VisualVM是一个以监控、显示本地或者远程服务器JVM工作情况，进行性能调优的工具。借助VisualVM，我们可以实现对JVM内存各个子池、CPU、垃圾收集器等方面进行监控，从而发现程序代码中潜在的泄露点和配置问题。

VisualVM是一个Java编写的绿色软件，属于开源范畴，官方地址为：visualvm.java.net。VisualVM是使用插件Plugin的方式提供功能，默认提供了一些基本检测功能。如果需要进行拓展，可以使用下载插件的功能进行。

VisualVM在监控本地JVM的时候是很方便的。只要应用程序运行起来，我们就可以从VisualVM里面监控出来。
远程服务器上的JVM监控就需要一些额外的配置了。目前VisualVM支持两种监控方法：Jstatd方法和基于JMX的方法。

JStatd

---

How to setup jstatd in linux

In order to do remote profiling, jstatd must be running on remote host. jstatd setup needs to complete in 6 steps

1. Create a jstatd.sh file at any path

   #!/bin/sh
   policy=${HOME}/jstatd.all.policy
   [ -r ${policy} ] || cat >${policy} <<'POLICY'
   grant codebase "file:/usr/lib/jvm/jre-1.6.0-openjdk.x86_64/lib/tools.jar" {
     permission java.security.AllPermission;
   };
   POLICY
   echo ${policy}
   jstatd -J-Djava.security.policy=${policy} -J-Djava.rmi.server.hostname=192.169.31.224&
   

2. Replace 192.169.31.224 with the IP address of the remote host
3. Replace "/usr/lib/jvm/jre-1.6.0-openjdk.x86_64/lib/tools.jar" with the actual path of tools.jar
4. To find actual path of tools.jar, if you have multiple jvm installed in linux, run following commands
   • Check Java using following command

     [root@31224 ~]# /usr/sbin/alternatives --config java
     
     There are 2 programs which provide 'java'.
     
       Selection    Command
     -----------------------------------------------
        1           /usr/lib/jvm/jre-1.4.2-gcj/bin/java
     *+ 2           /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java
     
     Enter to keep the current selection[+], or type selection number: 
     

   • Here current JVM path is "/usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java" so enter this path in jstatd.sh
   • Check the path to tools.jar. Here tools.jar is available at multiple locations

     [root@31224 ~]# locate tools.jar
     /usr/java/jdk1.7.0_45/db/lib/derbytools.jar
     /usr/java/jdk1.7.0_45/lib/tools.jar
     /usr/java/jdk1.7.0_45/lib/visualvm/visualvm/modules/com-sun-tools-visualvm-tools.jar
     /usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/lib/tools.jar
     /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/lib/tools.jar
     

   • Use chmod 777 -R /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/lib
   • To find running jstatd use following commands:-

     [root@App31224 ~]# which jstatd
     /usr/bin/jstatd
     [root@App31224 ~]# ls -lart /usr/bin/jstatd
     lrwxrwxrwx 1 root root 24 Oct 16  2010 /usr/bin/jstatd -> /etc/alternatives/jstatd
     [root@App31224 ~]# ll /etc/alternatives/jstatd
     lrwxrwxrwx 1 root root 49 Oct 15  2010 /etc/alternatives/jstatd -> /usr/lib/jvm/java-1.6.0-openjdk.x86_64/bin/jstatd
     

5. use chmod a+x jstatd.sh to make it executable
6. Finally run ./jstatd.sh

How to setup jstatd in windows

1. Run the "jstatd" command in a command window:

   C:Program FilesJavajdk1.7.0_45bin>jstatd.exe
   Could not create remote object
   access denied ("java.util.PropertyPermission" "java.rmi.server.ignoreSubClasses"
    "write")
   java.security.AccessControlException: access denied ("java.util.PropertyPermissi
   on" "java.rmi.server.ignoreSubClasses" "write")
           at java.security.AccessControlContext.checkPermission(AccessControlConte
   xt.java:372)
           at java.security.AccessController.checkPermission(AccessController.java:
   559)
           at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
           at java.lang.System.setProperty(System.java:783)
           at sun.tools.jstatd.Jstatd.main(Jstatd.java:139)
   

   The "access denied" error is expected, because "jstatd" requires a security policy file specified with the "java.security.policy" system property, if there is no security manager running on my machine.

2. Create the security policy file, jstatd.all.policy, that grants permissions to run "jstatd" and other tools in the tools.jar:

   grant codebase "file:C:/Program Files/Java/jdk1.7.0_45/lib/tools.jar" {
      permission java.security.AllPermission;
   };
   

3. Run "jstatd" with the security policy file, tools.policy specified to the "java.security.policy" system property:

   C:Program FilesJavajdk1.7.0_45bin>jstatd.exe -J-Djava.rmi.server.hostname=127.0.0.1 -J-Djava.security.policy=jstatd.all.policy
   

4. jVisualVM will autodetect all running java processes
   

JMX

---

连接JMX方法首先需要在Java端进行一些配置。

[root@bspdev jdk1.7.0_09]# cd $JAVA_HOME/jre/lib/management
[root@bspdev management]# pwd
/usr/java/jdk1.7.0_09/jre/lib/management
[root@bspdev management]# ls -l
total 28
-rw-r--r-- 1 root root  3998 Sep 25  2012 jmxremote.access
-rw-r--r-- 1 root root  2856 Sep 25  2012 jmxremote.password.template
-rw-r--r-- 1 root root 14097 Sep 25  2012 management.properties
-rw-r--r-- 1 root root  3376 Sep 25  2012 snmp.acl.template

 

首先利用password.template文件创建jmxremote.password文件，并且设置相应的读写权限。

[root@bspdev management]# cp jmxremote.password.template jmxremote.password
[root@bspdev management]# ls -l
total 32
-rw-r--r-- 1 root root  3998 Sep 25  2012 jmxremote.access
-rw-r--r-- 1 root root  2856 Jul  5 06:09 jmxremote.password
-rw-r--r-- 1 root root  2856 Sep 25  2012 jmxremote.password.template
-rw-r--r-- 1 root root 14097 Sep 25  2012 management.properties
-rw-r--r-- 1 root root  3376 Sep 25  2012 snmp.acl.template
[root@bspdev management]#

将jmxremote.password中的权限部分注释标记去除。

# password "QED".  The "controlRole" role has password "R&D".
#
# monitorRole  QED
# controlRole   R&D
 
修改为：
 
monitorRole  QED
controlRole   R&D
 
"jmxremote.password" 64L, 2852C written

同时，在JBoss启动文件run.sh的定义环境变量部分，加入如下内容。

if [ "x$JAVA_OPTS" = "x" ]; then
   JAVA_OPTS=" -Dcom.sun.management.jmxremote.port=9988                             
-Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
else
   JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.port=9988                   
-Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
fi

 

下面，就可以增加JMX的9988端口的连接。显示如下界面进行监控。

使用JMX监控的功能不支持Visual GC。对JBoss的支持性比较好。

JMX也可以在启动java进程的时候启动：

JAVA_OPTS="$JAVA_OPTS -Djava.rmi.server.hostname=192.168.8.7
-Dcom.sun.management.jmxremote.port=8088
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false"

ps：JMX Management and Monitoring Properties

com.sun.management.jmxremote	true / false. Default is true
com.sun.management.jmxremote. port	Port number. No default.
com.sun.management.jmxremote.ssl	true / false. Default is true.
com.sun.management.jmxremote.ssl.enabled.protocols	Default SSL/TLS protocol version.
com.sun.management.jmxremote.ssl.enabled.cipher.suites	Default SSL/TLS cipher suites.
com.sun.management.jmxremote.ssl.need.client.auth	true / false. Default is false
com.sun.management.jmxremote.authenticate	true / false.Default is true
com.sun.management.jmxremote.password.file	JRE_HOME/lib/management/jmxremote.password
com.sun.management.jmxremote.access.file	JRE_HOME/lib/management/jmxremote.access
com.sun.management.jmxremote.login.config	Default login configuration is a file-based password authentication.

 

参考：
http://www.genericarticles.com/mediawiki/index.php?title=How_to_setup_VisualVM_and_jstatd_to_take_heap_dump_and_thread_dump_in_linux

http://sjsky.iteye.com/blog/705323

http://blog.itpub.net/17203031/viewspace-765810/