Nagios Support Forum

Is it possible to setup monitoring to identify executables lasting more than 5 minutes and/or the existence of multiple executables?

We have an application that sometimes spawns multiple instances and while sometimes it is alright if the child processes don't die off it creates problems. I am looking to monitor the process and if they last longer than 5 minutes or multiple services with different PIDs appear for longer than 5 minutes I would like to get notified.

Should be doable. Are we talking Linux or Windows? In Linux it's a simple matter of running a ps with a grep and doing a count on the results as well as looking at the runtime field. If you are looking at the Windows side of things, I would defer to sreinhardt for the proper PowerShell way of doing it.

This would be a Windows Server.

Any chance or method to notify sreinhardt and get his input?

jkinning,

Just wanted to give you heads up - sreinhardt is not working today, but he will be in the office tomorrow and will follow up with you.

This is absolutely possible, I do want to clarify that I am not able to fully write the plugin for you, as that would be custom development. However I am happy to work you through it, and if you want you can contact [email protected] to have me develop it.

As for the route I would take, something along the lines of:

have a flag to specify process name to look for, store in $name
get current date and time with get-date and store in $date: $date=$(get-date)
Use get-process and select to get current runtime of processes, store in $starttime: $starttime=$(Get-Process -name $name | select starttime).StartTime
create a loop that takes each value in $startTime, as it may be one or more, and subtracts $date from $starttime[$index] store totalminutes, or totalseconds value in $runtime
Use $runtime within your loop to detect where this process is within your thresholds and if needed change exit status
write-host the output message you wish, such as "$name has been running for: $runtime[$index]... | $name1=$runtime;$warn;$crit ..."
exit with the appropriate exitcode.

If you have any inhouse powershell folks, that should get you started pretty well. If not, I would suggest contacting [email protected]. I would guess we are looking at about 2 hours of custom development, which is pretty minimal.

What if I wanted to do something a little easier.

Look every 5 minutes and if applicaion.exe is running grab the PID. When this looks again 5 minutes later if that PID is still there, send out an alert.
Multiple applications.exe could be running at any given time, but it should not take more than 5 minutes to complete it’s process.

I was looking at the check_procs but didn't see anything about using the PID as an argument. Is there a better plugin or method? Keeping it as simple as possible.

I don't think a plugin with that functionality exists. The plugin would need to write the pid's to a file to be able to check later if this pid is still used. As spenser said, it would not be so hard to write this in Powershell.

Grtz

Willem

I have to agree with willem, storing pid files and checking them in future checks, would be far more difficult than checking how long the process has actually run for. You could probably script it out with wmic or python wmiclient, if you wanted a linux way of checking windows systems, but I don't know off hand what queries you would need to do for the same information. You are right, check_procs would not do what you are looking for, it just checks if they are currently running.