Monitoring windows process age

[GreatWolfResorts]

Is there a way I can monitor a windows server for a particular process that is running too long? We have session processes in a specific application which can sometimes become orphaned but remain intensive against the CPU and databases. This causes us to have to routinely check for said session processes and kill them. I was hoping I could leverage Nagios to do this check, but the best I've come across is the check_proc_age.sh which appears to focus on the local linux box. Any direction is greatly appreciated!

Dan

[hsmith]

Is that a piece of information you could grab with a batch file or powershell script? If so, the answer is yes. If Windows is not providing the information this would be much trickier.

[GreatWolfResorts]

For those who may be interested in a similar check, I've put together a powershell script and used NRPE to call it from the server hosting the processes in question. Here are the pieces:

Powershell Script:

Code: Select all

$wlevel = (get-date).AddDays(-2).ToString("G")
$clevel = (get-date).AddDays(-5).ToString("G") 

$a =  gwmi win32_process | ? { $_.name -eq "SunSystemsSession.exe" }
$a | Select-Object name, processId, @{Name="StartTime"; Expression={ $_.ConvertToDateTime( $_.CreationDate )}} | Format-List | Out-File 'C:\Program Files\NSClient++\Scripts\Check_SunSystemsSession_output.txt'

if ($a.Name) {
    if ($a.StartTime -lt $wlevel) {
        Write-Host "OK - All sessions are current"
        exit 0
    } elseif ($a.StartTime -gt $wlevel) {
        Write-Host "WARNING - Process ID $($a.processId) older than 2 days"
        exit 1
    } elseif ($a.starttime -gt $clevel) {
        Write-Host "CRITICAL - Process ID $($a.processId) older than 5 days"
        exit 2
    } else {
        Write-Host "OK - No sessions found"
        exit 3
    }
} else {
    Write-Host "CRITICAL - Problems retrieving processes!"
    exit 2
}

Here I am defining the two thresholds (warning, critical) based on today minus 2 days and 5 days. Then I pull the process name, id and start time using gwmi and convert the format. Note the wlevel and clevel are both formatted to match this output as this is the variable used for comparison. In addition, I send the results to a file that matches the process name. This keeps the data displayed in Nagios clean and only shows what is important.

I then us an "IF" statement to check if the starttime for each process returned (mind you there can be multiple) and identify if it is less than the warning level (OK) or greater then the warning or critical levels. The results are an output for Nagios. If a failure occurs and processes are aging, the output string will include the process ID numbers to make identifying them on the server quick and easy.

NSClient++ NSC.ini:

Code: Select all

Under [External Scripts] append:
check_sunsystemssession_age=cmd /c echo scripts/check_sunsystemssession_age.ps1; exit $LastExitCode | powershell.exe -command -

Also make sure that the following are enabled by removing the comment or adding:

Code: Select all

[modules]
NRPEListener.dll
NSClientListener.dll
CheckExternalScripts.dll

Use the check_NRPE command in Nagios:

Code: Select all

$USER1$/check_nrpe -H $HOSTADDRESS$ -t 30 -c check_sunsystemssession_age

Change the names where you see fit. I made it unique to the process in question to allow for multiple process checks on a single server. I'm sure coding can be refined a bit, but this should do the trick for you.

[lmiltchev]

Thanks for sharing, GreatWolfResorts!