})
The Apache Tomcat app is a unified logs and metrics app that helps you monitor the availability, performance, health and resource utilization of your Apache Tomcat servers. Preconfigured dashboards provide insight into visitor locations, traffic patterns, errors, resource utilization, garbage collection, web server operations and access from known malicious sources.
## Collecting logs and metrics for Apache Tomcat
Before installing the Sumo Logic app, Apache Tomcat must be set up and configured to log events.
This section provides instructions for configuring log and metric collection for the Sumo Logic app for Apache Tomcat. Configuring log and metric collection for the Apache Tomcat app includes the following tasks.
### Configure Collection for Apache Tomcat
})
The first service in the pipeline is Telegraf. Telegraf collects metrics from Apache Tomcat. Note that we’re running Telegraf in each pod we want to collect metrics from as a sidecar deployment, for example, Telegraf runs in the same pod as the containers it monitors. Telegraf uses the Apache Tomcat and Jolokia2 input plugins to obtain metrics. For simplicity, the diagram doesn’t show the input plugins. The injection of the Telegraf sidecar container is done by the Telegraf Operator. Prometheus pulls metrics from Telegraf and sends them to [Sumo Logic Distribution for OpenTelemetry Collector](https://github.com/SumoLogic/sumologic-otel-collector), which enriches metadata and sends metrics to Sumo Logic.
In the logs pipeline, Sumo Logic Distribution for OpenTelemetry Collector collects logs written to standard out and forwards them to another instance of Sumo Logic Distribution for OpenTelemetry Collector, which enriches metadata and sends logs to Sumo Logic.
Follow the below instructions to set up metrics collection:
[Step 1: Configure Metrics Collection](#step-1-configure-metrics-collection)
1. Set up Kubernetes Collection with the Telegraf operator.
2. Add annotations on your Apache Tomcat pods.
[Step 2: Configure Logs Collection](#step-2-configure-logs-collection)
1. Configure logging in Apache Tomcat.
2. Add labels on your Apache Tomcat pods to capture logs from standard output.
3. Collecting Apache Tomcat Logs from a Log file.
**Prerequisites**
It’s assumed that you are using the latest helm chart version. If not, upgrade using the instructions [here](/docs/send-data/kubernetes).
### Step 1: Configure metrics collection
This section explains the steps to collect Apache Tomcat metrics from a Kubernetes environment.
In Kubernetes environments, we use the Telegraf Operator, which is packaged with our Kubernetes collection. You can learn more on this[ here](/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/telegraf-collection-architecture). Follow the steps listed below to collect metrics from a Kubernetes environment:
1. [Set up Kubernetes Collection with the Telegraf Operator](/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/install-telegraf). Ensure that you are monitoring your Kubernetes clusters with the Telegraf operator **enabled**. If you are not, then please follow [these instructions](/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/install-telegraf) to do so.
2. Install Jolokia on your Tomcat Pod to use the Jolokia Telegraf Input Plugin:
* Download the latest version of the Jolokia war file from: [https://jolokia.org/download.html](https://jolokia.org/download.html).
* Rename the file from jolokia-war-X.X.X.war to jolokia.war.
* Create a configMap **jolokia** from the binary file `kubectl create configmap jolokia --from-file=jolokia.jar`.
* Create volume mount the jolokia.war file to `${TOMCAT_HOME}/webapps`.
```yml
spec:
volumes:
- name: jolokia
configMap:
name: jolokia
containers:
- name: XYZ
image: XYZ
env:
- name: TOMCAT_OPTS
value: "-javaagent:/opt/jolokia/jolokia.jar=port=8778,host=0.0.0.0"
volumeMounts:
- mountPath: "/opt/jolokia"
name: jolokia
```
* Add jolokia as role in tomcat-users.xml
```xml
**FER to normalize the fields in Kubernetes environments**. Labels created in Kubernetes environments automatically are prefixed with `pod_labels`. To normalize these for our app to work, we will have a Field Extraction Rule automatically created for Apache Tomcat Web Server Application Components named **AppObservabilityApacheTomcatWebserverFER**.
})
Telegraf runs on the same system as Apache Tomcat and uses the [Apache Tomcat](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/memcached#configuration) and [Jolokia2](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/jolokia2) input plugin to obtain Apache Tomcat metrics, and the Sumo Logic output plugin to send the metrics to Sumo Logic. Logs from Apache Tomcat on the other hand are sent to a Sumo Logic Local File source.
This section provides instructions for configuring metrics collection for the Sumo Logic app for Apache Tomcat. Follow the below instructions to set up the metric collection:
1. Configure Metrics Collection
1. Configure a Hosted Collector
2. Configure HTTP Logs and Metrics Source
3. Install Telegraf
4. Download and setup Jolokia on each Apache Tomcat node
5. Configure and start Telegraf
2. Configure Logs Collection
1. Configure logging in Apache Tomcat
2. Configure Sumo Logic Installed Collector
### Step 1: Configure metrics collection
1. **Configure a Hosted Collector**. To create a new Sumo Logic hosted collector, perform the steps in the [Create a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector) section of the Sumo Logic documentation.
1. **Configure an HTTP Logs and Metrics Source**. Create a new HTTP Logs and Metrics Source in the hosted collector created above by following[ these instructions. ](/docs/send-data/hosted-collectors/http-source/logs-metrics)Make a note of the **HTTP Source URL**.
1. **Install Telegraf**. Follow [these steps](/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/install-telegraf) to install Telegraf.
1. **Download and setup Jolokia on each Apache Tomcat node**. As part of collecting metrics data from Telegraf, we will use the [Jolokia input plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/jolokia2) to get data from Telegraf and the [Sumo Logic output plugin](https://github.com/SumoLogic/fluentd-output-sumologic) to send data to Sumo Logic.
* Download the latest version of the Jolokia JVM-Agent from [Jolokia](https://jolokia.org/download.html).
* Rename the downloaded Jar file to jolokia.jar.
* Save the file jolokia.jar on your Apache Tomcat server in `${TOMCAT_HOME}/webapps`.
* Configure Apache Tomcat to use Jolokia.
* Add the following to tomcat-users.xml:
})
### Visitor Locations
The **Apache Tomcat - Visitor Locations** dashboard provides a high-level view of Tomcat visitor geographic locations both worldwide and in the United States. Dashboard panels also show graphic trends for visits by country over time and visits by US region over time.
* **Worldwide.** Uses a geo lookup operation to display worldwide visitor locations by IP address on a map of the world, which allows you to see a count of hits per location for the last 24 hours.
* **Visits by Country Over Time.** Displays the number of visitors by country in a stacked column chart on a timeline for the last hour.
* **United States.** Uses a geo lookup operation to display US visitor locations by IP address on a map of the world, which allows you to see a count of hits per location for the last 24 hours.
* **Visits by US State Over Time.** Displays the number of US visitors by state in a stacked column chart on a timeline for the last hour.
})
### Visitor Traffic Insight
The **Apache Tomcat - Visitor Traffic Insight** dashboard provides detailed information on the top documents accessed, top referrers, top search terms from popular search engines, and the media types served.
- **Bytes Served.** Displays bytes served in a single chart on a timeline for the last 60 minutes.
- **HTTP Methods.** Shows the number of methods over time in a pie chart on a timeline for the last 60 minutes.
- **Top 5 url.** Provides a list of the top 5 URLs being accessed by your visitors in a bar chart for the 60 minutes.
- **Media Types Served.** Displays a list of file types being served in a pie chart for the 60 minutes.
- **Top 5 Referrers.** Shows a list of the top 5 referring websites by URL in a bar chart for 60 minutes.
- **Top 10 Search Terms from Popular Search Engines.** Displays a list of the top 10 search terms and their count from search engines such as Google, Bing, and Yahoo in an aggregation table for the past hour.
})
### Web Server Operations
The **Apache Tomcat - Web Server Operations** Dashboard provides a high-level view combined with detailed information on the top ten bots, geographic locations, and data for clients with high error rates, server errors over time, and non 200 response code status codes. Dashboard panels also show information on server error logs, error log levels, error responses by the server, and the top URIs responsible for 404 responses.
- **Non 200 Response Status Codes.** Displays the number of non-200 response status codes in a bar chart for the past hour.
- **Client Locations - 4xx Errors.** Uses a geo lookup operation to display the location of clients with 4xx errors by IP address on a map of the world, which allows you to see a count of hits per location for the last hour.
- **Server Errors Over Time.** Provides information on the type and number of server errors in a column chart on a line chart for the past hour.
- **Error Responses by Server.** Shows error responses and their distribution by the server in a line chart for the past hour.
- **Top 5 Clients Cause 4xx Errors.** Displays a list of the top 5 clients that have 4xx errors in a bar chart for the past hour.
- **Top 5 URIs Causing 404 Responses.** Provides a list of the top 5 URIs with 404 response types in a pie chart for the past hour.
})
### Logs Timeline Analysis
The **Apache Tomcat - Logs Timeline Analysis** dashboard provides a high-level view of the activity and health of Apache Tomcat servers on your network. Dashboard panels display visual graphs and detailed information on traffic volume and distribution, responses over time, as well as time comparisons for visitor locations and server hits.
Use this dashboard to:
* To understand the traffic distribution across servers, provide insights for resource planning by analyzing data volume and bytes served.
* Gain insights into originated traffic location by region. This can help you allocate compute resources to different regions according to their needs.
})
### Outlier Analysis
The **Apache Tomcat - Outlier Analysis** dashboard provides a high-level view of Apache Tomcat server outlier metrics for bytes served, number of visitors, and server errors. You can select the time interval over which outliers are aggregated, then hover the cursor over the graph to display detailed information for that point in time.
Use this dashboard to:
* Detect outliers in your infrastructure with Sumo Logic’s machine-learning algorithm.
* To identify outliers in incoming traffic and the number of errors encountered by your servers.
})
### Catalina Overview
The **Apache Tomcat - Catalina** dashboard provides information about events such as the startup and shutdown of the Apache Tomcat application server, the deployment of new applications, or the failure of one or more subsystems.
- **Log Levels.** Displays log level types (Info, Severe, and Warning) in a pie chart for the last 24 hours.
- **Non-INFO Errors.** Shows the number and type of errors (Severe or Warning) in a stacked column chart on a timeline for the last 24 hours.
- **Component Errors.** Provides information on errors by component in a pie chart for the last 24 hours.
- **Errors by Component.** Displays Info level errors by component in a stacked column chart on a timeline for the last 24 hours.
- **Top 10 Recent Exceptions.** Shows the top 10 most recent exceptions in an aggregation table with columns for time, log level, message, method, source file, and thrown for the last 24 hours.
- **Exceptions.** Provides the number of exceptions in a column chart on a timeline for the last seven days.
- **Average Server Startup Time.** Displays the average server startup time per second by day as a column chart on a timeline for the last seven days.
- **Server State Events Over Time.** Shows server state events (shutdown or startup) in a stacked column chart on a timeline for the last seven days.
})
### Garbage Collection
The **Apache Tomcat - Garbage Collector** dashboard provides information on the garbage collection of the Java Virtual Machine.
- **Top 10 Host - High GC Time.** Displays the top 10 hosts with high garbage collection operation time as a bar chart for the last 12 hours.
- **Top 10 Hosts - Low Average JVM Up-Time.** Shows the top 10 hosts by low average JVM up-time as a bar chart for the last 12 hours.
- **Total GC Operation Time.** Provides the total garbage collection operation time by timeslices of 15 minutes in a column chart on a timeline for the last 12 hours.
- **Total GC Operations.** Displays the total number of times Full-GC and Minor-GC collection processes are executed in timeslices of 15 minutes on a stacked column chart on a timeline for the past 12 hours.
- **Heap.** Shows the total heap memory utilization just before garbage collection was executed vs. total heap memory utilization after garbage collection was executed, in a line chart on a timeline for the last 12 hours.
- **PS Young Gen**. PS Young Gen also refers to “New Space,” which is comprised of Eden-Space and two Survivor-Spaces of identical size, usually called From and To. This panel shows Young Gen memory utilization just before garbage collection was executed vs. Young Gen memory utilization after garbage collection was executed. This part of the heap always gets garbage collected.
- **Par Old Gen.** Par Old Gen is also referred to as “Tenured Space”. This panel shows Old Gen memory utilization just before garbage collection was executed vs. Old Gen memory utilization after garbage collection was executed.
- **PS Perm Gen.** PS Perm Gen is also referred to as “Permanent Space”. This panel shows Perm Gen memory utilization just before garbage collection was executed vs. Perm Gen memory utilization after garbage collection was executed.
})
### Threat intel
The **Apache Tomcat - Threat Intel** dashboard provides an at-a-glance view of threats to Apache Tomcat servers on your network. Dashboard panels display the threat count over a selected time period, geographic locations where threats occurred, source breakdown, actors responsible for threats, severity, and a correlation of IP addresses, method, and status code of threats.
Use this dashboard to:
* To gain insights and understand threats in incoming traffic and discover potential IOCs. Incoming traffic requests are analyzed using Sumo Logic [threat intelligence](/docs/security/threat-intelligence/).
})
### Connectors
The **Apache Tomcat - Connector** dashboard analyzes received requests, passes them to the correct web application, and sends back the results through the Connector as dynamically generated content.
})
### Memory
The **Apache Tomcat - Memory** dashboard provides a memory of your Apache Tomcat instance. Use this dashboard to understand the detailed Memory of your Apache Tomcat (s) deployed on your farm. This dashboard also provides login activities
Use this dashboard to:
* Analyze Heap memory.
* Analyze the percent memory used.
})
### MemoryPool
The **Apache Tomcat - MemoryPool** dashboard provides a memory of your JMX Apache Tomcat instance. Use this dashboard to understand the detailed Heap Memory of your JMX Apache Tomcat (s) deployed in your farm.
})
To help determine if the Apache Tomcat server is available and performing well, the [Sumo Logic monitors](/docs/alerts/monitors) are provided with out-of-box alerts.
## Create monitors for Apache Tomcat
import CreateMonitors from '../../reuse/apps/create-monitors.md';