Process Checks
Process checks can help identify the following:
- Process is running
- Process is NOT running
- Multiple separate processes
- Total running processes
- Process Resources
The sections below provide examples of how to perform these checks using different methods.
Process Is Running
These checks are for confirming a process is running, additionally you can be notified if the total processes exceeds a threshold.
Nagios Plugins
The check_process plugin is part of Nagios Plugins. Using the Nagios Plugin Threshold standards, the thresholds are triggered based on how they are defined.
Process: | vmtoolds |
Critical: | If 0 are running OR more than 1 is running |
Command:
./check_procs -C vmtoolsd -c 1:1
Output:
PROCS OK: 1 process with command name 'vmtoolsd' | procs=1;;1:1;0;
Process: | mingetty |
Critical: | A minimum of 6 processes must be running |
Command:
./check_procs -C mingetty -c 6:
Output:
PROCS OK: 6 processes with command name 'mingetty' | procs=6;;:6:;0;
NCPA
NPCA includes a processes module. Using the Nagios Plugin Threshold standards, the thresholds are triggered based on how they are defined.
Process: | vmtoolds |
Critical: | If 0 are running OR more than 1 is running |
Command:
./check_ncpa.py -H 10.25.13.36 -t 'Str0ngT0k3n' -P 5693 -M 'processes' -q 'name=vmtoolsd' -c 1:1
Output:
OK: Process count for processes named vmtoolsd was 1 | 'process_count'=1;;1:1; 'cpu'=0.0%;;; 'memory'=0.08%;;; 'memory_vms'=0.31GB;;; 'memory_rss'=0.01GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
641: vmtoolsd: root: 0.08 % (VMS 0.31 GB, RSS 0.01 GB): 0.00 %
Total Memory: 0.08 % (VMS 0.31 GB, RSS 0.01 GB)
Total CPU: 0.00 %
Process: | mingetty |
Critical: | A minimum of 6 processes must be running |
Command:
./check_ncpa.py -H 10.25.13.31 -t 'Str0ngT0k3n' -P 5693 -M 'processes' -q 'name=mingetty' -c 6:
Output:
OK: Process count for processes named mingetty was 6 | 'process_count'=6;;6:; 'cpu'=0.0%;;; 'memory'=0.01%;;; 'memory_vms'=0.0GB;;; 'memory_rss'=0.0GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
1754: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1756: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1758: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1760: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1762: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1764: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
Total Memory: 0.01 % (VMS 0.00 GB, RSS 0.00 GB)
Total CPU: 0.00 %
NSClient++ via check_nt
NSClient++ includes a PROCSTATE module. The functionality provided is simple, if the process is running the state is OK, if the process is not running the state is CRITICAL.
Command:
./check_nt -H 10.25.14.10 -p 12489 -s 'Str0ngP@ssw0rd' -v PROCSTATE -l spoolsv.exe -d SHOWALL
Output:
spoolsv.exe: Running
NSClient++ via check_nrpe
NSClient++ includes a check_process module. The functionality provided is simple, if the process is running the state is OK, if the process is not running the state is CRITICAL (these can be changed, see the Process is NOT running section).
Command:
./check_nrpe -H 10.25.14.10 -c check_process -a process=spoolsv.exe show-all
Output:
OK: spoolsv.exe=started|'spoolsv.exe state'=1;0;0 'count'=1;0;0
WMI
Check WMI Plus includes a checkprocess module. Using the Nagios Plugin Threshold standards, the thresholds are triggered based on how they are defined
Process: | spoolsv.exe |
Critical: | If 0 are running OR more than 1 is running |
Command:
./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkprocess -a spoolsv.exe -c 1:1
Output:
OK - Found 1 Instance(s) of "spoolsv.exe" running (0 excluded). (List is on next line)|'Process Count'=1;1; 'Excluded Process Count'=0;
The process(es) found are spoolsv.exe
Process: | svchost.exe |
Critical: | A minimum of 6 processes must be running |
Command:
./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkprocess -a svchost.exe -c 6:
Output:
OK - Found 10 Instance(s) of "svchost.exe" running (0 excluded). (List is on next line)|'Process Count'=10;6; 'Excluded Process Count'=0;
The process(es) found are 10x svchost.exe
SNMP
The check_snmp_process_wizard.pl plugin allows you to target processes using SNMP. The thresholds for the checks are triggered if the amount of processes found is less than or equal to the supplied values.
Process: | vmtoolsd |
Critical: | If 0 are running |
This command uses the -r argument, enforces an exact match of the process name.
Command:
./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -r -n vmtoolsd -w 0 -c 0
Output:
1 process named vmtoolsd (> 0)
Process: | kworker |
Critical: | A minimum of 6 processes must be running |
This command does NOT use the -r argument, this allows for a regular expression match of the process name.
Command:
./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -n kworker -w 6 -c 6
Output:
8 process matching kworker (> 6)
Process Is NOT Running
These checks are for confirming a process is NOT running, additionally you can be notified if the total processes exceeds a threshold.
Nagios Plugins
The check_process plugin is part of Nagios Plugins. Using the Nagios Plugin Threshold standards, the thresholds are triggered based on how they are defined.
Process: | vmtoolds |
Critical: | If 1 or more is running |
Command:
./check_procs -C vmtoolsd -c :0
Output:
PROCS OK: 0 processes with command name 'vmtoolsd' | procs=0;;:0;0;
Process: | mingetty |
Critical: | No more than 6 processes must be running |
Command:
./check_procs -C mingetty -c :6
Output:
PROCS OK: 6 processes with command name 'mingetty' | procs=6;;:6;0;
NCPA
NPCA includes a processes module. Using the Nagios Plugin Threshold standards, the thresholds are triggered based on how they are defined.
Process: | vmtoolds |
Critical: | If 1 or more is running |
Command:
./check_ncpa.py -H 10.25.13.36 -t 'Str0ngT0k3n' -P 5693 -M 'processes' -q 'name=vmtoolsd' -c 0
Output:
CRITICAL: Process count for processes named vmtoolsd was 1 | 'process_count'=1;;0; 'cpu'=0.0%;;; 'memory'=0.08%;;; 'memory_vms'=0.31GB;;; 'memory_rss'=0.01GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
641: vmtoolsd: root: 0.08 % (VMS 0.31 GB, RSS 0.01 GB): 0.00 %
Total Memory: 0.08 % (VMS 0.31 GB, RSS 0.01 GB)
Total CPU: 0.00 %
Process: | mingetty |
Critical: | No more than 6 processes must be running |
Command:
./check_ncpa.py -H 10.25.13.31 -t 'Str0ngT0k3n' -P 5693 -M 'processes' -q 'name=mingetty' -c 6:
Output:
OK: Process count for processes named mingetty was 6 | 'process_count'=6;;6:; 'cpu'=0.0%;;; 'memory'=0.01%;;; 'memory_vms'=0.0GB;;; 'memory_rss'=0.0GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
1754: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1756: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1758: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1760: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1762: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1764: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
Total Memory: 0.01 % (VMS 0.00 GB, RSS 0.00 GB)
Total CPU: 0.00 %
NSClient++ via check_nt
NSClient++ includes a PROCSTATE module. The module can only check if the process is running, you could however use the negate plugin to invert the returned result from the plugin (hence making CRITICAL an OK state).
Command:
./negate ./check_nt -H 10.25.14.10 -p 12489 -s 'Str0ngP@ssw0rd' -v PROCSTATE -l spoolsv.exe -d SHOWALL
Output:
spoolsv.exe: not running
NSClient++ via check_nrpe
NSClient++ includes a check_process module. The module allows you to define what is an OK state allowing you to define that stopped is OK.
Command:
./check_nrpe -H 10.25.14.10 -c check_process -a process=spoolsv.exe 'ok=state = stopped' 'warn= state != stopped' 'crit=state != stopped' show-all
Output:
OK: spoolsv.exe=stopped
WMI
Check WMI Plus includes a checkprocess module. The module defines a "good" process as one that is running and a "bad" process is one that is not running, so you can define critical is when more than 0 "good" processes exist.
Process: | spoolsv.exe |
Critical: | If more than 0 are running |
Command:
./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkprocess -a spoolsv.exe -c _NumGood=0
Output:
OK - Found 0 Instance(s) of "spoolsv.exe" running (0 excluded). |'Process Count'=0; 'Excluded Process Count'=0;
SNMP
The check_snmp_process_wizard.pl plugin allows you to target processes using SNMP. The thresholds for the checks are triggered if the amount of processes found is less than or equal to the supplied values, you could however use the negate plugin to invert the returned result from the plugin (hence making CRITICAL an OK state).
Process: | vmtoolsd |
Critical: | If more than 0 are running |
This command uses the -r argument, enforces an exact match of the process name.
Command:
./negate -s ./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -r -n vmtoolsd -w 0 -c 0
Output:
No process named vmtoolsd found : OK
Process: | kworker |
Critical: | A minimum of 6 processes must be running |
This command does NOT use the -r argument, this allows for a regular expression match of the process name. This example also uses the negate plugin to invert the returned result from the plugin (hence making CRITICAL an OK state).
Command:
./negate ./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -n kworker -w 6 -c 6
Output:
8 process matching kworker (> 6)
Even though the word CRITICAL is not shown, the exit code returned by negate is 2 (CRITICAL).
Multiple Separate Processes
Some of the plugins allow you to target multiple processes, this is useful if you want a single Nagios service.
Nagios Plugins
The check_process plugin is part of Nagios Plugins. This time the plugin performs a regular expression against an array of strings separated with the pipe symbol (make sure they entire argument is enclosed within single quotes). The thresholds are based on the total you expect to be running.
Process: | crond AND rsyslogd |
Critical: | A total of 2 must be running |
Command:
./check_procs --ereg-argument-array 'crond|rsyslogd' -c 2:2
Output:
PROCS OK: 2 processes with regex args 'crond,rsyslogd' | procs=2;;2:2;0;
NCPA
NPCA includes a processes module. The module allows you to provide multiple arguments, along with the combiner argument. The thresholds are based on the total you expect to be running.
Process: | crond AND rsyslogd |
Critical: | A total of 2 must be running |
Command:
./check_ncpa.py -H 10.25.13.36 -t 'Str0ngT0k3n' -P 5693 -M 'processes' -q 'name=crond,name=rsyslogd,combiner=or' -c 2:2
Output:
OK: Process count for processes named crond,rsyslogd was 2 | 'process_count'=2;;2:2; 'cpu'=0.0%;;; 'memory'=0.035%;;; 'memory_vms'=0.05GB;;; 'memory_rss'=0.0GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
1494: rsyslogd: root: 0.04 % (VMS 0.04 GB, RSS 0.00 GB): 0.00 %
1741: crond: root: 0.03 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
Total Memory: 0.04 % (VMS 0.05 GB, RSS 0.00 GB)
Total CPU: 0.00 %
NSClient++ via check_nt
NSClient++ includes a PROCSTATE module and it allows you to check for multiple processes using a comma separated list.
Command:
./check_nt -H 10.25.14.10 -p 12489 -s 'Str0ngP@ssw0rd' -v PROCSTATE -l spoolsv.exe,dwm.exe -d SHOWALL
Output:
dwm.exe: Running, spoolsv.exe: Running
NSClient++ via check_nrpe
NSClient++ includes a check_process module and it allows you to check for multiple processes by defining multiple process arguments.
Command:
./check_nrpe -H 10.25.14.10 -c check_process -a process=spoolsv.exe process=dwm.exe show-all
Output:
OK: dwm.exe=started, spoolsv.exe=started|'dwm.exe state'=1;0;0 'spoolsv.exe state'=1;0;0 'count'=2;0;0
WMI
Check WMI Plus includes a checkprocess module. This time the plugin performs a regular expression against an array of strings separated with the pipe symbol (make sure they entire argument is enclosed within single quotes). The thresholds are based on the total you expect to be running.
Command:
./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkprocess -a 'spoolsv.exe|dwm.exe' -c 2:2
Output:
OK - Found 2 Instance(s) of "spoolsv.exe|dwm.exe" running (0 excluded). (List is on next line)|'Process Count'=2;2; 'Excluded Process Count'=0;
The process(es) found are dwm.exe, spoolsv.exe
SNMP
The check_snmp_process_wizard.pl plugin allows you to target processes using SNMP. This time the plugin performs a regular expression against an array of strings separated with the pipe symbol (make sure they entire argument is enclosed within single quotes). The thresholds are based on the total you expect to be running. The thresholds for the checks are triggered if the amount of processes found is less than or equal to the supplied values.
Command:
./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -n 'vmtoolsd|crond' -w 1 -c 1
Output:
2 process matching vmtoolsd|crond (> 1)
Total Processes
These checks are for identifying how many total processes are running on your system.
Nagios Plugins
The check_process plugin is part of Nagios Plugins, this checks the total processes running on a system.
Warning: | More than 400 running processes |
Critical: | More than 500 running processes |
Command:
./check_procs -w 400 -c 500
Output:
PROCS OK: 75 processes | procs=75;400;500;0;
You can also check processes that are in a particular state, for example ZOMBIE processes.
Critical: | More than 1 ZOMBIE process |
Command:
./check_procs -s Z -c 1
Output:
PROCS OK: 0 processes with STATE = Z | procs=0;;1;0;
NCPA
NPCA includes a processes module, this checks the total processes running on a system.
Warning: | More than 400 running processes |
Critical: | More than 500 running processes |
Command:
./check_ncpa.py -H 10.25.13.36 -t 'Str0ngT0k3n' -P 5693 -M processes -w 400 -c 500
Output:
OK: Process count was 94 | 'process_count'=94;400;500; 'cpu'=0.0%;;; 'memory'=0.0209574468085%;;; 'memory_vms'=0.24GB;;; 'memory_rss'=0.06GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
1: init: root: 0.03 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
2: kthreadd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
3: migration/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
4: ksoftirqd/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
5: stopper/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
6: watchdog/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
7: migration/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
8: stopper/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
9: ksoftirqd/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
10: watchdog/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
11: events/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
12: events/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
13: events/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
14: events/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
15: events_long/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
16: events_long/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
17: events_power_ef: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
18: events_power_ef: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
19: cgroup: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
20: khelper: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
21: netns: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
22: async/mgr: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
23: pm: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
24: sync_supers: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
25: bdi-default: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
26: kintegrityd/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
27: kintegrityd/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
28: kblockd/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
29: kblockd/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
30: kacpid: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
31: kacpi_notify: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
32: kacpi_hotplug: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
33: ata_aux: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
34: ata_sff/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
35: ata_sff/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
36: ksuspend_usbd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
37: khubd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
38: kseriod: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
39: md/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
40: md/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
41: md_misc/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
42: md_misc/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
43: linkwatch: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
44: khungtaskd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
45: kswapd0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
46: ksmd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
47: aio/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
48: aio/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
49: crypto/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
50: crypto/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
57: kthrotld/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
58: kthrotld/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
59: pciehpd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
61: kpsmoused: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
62: usbhid_resumer: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
63: deferwq: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
95: kdmremove: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
96: kstriped: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
128: ttm_swap: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
243: scsi_eh_0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
244: scsi_eh_1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
275: mpt_poll_0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
276: mpt/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
277: scsi_eh_2: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
377: kdmflush: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
379: kdmflush: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
445: jbd2/dm-0-8: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
446: ext4-dio-unwrit: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
527: udevd: root: 0.02 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
659: vmmemctl: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
802: udevd: root: 0.02 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
833: jbd2/sda1-8: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
834: ext4-dio-unwrit: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
868: kauditd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
991: flush-253:0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1362: vmtoolsd: root: 0.16 % (VMS 0.02 GB, RSS 0.01 GB): 0.00 %
1387: VGAuthService: root: 0.19 % (VMS 0.01 GB, RSS 0.01 GB): 0.00 %
1472: auditd: root: 0.02 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1494: rsyslogd: root: 0.04 % (VMS 0.04 GB, RSS 0.00 GB): 0.00 %
1648: sshd: root: 0.02 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1727: master: root: 0.06 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1737: pickup: postfix: 0.06 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1738: qmgr: postfix: 0.06 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1741: crond: root: 0.03 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1754: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1756: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1758: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1760: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1762: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1764: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1766: sshd: root: 0.09 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1768: bash: root: 0.04 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1859: ncpa_passive: nagios: 0.51 % (VMS 0.04 GB, RSS 0.02 GB): 0.00 %
1888: ncpa_listener: nagios: 0.56 % (VMS 0.05 GB, RSS 0.02 GB): 0.00 %
Total Memory: 0.02 % (VMS 0.24 GB, RSS 0.06 GB)
Total CPU: 0.00 %
NSClient++ via check_nt
NSClient++ includes a PROCSTATE module however it does not provide the ability to check the total processes.
NSClient++ via check_nrpe
NSClient++ includes a check_process module, this checks the total processes running on a system.
Warning: | More than 400 running processes |
Critical: | More than 500 running processes |
Command:
./check_nrpe -H 10.25.14.10 -c check_process -a 'warn= total > 400' 'crit= total > 500' top-syntax='${status}: Total processes = ${total}' ok-syntax='${status}: Total processes = ${total}'
Output:
OK: Total processes = 126|'total'=126;400;500
WMI
Check WMI Plus includes a checkprocess module, this checks the total processes running on a system.
Warning: | More than 400 running processes |
Critical: | More than 500 running processes |
Command:
./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkprocess -a '.' -w 400 -c 500
Output:
OK - Found 46 Instance(s) of "." running (0 excluded). (List is on next line)|'Process Count'=46;400;500; 'Excluded Process Count'=0;
The process(es) found are System Idle Process, System, smss.exe, 3x csrss.exe, wininit.exe, 2x winlogon.exe, services.exe,
lsass.exe, lsm.exe, 10x svchost.exe, LogonUI.exe, armsvc.exe, eventtrap.exe, flowexport.exe, ncpa_listener.exe, ncpa_passive.exe,
nscp.exe, snmp.exe, 2x vmtoolsd.exe, 3x WmiPrvSE.exe, dllhost.exe, msdtc.exe, sppsvc.exe, SearchIndexer.exe, rdpclip.exe,
taskhost.exe, dwm.exe, explorer.exe, mmc.exe, spoolsv.exe, slui.exe
SNMP
The check_snmp plugin is used to query the hrSystemProcesses OID, this checks the total processes running on a system.
Warning: | More than 400 running processes |
Critical: | More than 500 running processes |
Command:
./check_snmp -H 10.25.13.15 -C public -P 2c -o hrSystemProcesses.0 -l 'Total Processes' -w 400 -c 500
Output:
SNMP OK - Total Processes 91 | 'Total Processes'=91;400;500;
Process Resource Usage
These checks are for process resource usage like CPU and Memory.
Nagios Plugins
The check_process plugin is part of Nagios Plugins.
Memory Usage
The plugin provides a couple of different memory checks, this example will alert if VSZ of any processes over 50K or 100K.
Command:
./check_procs --metric=VSZ -w 50000 -c 100000
Output:
VSZ OK: 75 processes | procs=75;;;0; procs_warn=0;;;0; procs_crit=0;;;0;
CPU Usage
This example will alert if the CPU usage of any processes over 10% or 20%.
Command:
./check_procs -w 10 -c 20 --metric=CPU
Output:
CPU OK: 75 processes | procs=75;;;0; procs_warn=0;;;0; procs_crit=0;;;0;
NCPA
NPCA includes a processes module that reports CPU and Memory usage. At this point in time it does not provide the capability to use thresholds, however the checks are good for collecting performance data.
Memory Usage & CPU UsageCommand:
./check_ncpa.py -H 10.25.13.30 -t Str0ngT0k3n -M processes -q "name=rsyslogd"
Output:
OK: Process count for processes named rsyslogd was 1 | 'process_count'=1;;; 'cpu'=0.0%;;; 'memory'=0.08%;;; 'memory_vms'=0.26GB;;; 'memory_rss'=0.0GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
1366: rsyslogd: root: 0.08 % (VMS 0.26 GB, RSS 0.00 GB): 0.00 %
Total Memory: 0.08 % (VMS 0.26 GB, RSS 0.00 GB)
Total CPU: 0.00 %
NSClient++ via check_nt
NSClient++ includes a PROCSTATE module however it does not provide CPU or Memory checks for processes.
NSClient++ via check_nrpe
NSClient++ includes a check_process module and it provides a couple of different memory checks. This example will alert if the virtual memory of the spoolsv.exe process is over 100M or 200M.
Command:
./check_nrpe -H 10.25.14.2 -c check_process -a process=spoolsv.exe 'warn= virtual > 100m' 'crit= virtual > 200M' detail-syntax='${exe} Virtual: ${virtual}' show-all
Output:
OK: spoolsv.exe Virtual: 101539840|'spoolsv.exe v_size'=96.83593MB;100;200
The module does not have CPU usage checks.
WMI
Check WMI Plus includes a checkprocess module however it does not provide CPU or Memory checks for processes.
SNMP
The check_snmp_process_wizard.pl plugin allows you to target processes using SNMP.
Memory Usage
This example will alert if the virtual memory of the vmtoolsd process is over 100M or 200M.
Command:./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -r -n vmtoolsd -m 100,200
Output:
1 process named vmtoolsd (> 0), Mem : 4.4Mb OK
CPU Usage
This example will alert if the CPU usage of the vmtoolsd process is over 20% or 50%.
Command:
./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -r -n vmtoolsd -u 20,50
Output:
1 process named vmtoolsd (> 0), Cpu : 0% OK
Final Thoughts
For any support related questions please visit the Nagios Support Forums at: