Configuring Windows Processes in TrueSight

This topic provides information about configuring processes by using the TrueSight and the Central Monitoring Administration console.

Process configuration video

Click to view a short video (4:32) of how to configure processes for monitoring.

 https://youtu.be/ymWCtV5dXVU

Configuration details

On the Add Monitor Types dialog, with the Monitoring Profile set to Services or Processes or Operating System, and the Monitor Type set to Windows Processes, provide the following details:

Process Configuration

Process: Select this check box to enable Process monitoring. By default, PATROL does not monitor any processes. When configuring monitoring for a specific process, you can use the methods shown below:

Process monitoring methods:

Manual process monitoring: Use when you want to select or specify the processes to monitor and you want to customize how PATROL monitors them.

Automatic process monitoring: Use when you want to monitor a process only if it exceeds a specified CPU utilization percentage.

List of Processes: Click  button to configure the process manually. 
Process Specification
Configure Process Monitoring 

Process Label

Specify a label to identify a group of processes. The input that you specify must match the regular expression pattern, '^[0-9a-zA-Z_]+$'.

Process Name

Specify a name or a regular expression pattern that matches the names of processes that must be monitored. Enter only the process name without extension.

Example: If the process name is Notepad, enter Notepad. Do not enter Notepad.exe.

Use Regular Expression for Process Name Select this check box if you want to monitor all the processes that contain the process name specified.

Process Arguments

Specify the command line arguments for the processes that you want to monitor.

Note:

  • To monitor a specific process, enter the process arguments.
  • To monitor all the instances of the same process, enter wildcard asterisk ( * )
  • If the process argument field is left blank, only the process with no arguments will be monitored.

Example:

C:\Windows\system32\svchost.exe -k NetworkService 
C:\Windows\system32\svchost.exe is considered as no arguments and -k NetworkService is considered as arguments

Use Regular Expression for Process Argument Select this check box to enter process command line arguments using regular expression pattern.
Minimum Count Specify a value so that an alarm is raised if the process count drops under this value.
Maximum Count Specify a value so that an alarm is raised if the process count rises above this value.
Acceptable Process Owner Specify a name or regular expression pattern that matches the name of the acceptable process owner.
Use Process Owners for Filtering Select this check box if you want to filter processes based on the process owners.
 Process Settings  
Generate alarm on Process stop Select this check box to generate an alarm when the process stops.
Generate alarm on Process start Select this check box to generate an alarm when the process starts.
OK Click to save the configuration.
Cancel Click to close the configuration window.
Automatic Process Monitoring 
CPU Threshold in % Specify the CPU threshold (in %) for automatic process monitoring. The input that you specify must match the regular expression pattern, '^[0-9]+$'.

By default, this value is set to 90.

Time Duration in secs Specify the time limit (in seconds) to start the automatic process monitoring. The input that you specify must match the regular expression pattern, '^[0-9]+$'. By default, this value is set to 300.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Abhay Bhagat

    Dear , There are more option on the configuration page , i, e Time to terminate runaway Process.

    May I get some details regarding the steps to configure it using presentation server Infrastructure policies

    Apr 26, 2018 03:42
  2. Sandeep Gaike

    Restart Command - Restart the process using the specified command when the process is stopped For using this option, supply the path to an executable that restarts the process and you must include any appropriate command-line arguments.

    Default - Blank

    Time to terminate runaway Process - Terminate the process when the process CPU% utilization exceeds the defined PATROL threshold If this option is used, PATROL terminates the process when it appears to be in a “run away” state. This state is defined by the following criteria: -> The CPU% utilization exceeds the threshold specified in "CPU Threshold in %" under "Automatic Process Monitoring"

    -> The process exceeds this threshold for the specified length of time specified in "Time Duration in secs" When the process exceeds the threshold for the specified length of time, the process is terminated during the next collection cycle.

    Default - Blank

    Apr 27, 2018 02:50
    1. Abhay Bhagat

      Thanks Sandeep , For same server if I create multiple process monitoring infrastructure policies , can I have something like a powershell by patrol user if running with more than 2 % CPU must be terminated after 5 min whereas abcdapplication by abhay user - process running with 65% CPU for 60min must be kill for the same server . Or the "run away " for a server may be global only and cannot vary for different processes .

      Apr 27, 2018 03:07
  3. Sandeep Gaike

    Hi Abhay,

    As you stated, "Run away" for a server is global and cannot vary for different processes.

    In case of multiple process monitoring infrastructure policies, policy with lower precedence will take effect.

    Apr 27, 2018 09:22