jvisualvm – Java Virtual Machine Monitoring, Troubleshooting, and Profiling Tool

jvisualvm – Java VisualVM is an intuitive graphical user interface that provides detailed information about Java technology-based applications (Java applications) while they are running on a given Java Virtual Machine (JVM*). The name Java VisualVM comes from the fact that Java VisualVM provides information about the JVM software visually.

Usage:-

– Java VisualVM is useful to Java application developers to troubleshoot applications and to monitor and improve the applications’ performance.

– Java VisualVM can allow developers to generate and analyse heap dumps, track down memory leaks, perform and monitor garbage collection, and perform lightweight memory and CPU profiling.

– Plug-ins also exist that expand the functionality of Java VisualVM. For example, most of the functionality of the JConsole tool is available via the MBeans Tab and JConsole Plug-in Wrapper plug-ins.

You can choose from a catalog of standard Java VisualVM plug-ins by selecting ‘Tools’ | ‘Plugins’ in the Java VisualVM menus.

Start Java VisualVM with the following command:

#  jvisualvm <options>

Ref: http://java.sun.com/javase/6/docs/technotes/tools/share/jvisualvm.html

King Of Open Source Monitoring: OpenNMS .. loving it !!

** OpenNMS as an enterprise n/w management framework **
Definition from dictionary:-
The OpenNMS platform is an award-winning, enterprise-grade network management
application platform built on a true open source model with zero licensing cost.
Together, the OpenNMS solution delivers performance, scalability, flexibility and total
cost of ownership that are consistently better than equivalent systems from HP, IBM
and other “premium” vendors.
The International Telecommunication Union (ITU) published the Telecommunications
Management Network (TMN) model as a design for carriers to manage service delivery.
TMN is a model for managing “Open Systems” within a telecommunications network
and defines four logical layers: Business Management (BM), Service Management (SM),
Network Management (NM), and Element Management (EM). FCAPS is an acronym for
a model that further defines NM using the terms:
• Fault Management (FM)
• Configuration Management (CM)
• Accounting (A)
• Performance Management (PM)
• Security (S).
OpenNMS has comprehensive FM and PM:-
Faults in OpenNMS are detected via three distinct and separate mechanisms: service
polling, receipt of unsolicited messages (typically SNMP traps), and thresholds evaluated
against performance data. OpenNMS also provides extremely comprehensive PM via
several mechanisms that are based on a robust data gathering API called the Service
Collector Interface. Current implementations of the Service Collector, SNMP, JMX, HTTP,
and NSClient, gather data that can then be utilized in performance graphs, thresholds,
and TopN analysis.
The remaining components of the FCAPS model: CM, A, and S, are each addressed, to
some degree, within OpenNMS – not implemented as comprehensively as defined in the
model.

Ref : http://www.opennms.org/wiki/Main_Page

Why I choose OpenNMS not any other Monitoring Solution?
There are many reasons / advantages I found in OpenNMS during POC and
experimentation (or what people call Time pass) with many of available monitoring
solutions – some of the reasons are:-
– Open Source Project – Active Development going on
– SNMP Based (Almost like agent-less monitoring) – Light-weight
– Auto-Discovery of nodes and services
– Flexible (Have diff pollers to adapt for almost any need)
– Customizable / Configuration with XMLs
– Integration with Other Tools
Like:-
# Integration with RT and OTRS – Ticketing System
# Integration with Hyperic HQ (Agent based monitoring solution)

Comments are welcome !!

Centralized Logging using Syslog-NG & Splunk indexing / search

syslog-ng is an open source implementation of the Syslog protocol for UNIX and UNIX-like systems. It extends the original syslogd model with content-based filtering, rich filtering capabilities, flexible configuration options and adds important features to syslog, like using TCP for transport.

UDP port 514 & therefore limited to 1024bytes

• FIFO Buffers (First In First Out)
• Rolling View of Logs
• Type of Named Pipe

Installing Syslog-ng
———————

– rpm -ivh http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.2/setups/rhel-5-amd64/syslog-ng-3.0.2-1.rhel5.amd64.rpm
Note: Syslog-NG will remove klogd (no probs)
– cd /opt/syslog-ng/etc/

– vi syslog-ng.conf  and copy the below config (modify according to your needs)

@version: 3.0
#Default configuration file for syslog-ng.
#
# For a description of syslog-ng configuration file directives, please read
# the syslog-ng Administrator’s guide at:
#
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
#

# Global config
options {
chain_hostnames(0);
time_reopen(10);
time_reap(360);
log_fifo_size(2048);
create_dirs(yes);
perm(0640);
dir_perm(0755);
use_dns(no);
stats_freq(0);
};

######
# sources
source s_all {
# message generated by Syslog-NG
internal();
udp(ip(0.0.0.0) port(514));
# standard Linux log source (this is the default place for the syslog()
# function to send logs to)
unix-stream(“/dev/log”);
# messages from the kernel
file(“/proc/kmsg” program_override(“kernel: “));
};

#Define filters
filter f_cisco_pix {
host(IP.OF.PIX.DEVICE);
};

# general filter
filter f_not_others {
not host(IP.OF.PIX.DEVICE)
and not program(MSWinEventLog);
};

# Destinations (FIFO Buffers)
destination d_cisco {
pipe(“/var/log/buffers/cisco”);
};

# general FIFO
destination d_gen_fifo {
pipe(“/var/log/buffers/syslog”);
};

# Archive
destination d_all {
file(“/var/log/arch/$MONTH$DAY$YEAR”);
};

# cisco log

log {
source(s_all);
filter(f_cisco_pix);
destination(d_cisco);
};

# general log
log {
source(s_all);
filter(f_not_others);
destination(d_gen_fifo);
};

# archive log
log {
source(s_all);
destination(d_all);
};

———————

then few more steps

• Creating the directory structure

# mkdir /var/log/arch
# mkdir /var/log/buffers

• Making the FIFO buffers
# mkfifo /var/log/buffers/cisco
# mkfifo /var/log/buffers/syslog

then restart syslog-ng server
# /etc/init.d/syslog-ng restart

Check your FIFO Buffers & Logfiles (/var/log/arch/*)
# cat /var/log/buffers/syslog

Client side:

rpm -ivh http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.2/setups/rhel-5-amd64/syslog-ng-client-3.0.2-1.rhel5.amd64.rpm

vi /opt/syslog-ng/etc/syslog-ng.conf

copy following client config

@version: 3.0
#Default configuration file for syslog-ng.
#
# For a description of syslog-ng configuration file directives, please read
# the syslog-ng Administrator’s guide at:
#
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
#

options {
};

######
# sources
source s_local {
# message generated by Syslog-NG
udp(ip(127.0.0.1) port(514));
internal();
# standard Linux log source (this is the default place for the syslog()
# function to send logs to)
unix-stream(“/dev/log”);
# messages from the kernel
file(“/proc/kmsg” program_override(“kernel: “));

};

######
# destinations
destination d_messages { file(“/var/log/messages”); };

filter notdebug { level(info…emerg); };
destination loghost { udp(“your syslog-ng server IP” port(514)); };

log {
source(s_local);
filter(notdebug);
destination(loghost);
destination(d_messages);
};

————————–
or Use the syslog service!
• *.* @Syslog Server

How are we gonna view this data?
Ans: Splunk

splunk> Splunk is a monitoring and reporting tool for IT system administrators with search capabilities. It consolidates logs, metrics, and other data from applications, servers and network devices into a searchable repository and can generate graphs, SQL reports, and alerts. It is intended to assist system administrators in the identification of patterns and the diagnosis of problems. Log files can be correlated across systems and software components which can help administrators uncover the cause analysis of system failures.

wget ‘http://www.splunk.com/index.php/download_track?file=3.4.10/linux/splunk-3.4.10-60883-linux-2.6-x86_64.rpm&ac=&wget=true&name=wget&typed=releases’

rpm -ivh splunk-3.4.10-60883-linux-2.6-x86_64.rpm

/opt/splunk/bin/splunk start