=0

<134>Jan 22 02:12:23 10.1.2.16 java:

[PH_DEV_MON_WEBLOGIC_APP]:[eventSeverity]=PHL_INFO,[destIpAddr]=10.1.2.1 6,[hostIpAddr]=10.1.2.16,[hostName]=SH-WIN08R2-JMX,[destDevPort]=7001,[a ppVersion]=WebLogic Server 10.3  Fri Jul 25 16:30:05 EDT 2008 1137967

,[appServerInstance]=examplesServer,[appName]=webservicesJwsSimpleEar,[w ebAppName]=examplesServer_/jws_basic_simple,[webContextRoot]=/jws_basic_ simple,[activeSessions]=0,[activeSessionsPeak]=0,[activeSessionTotal]=0,

[numServlet]=4,[singleThreadedServletPool]=5

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.