Configuring Processes

Process Label

Enter a display name for processes to be monitored. The display name (process label) cannot contain special characters ( . [ ! @ # $ % ? { } ^ \ \ / | + = & * ( ) ) ; ] ) and blank spaces. The label can contain a maximum of 100 characters.

For example: The display name can be sshd_proc, patrolagent_proc.

Process Name String

Enter a string that matches the names of processes to be monitored. You can also enter a regular expression.

For example:

• The string can be /usr/sbin/sshd, Patrol.*
• To monitor the PATROL Agent process running on port 3282, enter the regular expression as PatrolAgent -p 3282$.

Important: PATROL monitors all processes that match the string you type in this field. When you enter text in this field, you can monitor multiple processes. For example, if you type vi in this field, the PATROL Agent monitors vi, view, and previous.

Minimum Count

Select the minimum number of process instances on the local computer or host group. To monitor multiple instances of the same process, this value must be set to 2 or greater. If the number of running process instances is lower than this value, the PATROL Agent generates an alert.

Maximum Count

Select the maximum number of process instances on the local computer or in the host group. The PATROL Agent generates an alert if the number of running process instances exceeds this value.

Important: The value in this field must be equal to or greater than the value in the Minimum Count field.

Acceptable process owner

Enter a comma-separated regular expression to identify the acceptable process owners.

Use process Owners for Filtering

Select this check box to filter processes based on the process owners.

Because the process filtering for the processes is based on owners, the owner of the processes is always a subset of the provided owner set. Therefore, the Process Ownership Check (ProcessOwnerCheck) attribute is deactivated when the check box is selected.

Parent Process ID Must Be 1

Select this check box to set the parent process ID of the processes as 1.

A process with a PPID of 1 is owned by init or the UNIX scheduler.

Filter Processes with Parent Process ID 1

If you select this check box, only processes with a parent process ID of 1 are filtered. If you do not select the check box, the processes are filtered regardless of their parent process ID. If you select the Parent Process ID Must Be 1 check box and filter processes with parent process ID 1, the Parent PID is 1 (ProcessParentPID1) attribute is deactivated.

Restart Automatically

To automatically restart a process when the KM detects that the process count is less than the set minimum value, the KM uses the value in the Command Execution Attempts field to determine how many times it Command Execution Attempts field to determine how many times they would try to restart a process.

Important: To restart a process automatically, you must provide a start command and a command execution account user name and password. 

Command Execution Attempts

Enter a value in this field to set the number of times the host would attempt to run the Start Process or Stop Process command before it stops trying to run the command. The value that you enter in this field must be 1 or greater.

Start Command

Enter the command string that starts the process instance. To use the command, specify a command execution user name and password.

Stop Command

Enter the command string that stops the process instance. To use the command, specify a command execution user name and password.

Command Execution User Name

Enter the user ID with which the command is executed.

Command Execution Password

Enter the password for the user name with which the command is executed.

Thread Monitoring

Select this check box to enable the process thread monitoring.

Number of days to keep stale thread instances

Specify the number of days you want to keep inactive thread instances. The minimum is 0 days, and the maximum is 7 days.

The default number is zero (0) and when set to zero, all inactive or stale instances will be deleted immediately.

Alert Delay Count

Set the number of collection intervals for which host defers an alert while it waits for the process count to be re-established across the host or group. If you delay the alert, the system has time to detect that a process has died and restart it automatically before PATROL generates an alarm.

Alert State

Select the state change (ALARM or WARNING) that will occur when the minimum or maximum process count is exceeded, and the alert delay count reaches 0. The state change applies to the following attributes:

• Process Count Check (ProcessCountCheck)
• Process Ownership Check (ProcessOwnerCheck)
• Parent PID is 1 (ProcessParentPID1)

Important: The alert thresholds for Process Count Check (ProcessCountCheck) must not be modified for the product to work as designed. Alerts for process presence monitoring are generated based on the Process Count Check (ProcessCountCheck) attribute for which the following thresholds are defined:

• 0 for OK
• 1 for WARNING
• 2 for ALARM

To receive an alert if the process count drops below
or exceeds the predefined number of processes

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

None

To monitor processes started by authorized users and
receive an alert if an unauthorized user starts a process

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Acceptable process owner: abc

If "xyz" user starts bash process
Process Ownership Check (ProcessOwnerCheck) attribute will
raise an alarm.

To monitor a process started by a specific user and
exclude processes started by other users

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Acceptable process owner: abc|pqr|xyz

Use Process Owners for Filtering?: Select the check box

A pipe separated list or a regular expression of
acceptable process owners.

Here, abc, pqr and xyz are acceptable process owners.

To monitor processes whose Parent Process ID is one

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Parent Process ID must be 1: Select the check box 

Filter Processes with Parent Process ID 1: Do not select the check box

This configuration is usually suitable for system processes with parent process ID 1.

If for some process, the parent PID is not 1, ProcessParentPID1

would be in WARN/ALARM state.

To filter processes whose Parent Process ID is one

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Parent Process ID must be 1: Select the check box

Filter Processes with Parent Process ID 1: Select check box

Exclude all processes that match the Process Name String criteria but whose parent PID is not 1.

To delay alert by 'N' number of collections

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Alert Delay Count: 3

Alert State: Warning or Alarm

This setting will delay an alert if some process violates the
set minimum or maximum limit.

To avoid delay and get an immediate alert if a process
violates configured minimum or maximum thresholds

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Alert Delay Count: 0

Alert State: Warning or Alarm

None

To monitor processes that begin with /usr/sbin

Process Label: bash sys_processes

Process Name String: bash.* ^/usr/sbin

Monitors all the processes that
begin with /usr/sbin

Monitor processes like:

/usr/sbin/sshd

/usr/sbin/syslogd

/usr/sbin/inetd