JMX: Monitoring and Managing Kafka


The Java virtual machine (Java VM) has built-in instrumentation that enables you to monitor and manage it using the Java Management Extensions (JMX) technology. 

To enable and configure monitoring of Java VM for any java-application using the ready-to-use JMX agent, you must set certain system properties when you start the Java VM.


The default location for the configuration file is 


Or you can set using<location>

Example: On my OSX


You can set ready-to-use monitoring and management properties in a configuration file or on the command line. Properties are defined here.

Oracle Documentation

Monitoring: Kafka

Now let’s configure JMX monitoring specifically for monitoring Kafka Broker.

Configuration Assumptions

  • Kafka SSL configuration is enabled (keystore and truststore)

Configured as a Service

If your kafka broker is configured as service you need two basic things as environment


You might recognize the This is the same parameter that defines the options for the JMX configuration file location.


In this file the contents identify the specific settings enabled for the JMX monitoring (explained below)

Let’s look in some detail

In the current Java SE platform, it is no longer necessary to set this system property.
  • To enable monitoring and management from remote systems define the jmremote.port
  • Remote monitoring and management requires security to ensure that unauthorized persons cannot control or monitor your application. Password authentication over the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) is enabled by default.
  • Port number to enable JMX RMI connection.
  • In addition to publishing an RMI connector for local access, setting this property publishes an additional RMI connector in a private read-only registry at the specified port using the name, jmxrmi
  • For remote stubs to be associated with a specific interface address, the java.rmi.server.hostname system property must be set.
  • Our example uses a vagrant host broker1.test

If passwords are in clear, they will be overwritten by their hash

Specifies the location of the SSL configuration file.

  • Default value is true
  • Enables secure monitoring using SSL.
  • Binds the RMI connector stub to an RMI registry that is protected by SSL.
  • Enables or disables password authentication for JMX.
  • Performs client authentication if this property is true and the property is also true.
  • Specifies the location for the password file.
  • If is false, then this property, and the password and access files are ignored. Otherwise, the password file must exist and be in the valid format.
  • If the password file is empty or nonexistent, then no access is allowed.
  • Specifies the location for the access file. If is false, then this property, and the password and access files, are ignored. Otherwise, the access file must exist and be in the valid format.
  • If the access file is empty or nonexistent, then no access is allowed.

Once all the configuration is supplied and the service is running you can run JConsole and try and connect to the JMX port.

jconsole -debug
JConsole to connect and view

Leave a Reply

Your email address will not be published. Required fields are marked *