What permissions does the Monitoring Agent need on WSO2 servers?
Minimum: JMX read access (WSO2 EI) or MI Management API access (WSO2 MI). Agent connects remotely via network ports—does not require: OS user account on WSO2 server, filesystem access, SSH keys, database access, firewall changes beyond opening JMX port (9999) or MI API port (9164). WSO2 EI: JMX port 9999 (default unauthenticated, can enable JMX username/password via wrapper.conf if required), Carbon Management Console APIs port 9443 (HTTPS, requires admin credentials for Remote Actions). WSO2 MI: MI Management API port 9164 (HTTPS, requires admin credentials configured in deployment.toml). Security best practice: Create dedicated service account nodinite-monitor with admin role (don't use default admin account), rotate credentials quarterly, restrict network access to monitoring agent server only (firewall rules).
Related Questions
See all FAQs: [Troubleshooting Overview][]