Monitoring Windows Process

This forum was archived to /woltlab and is now in read-only mode.
  • Hi


    On a Windows Machine I would like to check if a specific process is running. In my example the cmd.exe.


    I have the following configuration in my service.conf-File:

    Code
    1. apply Service "Test" {
    2. import "generic-service"
    3. check_command = "nscp-local"
    4. command_endpoint = host.vars.remote_client
    5. vars.nscp_query = "check_process"
    6. vars.nscp_arguments = ["process=cmd.exe"]
    7. assign where host.vars.os == "Windows"
    8. }


    But in Icinga2 I'm always getting the following displayed:

    CRITICAL: cmd.exe=stopped.


    What I'm doing wrong? On the Windows Machine Icinga Agent and NSClient++ is installed and running based on the following article:

    http://server-tuts.com/setup-i…t-on-windows-server-2012/


    When I manually run the following on the Windows Machine:

    Code
    1. PS C:\Program Files\NSClient++> ./nscp client -q check_process -a process=cmd.exe


    OK: all processes are ok.|'cmd.exe state'=1;0;0 'count'=1;0;0

  • I'm running that command from a powershell session. I have a separate programm running in a CMD that I would like to monitor.

  • Just a guess - that powershell session still runs inside a command terminal, doesn't it? That would explain your described behaviour.

  • I can also take an other process and I'm getting the same error. It doesn't matter if the process is started by system or by the logged in user.

  • dnsmichi  

    So you suggest to diagnose-run it via psexec -s (for localsystem) so that no cmd.exe is spawned ?


    When I manually run the following on the Windows Machine:

    I do not know nscp.

    Where do you get your "local command" from, ist it logged somewhere at the windows machine ?

    Any proof (eventlog entry, file...) that it is run in exactly that way ?


    Edit:

    I configured that at my system and can reproduce your problem.

    If i switch the icinga2 service account from network service to local system it works - see screen shot.

    If i switch it back to network service it continues to work until nsclient++ service is restarted - this results in the initial error.



    The post was edited 2 times, last by sru ().

  • The assumption is reasonable.

    But if you press [WINDOWS]+[R] and type "powershell", taskmanager does not show any cmd.exe process.


    We seem to have an acl problem here, see my last post.