Custom JMX Monitor for IBM Websphere

• Planning
• Adding New IBM WebSphere Performance Objects
• Associating Device Types to Performance Objects
• Testing the Performance Monitor
• Enabling the Performance Monitor
• Writing Queries for the Performance Metrics

This example illustrates how to write a custom performance monitor for retrieving IBM Websphere thread, heap memory, and non-heap memory metrics.

Planning

Creating New Device Types, Event Attribute Types, and Event Types

In this case, the IBM Websphere device type is already supported by FortiSIEM, but you need to create new event attributes and event types for the metrics you want to retrieve.

Event Attribute Types

Name	Display Name	Value Type	Display Format Type
websphere_heapPCT	WebSphere HeapPct	INT64
websphere_numThreads	WebSphere NumThreads	INT64
websphere_maxThreads	WebSphere MaxThreads	INT64
websphere_threadPct	WebSphere ThreadPct	INT64
websphere_numClass	WebSphere NumClass	INT64
websphere_heapUsed	WebSphere HeapUsed	INT64	Bytes
websphere_heapMax	WebSphere HeapMax	INT64	Bytes
websphere_heapCommitted	WebSphere HeapCommitted	INT64	Bytes
websphere_nonHeapUsed	WebSphere NonHeapUsed	INT64	Bytes
websphere_nonHeapMax	WebSphere NonHeapMax	INT64	Bytes
websphere_nonHeapCommitted	WebSphere NonHeapCommitted	INT64	Bytes

Event Types

Naming Custom Event Types: All custom event types must begin with the prefix P H_DEV_MON_CUST_ .

Name	Device Type	Severity
PH_DEV_MON_CUST_WEBSPHERE_HEAPMEMORY	IBM WebSphere App Server	Low
PH_DEV_MON_CUST_WEBSPHERE_NON_HEAPMEMORY	IBM WebSphere App Server	Low
PH_DEV_MON_CUST_WEBSPHERE_THREAD	IBM WebSphere App Server	Low

Adding New IBM WebSphere Performance Objects

Each of the event types requires creating a performance object for monitoring. 

Performance Object Configuration for Event Type  PH_DEV_MON_CUST_WEBSPHERE_HEAPMEMORY

Field	Setting
Name	websphere_heapMemory_perfObj
Type	Application
Method	JMX
MBean	java.lang:type=Memory
List of Attributes	Object Attribute Private Key Name Format Event Attribute HeapMemoryUsage committed committed Long websphere_heapCommitted HeapMemoryUsage used used Long websphere_heapUsed HeapMemoryUsage max max Long websphere_heapMax Long websphere_heapPCT
Event Type	PH_DEV_MON_CUST_WEBSPHERE_HEAPMEMORY
Polling Frequency	180 seconds

Performance Object Configuration for Event Type PH_DEV_MON_CUST_WEBSPHERE_THREAD

For the webSphere_threadPctEvent Attribute, you will enter a transform as shown in the second table. 

Field	Setting
Name	websphere_thread_perfObj
Type	Application
Method	JMX
MBean	java.lang:type=Threading
List of Attributes	Object Attribute Private Key Name Format Event Attribute ThreadCount ThreadCount Long websphere_numThreads PeakThreadCount PeakThreadCount Long websphere_maxThreads Long websphere_threadPCT
Event Type	PH_DEV_MON_CUST_WEBSPHERE_THREAD
Polling Frequency	180 seconds

Transform Formula for websphere_threadPCT Event Attribute

Click New next to Transforms in the dialog to enter the formula. 

Field	Settings
Object Attribute	<blank>
Name	<blank>
Private Key	<blank>
Format	Long
Event Attribute	websphere_threadPct
Transforms	Type Formula custom ThreadCount*100/PeakThreadcount

Performance Object Configuration for Event Type PH_DEV_MON_CUST_WEBSPHERE_NON_HEAPMEMORY

Field	Setting
Name	websphere_nonHeapMemory_perfObj
Type	Application
Method	JMX
MBean	java.lang:type=Memory
List of Attributes	Object Attribute Private Key Name Format Event Attribute NonHeapMemoryUsage  used Long websphere_nonHeapUsed NonHeapMemoryUsage  committed Long websphere_nonHeapCommitted  NonHeapMemoryUsage  max Long websphere_nonHeapMax
Event Type	PH_DEV_MON_CUST_WEBSPHERE_NON_HEAPMEMORY
Polling Frequency	180 seconds

Associating Device Types to Performance Objects

In this example, IBM WebSphere runs on Microsoft Windows, so you would need to associate Microsoft Windows device types to the three performance objects. Because the discovered device type has to exactly match one of device types in this association in order for the discovery module to initiate these monitors, you would need to add other device types, such as Linux, if you also wanted to monitor IBM Websphere over JMX on those devices. 

Edit Device to Performance Object

Field	Settings
Name	windows_oracle_perf_association
Device Types	Microsoft Windows Microsoft Windows 7 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows Server 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP
Perf Objects	websphere_thread_perfObj(JMX) - Default Interval:3mins websphere_thread_perfObj(JMX) - Default Interval:3mins websphere_nonHeapMemory_perfObj (JMX) - Default Interval:3mins

Testing the Performance Monitor

Before testing the monitor, make sure you have defined the access credentials for the server, created the IP address to credentials mapping, and tested connectivity. 

1. Go to ADMIN > Device Support > Monitoring.
2. Select one of the performance monitors you created, and then click Test. 
3. For IP, enter the address of the Oracle database server, and select either the Supervisor or Collector node that will retrieve the information for this monitor. 
4. Click Test . 
   You should see succeed  under Result , and the parsed event attributes in the test result pane. 
5. When the test succeeds, click Close, and then click Apply to register the new monitor with the backend module.

Enabling the Performance Monitor

1. Discover or re-discover the device you want to monitor. 
2. Once the device is successfully discovered, make sure that the monitor is enabled and pulling metrics. 

Writing Queries for the Performance Metrics

You can now use a simple query to make sure that that the metrics are pulled correctly. The search results should display the metrics for the event attributes you defined. 

Create a structured historical search with these settings:

Filter Criteria	Display Columns	Time	For Organizations
Structured Reporting IP IN <IP Range> AND Event Type CONTAIN "ph_dev_mon_cust_web"; Group by: [None]	Event Receive Time,Reporting IP, Event	Last 60 Minutes	All