jstatd [ options ]
options
The jstatd tool is an RMI server application that monitors for thecreation and termination of instrumented HotSpot Java virtual machines (JVMs) andprovides a interface to allow remote monitoring tools to attach to JVMs running on the local host.
The jstatd server requires the presence of an RMI registry onthe local host. The jstatd server will attempt to attach to theRMI registry on the default port, or on the port indicated by the-p port option. If an RMI registry is not found, one will becreated within the jstatd application bound to theport indicated by the -p port option or to the default RMI registryport if -p port is omitted. Creation of an internal RMI registrycan be inhibited by specifying the -nr option.
NOTE: This utility is unsupported and may or may not be available in futureversions of the JDK.It is not currently available on the Windows 98 and Windows ME platforms.
The jstatd command supports the following options:
The jstatd server can only monitor JVMs for which it has theappropriate native access permissions. Therefor the jstatd processmust be running with the same user credentials as the target JVMs.Some user credentials, such as the root user in UNIX(TM) basedsystems, have permission to access the instrumentation exported byany JVM on the system. A jstatd process running with such credentialscan monitor any JVM on the system, but introduces additional securityconcerns.
The jstatd server does not provide any authentication of remoteclients. Therefore, running a jstatd server process exposes theinstrumentation export by all JVMs for which the jstatd processhas access permissions to any user on the network. This exposure may beundesireable in your environment and local security policies should beconsidered before starting the jstatd process, particularly inproduction environments or on unsecure networks.
The jstatd server installs an instance of RMISecurityPolicy ifno other security manager has been installed and therefore requires asecurity policy file to be specified. The policy file must conform tothe default policy implementation'sPolicy File Syntax.
The following policy file will allow the jstatd server to runwithout any security exceptions. This policy is less liberal then grantingall permissions to all codebases, but is more liberal than a policy thatgrants the minimal permissions to run the jstatd server.
grant codebase "file:${java.home}/../lib/tools.jar" {
permission java.security.AllPermission;
};
To use this policy, copy the text into a file called jstatd.all.policyand run the jstatd server as follows:
jstatd -J-Djava.security.policy=jstatd.all.policy
For sites with more restrictive security practices, it is possible touse a custom policy file to limit access to specific trusted hosts ornetworks, though such techniques are subject to IP addreess spoofingattacks. If your security concerns cannot be addressed with a customizedpolicy file, then the safest action is to not run the jstatdserver and use the jstat and jps tools locally.
The interface exported by the jstatd process is proprietaryand is guaranteed to change. Users and developers are discouraged fromwriting to this interface.
Here are some examples of starting jstatd. Note that thejstatd scripts automatically start the server in the background.
This example demonstrates starting jstatdwith an internal RMI registry. This example assumes that no otherserver is bound to the default RMI Registry port (port 1099).
jstatd -J-Djava.security.policy=all.policy
This example demonstrates starting jstatd with a external RMI registry.
rmiregistry&jstatd -J-Djava.security.policy=all.policy
This example demonstrates starting jstatdwith an external RMI registry server on port 2020.
rmiregistry 2020&jstatd -J-Djava.security.policy=all.policy -p 2020
This example demonstrates starting jstatdwith an external RMI registry on port 2020, bound to name AlternateJstatdServerName.
rmiregistry 2020&jstatd -J-Djava.security.policy=all.policy -p 2020 -n AlternateJstatdServerName
This example demonstrates starting jstatdsuch that it will not create a RMI registry if one is not found. Thisexample assumes an RMI registry is already running. If it is not, anappropriate error message is emitted.
jstatd -J-Djava.security.policy=all.policy -nr
This example demonstrates starting jstatdwith RMI logging capabilities enabled. This technique is useful as atroubleshooting aid or for monitoring server activities.
jstatd -J-Djava.security.policy=all.policy -J-Djava.rmi.server.logCalls=true
聯(lián)系客服