Using VisualVM to connect to a remote jstatd instance through a firewall
Solution 1
Instead of creating a firewall rule every time I run jstatd (because it annoyingly chooses a new random port each time), I got it to work with SSH tunnels.
First I ran jstatd on the server to find which ports I needed to tunnel. That is done by (in my case) first creating a policy file called tools.policy with the following contents:
grant codebase "file:${java.home}/../lib/tools.jar" {
permission java.security.AllPermission;
};
Then running the following command: jstatd -J-Djava.security.policy=tools.policy
Then I determined the random port jstatd was using by running sockstat | grep jstat (may need to use netstat instead on Linux, I'm not sure).
Then lets say the random port is 55663, I created two SSH tunnels on my local machine, one for the standard jstatd port 1099 and the other for 55663 by running the following commands in two terminal windows (haven't done this on Windows, but I'm pretty sure putty can do it):
ssh -L 1099:localhost:1099 login_name@host_name
ssh -L 55663:localhost:55663 login_name@host_name
Once the two tunnels were open, I opened VisualVM and right clicked on the "Local" machine on the left side and chose "Add jstatd Connection". I clicked the "Add Default" button on the right and made sure the port was set to 1099. I hit the "OK" button to save it and immediately saw my remote Java processes show up in the "Local" section.
Solution 2
See this "Running VisualVM through an ssh tunnel with SOCKS" for another solution.
Ben Baron
I'm a software engineer with an IT, systems, and database administration background. These days I primarily develop in Swift (and occasionally still Objective-C) using Cocoa and Cocoa Touch, but I also have some experience building native Android apps using Java and the Android SDK; cross platform mobile and desktop apps using C# with Xamarin's Mono runtime; some server side code in Golang, Java, and C#; and some client side web code in CoffeeScript (primarily using jQuery and Backbone.js), HTML, and CSS. Currently lead developer at Dealyze: https://dealyze.com Previously co-founded Balance: https://balance.io My GitHub: https://github.com/einsteinx2 My LinkedIn: http://www.linkedin.com/in/benbaron
Updated on February 26, 2020Comments
-
Ben Baron over 4 years
Possible Duplicate:
VisualVM over sshI'm writing this question and answering it because I spent a few hours getting this to work today and no answer I found on here worked for me. Hopefully this is helpful for others. If you have another solution than the one I ended up using, please feel free to answer the question as well. If yours is better I'll accept yours instead.
The problem: I'm trying to monitor some home made java applications on my FreeBSD server (this should apply to Linux servers as well) using VisualVM and jstatd, but I can't get VisualVM to list the processes on the server even after I forwarded the assigned and random jstatd ports in my firewall and can see a connection being made using sockstat.
-
Ben Baron almost 13 yearsThat was one of the solutions I found that did not work for me for some reason. The only way I could get it to work was doing what I described in my answer. That's why I wanted to post this in case anyone else had similar trouble with the available answers.
-
Tomas Hurka almost 13 yearsAbove solution is simpler. Why it did not work?
-
Ben Baron almost 13 yearsI performed the steps in that post and it just wouldn't connect. I was monitoring connections on the server and did not see an incoming connection to jstatd unless I opened the ports in the firewall, so the SOCKS proxy was not working for some reason even though it was created on the client side and seemed to be active (used telnet on the local SOCKS port to verify it was open). The only way I got a working connection was using the steps in my answer. Not sure what is different about my setup that caused the SOCKS solution to not work, let alone why it didn't work when opening the firewall.
-
Tomas Hurka almost 13 yearsThe post is relatively old and one thing which is now different, is that you can specify SOCKS proxy directly in VisualVM. From your description, it looks like VisualVM did not use your SOCKS proxy. If you want to try it, you can start VisualVM without any additional parameters and specify SOCKS proxy in VisualVM preferences.
-
Ben Baron almost 13 yearsI did in fact try using the command line parameter, the preferences panel, and both at the same time and was not successful. I will double check today though.
-
Ben Baron almost 13 yearsI just tested again and I can not get it to connect using the method in that blog post. That's why I posted this question/answer, so that if anyone else also has trouble with that solution there is an alternative. Thank you for posting the link though, this question will now be more complete for those looking to use jstatd.
-
Tomas Hurka almost 13 yearsIt is strange that it does not work for you. It would be great if you can find out why.
-
Viktor Hedefalk almost 13 yearsThis worked for me to open a connection and do basic monitoring, but I can't do any sampling. I guess I need more stuff to get the JMX working? I says it can't open a JMX connections…
-
Ben Baron almost 13 yearsYes this solution is for jstatd only, not JMX. You may need to tunnel different ports for that I'm not sure. My applications don't have JMX support yet so I haven't tested that yet.
-
Viktor Hedefalk over 12 yearsThanks. I think this answers my question: stackoverflow.com/questions/3892084/…
-
Scott Carey about 8 yearsYou can tunnel two ports with one ssh command, e.g. `ssh -L 1234:localhost:1234 -L 5555:somehost:5678 user@hostname
