Home » Categories » General Topics » Check Library

Process Checks

Process Checks

Process checks can help identify the following:

The sections below provide examples of how to perform these checks using different methods.

 

Process Is Running

These checks are for confirming a process is running, additionally you can be notified if the total processes exceeds a threshold.

 

Nagios Plugins

The check_process plugin is part of Nagios Plugins. Using the Nagios Plugin Threshold standards, the thresholds are triggered based on how they are defined.

Process: vmtoolds
Critical: If 0 are running OR more than 1 is running

Command:

./check_procs -C vmtoolsd -c 1:1

Output:

PROCS OK: 1 process with command name 'vmtoolsd' | procs=1;;1:1;0;

 

Process: mingetty
Critical: A minimum of 6 processes must be running

Command:

./check_procs -C mingetty -c 6:

Output:

PROCS OK: 6 processes with command name 'mingetty' | procs=6;;:6:;0;

NCPA

NPCA includes a processes module. Using the Nagios Plugin Threshold standards, the thresholds are triggered based on how they are defined.

Process: vmtoolds
Critical: If 0 are running OR more than 1 is running

Command:

./check_ncpa.py -H 10.25.13.36 -t 'Str0ngT0k3n' -P 5693 -M 'processes' -q 'name=vmtoolsd' -c 1:1

Output:

OK: Process count for processes named vmtoolsd was 1 | 'process_count'=1;;1:1; 'cpu'=0.0%;;; 'memory'=0.08%;;; 'memory_vms'=0.31GB;;; 'memory_rss'=0.01GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
641: vmtoolsd: root: 0.08 % (VMS 0.31 GB, RSS 0.01 GB): 0.00 %

Total Memory: 0.08 % (VMS 0.31 GB, RSS 0.01 GB)
Total CPU: 0.00 %

 

Process: mingetty
Critical: A minimum of 6 processes must be running

Command:

./check_ncpa.py -H 10.25.13.31 -t 'Str0ngT0k3n' -P 5693 -M 'processes' -q 'name=mingetty' -c 6:

Output:

OK: Process count for processes named mingetty was 6 | 'process_count'=6;;6:; 'cpu'=0.0%;;; 'memory'=0.01%;;; 'memory_vms'=0.0GB;;; 'memory_rss'=0.0GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
1754: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1756: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1758: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1760: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1762: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1764: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %

Total Memory: 0.01 % (VMS 0.00 GB, RSS 0.00 GB)
Total CPU: 0.00 %

NSClient++ via check_nt

NSClient++ includes a PROCSTATE module. The functionality provided is simple, if the process is running the state is OK, if the process is not running the state is CRITICAL.

Command:

./check_nt -H 10.25.14.10 -p 12489 -s 'Str0ngP@ssw0rd' -v PROCSTATE -l spoolsv.exe -d SHOWALL

Output:

 spoolsv.exe: Running

NSClient++ via check_nrpe

NSClient++ includes a check_process module. The functionality provided is simple, if the process is running the state is OK, if the process is not running the state is CRITICAL (these can be changed, see the Process is NOT running section).

Command:

./check_nrpe -H 10.25.14.10 -c check_process -a process=spoolsv.exe show-all

Output:

OK: spoolsv.exe=started|'spoolsv.exe state'=1;0;0 'count'=1;0;0

WMI

Check WMI Plus includes a checkprocess module. Using the Nagios Plugin Threshold standards, the thresholds are triggered based on how they are defined

Process: spoolsv.exe
Critical: If 0 are running OR more than 1 is running

Command:

./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkprocess -a spoolsv.exe -c 1:1

Output:

OK - Found 1 Instance(s) of "spoolsv.exe" running (0 excluded).  (List is on next line)|'Process Count'=1;1; 'Excluded Process Count'=0;
The process(es) found are spoolsv.exe

 

Process: svchost.exe
Critical: A minimum of 6 processes must be running

Command:

./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkprocess -a svchost.exe -c 6:

Output:

OK - Found 10 Instance(s) of "svchost.exe" running (0 excluded).  (List is on next line)|'Process Count'=10;6; 'Excluded Process Count'=0; 
The process(es) found are 10x svchost.exe

SNMP

The check_snmp_process_wizard.pl plugin allows you to target processes using SNMP. The thresholds for the checks are triggered if the amount of processes found is less than or equal to the supplied values.

Process: vmtoolsd
Critical: If 0 are running

This command uses the -r argument, enforces an exact match of the process name.

Command:

./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -r -n vmtoolsd -w 0 -c 0

Output:

1 process named vmtoolsd (> 0)

 

Process: kworker
Critical: A minimum of 6 processes must be running

This command does NOT use the -r argument, this allows for a regular expression match of the process name.

Command:

./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -n kworker -w 6 -c 6

Output:

8 process matching kworker (> 6)

 

 

Process Is NOT Running

These checks are for confirming a process is NOT running, additionally you can be notified if the total processes exceeds a threshold.

 

Nagios Plugins

The check_process plugin is part of Nagios Plugins. Using the Nagios Plugin Threshold standards, the thresholds are triggered based on how they are defined.

Process: vmtoolds
Critical: If 1 or more is running

Command:

./check_procs -C vmtoolsd -c :0

Output:

PROCS OK: 0 processes with command name 'vmtoolsd' | procs=0;;:0;0;

 

Process: mingetty
Critical: No more than 6 processes must be running

Command:

./check_procs -C mingetty -c :6

Output:

PROCS OK: 6 processes with command name 'mingetty' | procs=6;;:6;0;

NCPA

NPCA includes a processes module. Using the Nagios Plugin Threshold standards, the thresholds are triggered based on how they are defined.

Process: vmtoolds
Critical: If 1 or more is running

Command:

./check_ncpa.py -H 10.25.13.36 -t 'Str0ngT0k3n' -P 5693 -M 'processes' -q 'name=vmtoolsd' -c 0

Output:

CRITICAL: Process count for processes named vmtoolsd was 1 | 'process_count'=1;;0; 'cpu'=0.0%;;; 'memory'=0.08%;;; 'memory_vms'=0.31GB;;; 'memory_rss'=0.01GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
641: vmtoolsd: root: 0.08 % (VMS 0.31 GB, RSS 0.01 GB): 0.00 %

Total Memory: 0.08 % (VMS 0.31 GB, RSS 0.01 GB)
Total CPU: 0.00 %

 

Process: mingetty
Critical: No more than 6 processes must be running

Command:

./check_ncpa.py -H 10.25.13.31 -t 'Str0ngT0k3n' -P 5693 -M 'processes' -q 'name=mingetty' -c 6:

Output:

OK: Process count for processes named mingetty was 6 | 'process_count'=6;;6:; 'cpu'=0.0%;;; 'memory'=0.01%;;; 'memory_vms'=0.0GB;;; 'memory_rss'=0.0GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
1754: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1756: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1758: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1760: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1762: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1764: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %

Total Memory: 0.01 % (VMS 0.00 GB, RSS 0.00 GB)
Total CPU: 0.00 %

NSClient++ via check_nt

NSClient++ includes a PROCSTATE module. The module can only check if the process is running, you could however use the negate plugin to invert the returned result from the plugin (hence making CRITICAL an OK state).

Command:

./negate ./check_nt -H 10.25.14.10 -p 12489 -s 'Str0ngP@ssw0rd' -v PROCSTATE -l spoolsv.exe -d SHOWALL

Output:

 spoolsv.exe: not running

NSClient++ via check_nrpe

NSClient++ includes a check_process module. The module allows you to define what is an OK state allowing you to define that stopped is OK.

Command:

./check_nrpe -H 10.25.14.10 -c check_process -a process=spoolsv.exe 'ok=state = stopped' 'warn= state != stopped' 'crit=state != stopped' show-all

Output:

OK: spoolsv.exe=stopped

WMI

Check WMI Plus includes a checkprocess module. The module defines a "good" process as one that is running and a "bad" process is one that is not running, so you can define critical is when more than 0 "good" processes exist.

Process: spoolsv.exe
Critical: If more than 0 are running

Command:

./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkprocess -a spoolsv.exe -c _NumGood=0

Output:

OK - Found 0 Instance(s) of "spoolsv.exe" running (0 excluded). |'Process Count'=0; 'Excluded Process Count'=0;

SNMP

The check_snmp_process_wizard.pl plugin allows you to target processes using SNMP. The thresholds for the checks are triggered if the amount of processes found is less than or equal to the supplied values, you could however use the negate plugin to invert the returned result from the plugin (hence making CRITICAL an OK state).

Process: vmtoolsd
Critical: If more than 0 are running

This command uses the -r argument, enforces an exact match of the process name.

Command:

./negate -s ./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -r -n vmtoolsd -w 0 -c 0

Output:

No process named vmtoolsd found : OK

 

Process: kworker
Critical: A minimum of 6 processes must be running

This command does NOT use the -r argument, this allows for a regular expression match of the process name. This example also uses the negate plugin to invert the returned result from the plugin (hence making CRITICAL an OK state).

Command:

./negate ./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -n kworker -w 6 -c 6

Output:

8 process matching kworker (> 6)

Even though the word CRITICAL is not shown, the exit code returned by negate is 2 (CRITICAL).

 

 

Multiple Separate Processes

Some of the plugins allow you to target multiple processes, this is useful if you want a single Nagios service.

 

Nagios Plugins

The check_process plugin is part of Nagios Plugins. This time the plugin performs a regular expression against an array of strings separated with the pipe symbol (make sure they entire argument is enclosed within single quotes). The thresholds are based on the total you expect to be running.

Process: crond AND rsyslogd
Critical: A total of 2 must be running

Command:

./check_procs --ereg-argument-array 'crond|rsyslogd' -c 2:2

Output:

PROCS OK: 2 processes with regex args 'crond,rsyslogd' | procs=2;;2:2;0;

NCPA

NPCA includes a processes module. The module allows you to provide multiple arguments, along with the combiner argument. The thresholds are based on the total you expect to be running.

Process: crond AND rsyslogd
Critical: A total of 2 must be running

Command:

./check_ncpa.py -H 10.25.13.36 -t 'Str0ngT0k3n' -P 5693  -M 'processes' -q 'name=crond,name=rsyslogd,combiner=or' -c 2:2

Output:

OK: Process count for processes named crond,rsyslogd was 2 | 'process_count'=2;;2:2; 'cpu'=0.0%;;; 'memory'=0.035%;;; 'memory_vms'=0.05GB;;; 'memory_rss'=0.0GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
1494: rsyslogd: root: 0.04 % (VMS 0.04 GB, RSS 0.00 GB): 0.00 %
1741: crond: root: 0.03 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %

Total Memory: 0.04 % (VMS 0.05 GB, RSS 0.00 GB)
Total CPU: 0.00 %

NSClient++ via check_nt

NSClient++ includes a PROCSTATE module and it allows you to check for multiple processes using a comma separated list.

Command:

./check_nt -H 10.25.14.10 -p 12489 -s 'Str0ngP@ssw0rd' -v PROCSTATE -l spoolsv.exe,dwm.exe -d SHOWALL

Output:

 dwm.exe: Running, spoolsv.exe: Running

NSClient++ via check_nrpe

NSClient++ includes a check_process module and it allows you to check for multiple processes by defining multiple process arguments.

Command:

./check_nrpe -H 10.25.14.10 -c check_process -a process=spoolsv.exe process=dwm.exe show-all

Output:

OK: dwm.exe=started, spoolsv.exe=started|'dwm.exe state'=1;0;0 'spoolsv.exe state'=1;0;0 'count'=2;0;0

WMI

Check WMI Plus includes a checkprocess module. This time the plugin performs a regular expression against an array of strings separated with the pipe symbol (make sure they entire argument is enclosed within single quotes). The thresholds are based on the total you expect to be running.

Command:

./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkprocess -a 'spoolsv.exe|dwm.exe' -c 2:2

Output:

OK - Found 2 Instance(s) of "spoolsv.exe|dwm.exe" running (0 excluded).  (List is on next line)|'Process Count'=2;2; 'Excluded Process Count'=0; 
The process(es) found are dwm.exe, spoolsv.exe

SNMP

The check_snmp_process_wizard.pl plugin allows you to target processes using SNMP. This time the plugin performs a regular expression against an array of strings separated with the pipe symbol (make sure they entire argument is enclosed within single quotes). The thresholds are based on the total you expect to be running. The thresholds for the checks are triggered if the amount of processes found is less than or equal to the supplied values.

Command:

./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -n 'vmtoolsd|crond' -w 1 -c 1

Output:

2 process matching vmtoolsd|crond (> 1)

 

 

Total Processes

These checks are for identifying how many total processes are running on your system.

 

Nagios Plugins

The check_process plugin is part of Nagios Plugins, this checks the total processes running on a system.

Warning: More than 400 running processes
Critical: More than 500 running processes

Command:

./check_procs -w 400 -c 500

Output:

PROCS OK: 75 processes | procs=75;400;500;0;

 

You can also check processes that are in a particular state, for example ZOMBIE processes.

Critical: More than 1 ZOMBIE process

Command:

./check_procs -s Z -c 1

Output:

PROCS OK: 0 processes with STATE = Z | procs=0;;1;0;

NCPA

NPCA includes a processes module, this checks the total processes running on a system.

Warning: More than 400 running processes
Critical: More than 500 running processes

Command:

./check_ncpa.py -H 10.25.13.36 -t 'Str0ngT0k3n' -P 5693 -M processes -w 400 -c 500

Output:

OK: Process count was 94 | 'process_count'=94;400;500; 'cpu'=0.0%;;; 'memory'=0.0209574468085%;;; 'memory_vms'=0.24GB;;; 'memory_rss'=0.06GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
1: init: root: 0.03 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
2: kthreadd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
3: migration/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
4: ksoftirqd/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
5: stopper/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
6: watchdog/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
7: migration/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
8: stopper/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
9: ksoftirqd/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
10: watchdog/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
11: events/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
12: events/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
13: events/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
14: events/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
15: events_long/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
16: events_long/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
17: events_power_ef: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
18: events_power_ef: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
19: cgroup: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
20: khelper: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
21: netns: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
22: async/mgr: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
23: pm: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
24: sync_supers: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
25: bdi-default: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
26: kintegrityd/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
27: kintegrityd/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
28: kblockd/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
29: kblockd/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
30: kacpid: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
31: kacpi_notify: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
32: kacpi_hotplug: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
33: ata_aux: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
34: ata_sff/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
35: ata_sff/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
36: ksuspend_usbd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
37: khubd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
38: kseriod: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
39: md/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
40: md/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
41: md_misc/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
42: md_misc/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
43: linkwatch: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
44: khungtaskd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
45: kswapd0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
46: ksmd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
47: aio/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
48: aio/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
49: crypto/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
50: crypto/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
57: kthrotld/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
58: kthrotld/1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
59: pciehpd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
61: kpsmoused: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
62: usbhid_resumer: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
63: deferwq: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
95: kdmremove: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
96: kstriped: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
128: ttm_swap: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
243: scsi_eh_0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
244: scsi_eh_1: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
275: mpt_poll_0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
276: mpt/0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
277: scsi_eh_2: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
377: kdmflush: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
379: kdmflush: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
445: jbd2/dm-0-8: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
446: ext4-dio-unwrit: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
527: udevd: root: 0.02 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
659: vmmemctl: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
802: udevd: root: 0.02 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
833: jbd2/sda1-8: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
834: ext4-dio-unwrit: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
868: kauditd: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
991: flush-253:0: root: 0.0 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1362: vmtoolsd: root: 0.16 % (VMS 0.02 GB, RSS 0.01 GB): 0.00 %
1387: VGAuthService: root: 0.19 % (VMS 0.01 GB, RSS 0.01 GB): 0.00 %
1472: auditd: root: 0.02 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1494: rsyslogd: root: 0.04 % (VMS 0.04 GB, RSS 0.00 GB): 0.00 %
1648: sshd: root: 0.02 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1727: master: root: 0.06 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1737: pickup: postfix: 0.06 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1738: qmgr: postfix: 0.06 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1741: crond: root: 0.03 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1754: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1756: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1758: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1760: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1762: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1764: mingetty: root: 0.01 % (VMS 0.00 GB, RSS 0.00 GB): 0.00 %
1766: sshd: root: 0.09 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1768: bash: root: 0.04 % (VMS 0.01 GB, RSS 0.00 GB): 0.00 %
1859: ncpa_passive: nagios: 0.51 % (VMS 0.04 GB, RSS 0.02 GB): 0.00 %
1888: ncpa_listener: nagios: 0.56 % (VMS 0.05 GB, RSS 0.02 GB): 0.00 %

Total Memory: 0.02 % (VMS 0.24 GB, RSS 0.06 GB)
Total CPU: 0.00 %

NSClient++ via check_nt

NSClient++ includes a PROCSTATE module however it does not provide the ability to check the total processes.

NSClient++ via check_nrpe

NSClient++ includes a check_process module, this checks the total processes running on a system.

Warning: More than 400 running processes
Critical: More than 500 running processes

Command:

./check_nrpe -H 10.25.14.10 -c check_process -a 'warn= total > 400' 'crit= total > 500' top-syntax='${status}: Total processes = ${total}' ok-syntax='${status}: Total processes = ${total}'

Output:

OK: Total processes = 126|'total'=126;400;500

WMI

Check WMI Plus includes a checkprocess module, this checks the total processes running on a system.

Warning: More than 400 running processes
Critical: More than 500 running processes

Command:

./check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p Str0ngP@ssw0rd -m checkprocess -a '.' -w 400 -c 500

Output:

OK - Found 46 Instance(s) of "." running (0 excluded).  (List is on next line)|'Process Count'=46;400;500; 'Excluded Process Count'=0; 
The process(es) found are System Idle Process, System, smss.exe, 3x csrss.exe, wininit.exe, 2x winlogon.exe, services.exe,
lsass.exe, lsm.exe, 10x svchost.exe, LogonUI.exe, armsvc.exe, eventtrap.exe, flowexport.exe, ncpa_listener.exe, ncpa_passive.exe,
nscp.exe, snmp.exe, 2x vmtoolsd.exe, 3x WmiPrvSE.exe, dllhost.exe, msdtc.exe, sppsvc.exe, SearchIndexer.exe, rdpclip.exe,
taskhost.exe, dwm.exe, explorer.exe, mmc.exe, spoolsv.exe, slui.exe

SNMP

The check_snmp plugin is used to query the hrSystemProcesses OID, this checks the total processes running on a system.

Warning: More than 400 running processes
Critical: More than 500 running processes

Command:

./check_snmp -H 10.25.13.15 -C public -P 2c -o hrSystemProcesses.0 -l 'Total Processes' -w 400 -c 500

Output:

SNMP OK - Total Processes 91 | 'Total Processes'=91;400;500; 

 

 

Process Resource Usage

These checks are for process resource usage like CPU and Memory.

 

Nagios Plugins

The check_process plugin is part of Nagios Plugins.

Memory Usage

The plugin provides a couple of different memory checks, this example will alert if VSZ of any processes over 50K or 100K.

Command:

./check_procs --metric=VSZ -w 50000 -c 100000

Output:

VSZ OK: 75 processes | procs=75;;;0; procs_warn=0;;;0; procs_crit=0;;;0;

 

CPU Usage

This example will alert if the CPU usage of any processes over 10% or 20%.

Command:

./check_procs -w 10 -c 20 --metric=CPU

Output:

CPU OK: 75 processes | procs=75;;;0; procs_warn=0;;;0; procs_crit=0;;;0;

NCPA

NPCA includes a processes module that reports CPU and Memory usage. At this point in time it does not provide the capability to use thresholds, however the checks are good for collecting performance data.

Memory Usage & CPU Usage

Command:

./check_ncpa.py -H 10.25.13.30 -t Str0ngT0k3n -M processes -q "name=rsyslogd"

Output:

OK: Process count for processes named rsyslogd was 1 | 'process_count'=1;;; 'cpu'=0.0%;;; 'memory'=0.08%;;; 'memory_vms'=0.26GB;;; 'memory_rss'=0.0GB;;;
Processes Matched
PID: Name: Username: Exe: Memory: CPU
-----------------------------------
1366: rsyslogd: root: 0.08 % (VMS 0.26 GB, RSS 0.00 GB): 0.00 %

Total Memory: 0.08 % (VMS 0.26 GB, RSS 0.00 GB)
Total CPU: 0.00 %

NSClient++ via check_nt

NSClient++ includes a PROCSTATE module however it does not provide CPU or Memory checks for processes.

NSClient++ via check_nrpe

NSClient++ includes a check_process module and it provides a couple of different memory checks. This example will alert if the virtual memory of the spoolsv.exe process is over 100M or 200M.

Command:

./check_nrpe -H 10.25.14.2 -c check_process -a process=spoolsv.exe 'warn= virtual > 100m' 'crit= virtual > 200M' detail-syntax='${exe} Virtual: ${virtual}' show-all

Output:

OK: spoolsv.exe Virtual: 101539840|'spoolsv.exe v_size'=96.83593MB;100;200

 

The module does not have CPU usage checks.

WMI

Check WMI Plus includes a checkprocess module however it does not provide CPU or Memory checks for processes.

SNMP

The check_snmp_process_wizard.pl plugin allows you to target processes using SNMP.

 

Memory Usage

This example will alert if the virtual memory of the vmtoolsd process is over 100M or 200M.

Command:
./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -r -n vmtoolsd -m 100,200

Output:

1 process named vmtoolsd (> 0), Mem : 4.4Mb OK

 

CPU Usage

This example will alert if the CPU usage of the vmtoolsd process is over 20% or 50%.

Command:

./check_snmp_process_wizard.pl -H 10.25.13.15 -C public -r -n vmtoolsd -u 20,50

Output:

1 process named vmtoolsd (> 0), Cpu : 0% OK

 

 

Final Thoughts

For any support related questions please visit the Nagios Support Forums at:

http://support.nagios.com/forum/

4 (2)
Article Rating (2 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Network Interface Checks
Viewed 2932 times since Mon, Nov 20, 2017
Agent Checks
Viewed 1274 times since Tue, Nov 14, 2017
Disk Space Checks
Viewed 14446 times since Thu, Nov 9, 2017
Scheduled Task Checks
Viewed 2501 times since Tue, Nov 28, 2017
Operating System Checks
Viewed 2006 times since Tue, Nov 14, 2017
Log Checks
Viewed 2743 times since Tue, Nov 28, 2017
Load Checks
Viewed 8524 times since Thu, Nov 9, 2017
Service Checks
Viewed 4394 times since Tue, Nov 14, 2017
Performance Counter Checks
Viewed 2321 times since Wed, Nov 15, 2017
Health Checks
Viewed 2021 times since Wed, Nov 29, 2017