Monitoring Identity Manager

Sun Java System Identity Manager has decent JMX capabilities which allows you to

  • check reconciliation status
  • check whether all connected systems (resources) are available
  • monitor the status of the server
  • many, many other things

In order to use these features, you only have to enable JMX (disabled by default) via "Configure > Servers" from the HTTPS admin interface. Additionally, you have to 'enable' JMX at the application server level. For Tomcat, you can add the following to the catalina.sh

JAVA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false
    -Dcom.sun.management.jmxremote.port=9002 
    -Dcom.sun.management.jmxremote.password.file=/System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home/lib/management/management.jmxremote.password 
    -D java.rmi.server.hostname=localhost 
    -Dcom.sun.management.jmxremote.ssl=false"

You can see a bunch of JMX data at e.g. http://localhost:8080/idm/debug/Show_MBeanInfo.jsp. You could also tools like jconsole to set and query JMX attributes.

The big question is "How to integrate IDM into a system monitoring tool?" is quite easy to answer since there is a small Java program called 'jmxquery'. Unfortunately I do not know who the author is but all credits go to her or him. What we want to achieve is that IDM‘s status and the resources health check show in our monitoring tool. E.g. with nagios you'll get the following screen

Picture 2

The basic idea is that Nagios calls an external programm like a (modified) version of jmxquery which able to retrieve and set IDM's JMX objects. Three things are sufficient

  • jmxquery tool
  • a modification of Nagios' command.cfg
  • a modification of Nagios' localhost.cfg

You can find the modified jmxquery as a NetBeans project file here:

IDM-Nagios.zip
Add the following lines to command.cfg

##############################
#
#
# Sample commands for Sun Java System Identity Manager
#
##############################


define command{
        command_name     check-idm-resources
        command_line    /opt/lib/nagios/check_jmx -IDM resources
}

define command{
        command_name     check-idm-server-status
        command_line    /opt/lib/nagios/check_jmx -IDM serverStatus
}

Now modify localhost.cfg by adding
define service{
       use                             local-service         ; Name of service template to use
       host_name                       localhost
        service_description             IDM Status
        check_command                                           check-idm-server-status
        }

define service{
       use                             local-service         ; Name of service template to use
        host_name                       localhost
        service_description             IDM Connected Systems
        check_command                                           check-idm-resources
       }
Of course, this can only be used for demo purposes as there is no security wrt to JMX access.
Comments:

Steffo:

Thanks for the tip. Very helpful.

Can you give details on how to check IDM reconciliation status through JMX? I have not had success with this.

Thanks,
Gerald

Posted by Gerald Boersma on November 09, 2007 at 03:15 PM CET #

jmxquery is the munin plugin by Ben Burry. For more information, look here:

http://muninexchange.projects.linpro.no/?search=&cid=0&os%5B4%5D=on&os%5B7%5D=on&os%5B3%5D=on&os%5B2%5D=on&os%5B5%5D=on&os%5B8%5D=on&os%5B1%5D=on&os%5B6%5D=on&pid=29

Posted by Karl H. Beckers on November 10, 2007 at 12:27 PM CET #

see where to i need to write in catilina.bat because i made this chandge,but jconsole is not connection ,i cant able to see arguments in the jconsole

Posted by bhaskar reddy on January 08, 2009 at 12:12 AM CET #

Post a Comment:
  • HTML Syntax: NOT allowed
About

steffo

Search

Top Tags
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today