Configuring Processes


This topic provides instructions to configure the Processes monitor type. You can configure Processes from the Linux Default monitor profile and the Linux Storage monitor profile

The following video (2:56) demonstrates how to set up process monitoring by using PATROL for Linux:

 

icon-play@2x.png https://youtu.be/ksGB3vU5IXk

 

To add a process for monitoring

  1. In the List of Processes section, click Add to configure a new process for monitoring. 
    You can configure multiple processes for monitoring. 
  2. To configure process monitoring, perform the actions described in the following table:
    The Process configuration examples topic provides examples to help you configure the monitor type.

Field

Description

Process Details

Process Label

Enter a display name for processes to be monitored. The display name (process label) cannot contain special characters . [ ! @ # $ % ? { } ^ \ \ / | + = & * ( ) ) ; ] ) and blank spaces. The label can contain a maximum of 100 characters.

For example: The display name can be sshd_proc, patrolagent_proc.

Process Name String

Enter a string that matches the names of processes to be monitored. You can also enter a regular expression.

For example:

  • The string can be /usr/sbin/sshd, Patrol.*
  • To monitor the PATROL Agent process running on port 3282, enter the regular expression as PatrolAgent -p 3282$.

Important: PATROL monitors all processes that match the string you type in this field. When you enter text in this field, you can monitor multiple processes. For example, if you type vi in this field, the PATROL Agent monitors vi, view, and previous.

Minimum Count

Select the minimum number of process instances on the local computer or host group. To monitor multiple instances of the same process, this value must be set to 2 or greater. If the number of running process instances is lower than this value, the PATROL Agent generates an alert.

Maximum Count

Select the maximum number of process instances on the local computer or in the host group. The PATROL Agent generates an alert if the number of running process instances exceeds this value.

Important: The value in this field must be equal to or greater than the value in the Minimum Count field.

Acceptable process owner

Enter a comma-separated regular expression to identify the acceptable process owners.

Use process Owners for Filtering

Select this check box to filter processes based on the process owners.

Because the process filtering for the processes is based on owners, the owner of the processes is always a subset of the provided owner set. Therefore, the Process Ownership Check (ProcessOwnerCheck) attribute is deactivated when the check box is selected.

Parent Process ID Must Be 1

Select this check box to set the parent process ID of the processes as 1.

A process with a PPID of 1 is owned by init or the UNIX scheduler.

Filter Processes with Parent Process ID 1

If you select this check box, only processes with a parent process ID of 1 are filtered. If you do not select the check box, the processes are filtered regardless of their parent process ID. If you select the Parent Process ID Must Be 1 check box and filter processes with parent process ID 1, the Parent PID is 1 (ProcessParentPID1) attribute is deactivated.

Process Restart Options

Restart Automatically

To automatically restart a process when the KM detects that the process count is less than the set minimum value, the KM uses the value in the Command Execution Attempts field to determine how many times it Command Execution Attempts field to determine how many times they would try to restart a process.

Important: To restart a process automatically, you must provide a start command and a command execution account user name and password. 

Command Execution Attempts

Enter a value in this field to set the number of times the host would attempt to run the Start Process or Stop Process command before it stops trying to run the command. The value that you enter in this field must be 1 or greater.

Start Command

Enter the command string that starts the process instance. To use the command, specify a command execution user name and password.

Stop Command

Enter the command string that stops the process instance. To use the command, specify a command execution user name and password.

Command Execution User Name

Enter the user ID with which the command is executed.

Command Execution Password

Enter the password for the user name with which the command is executed.

Process Thread Monitoring

Thread Monitoring

Select this check box to enable the process thread monitoring.

Number of days to keep stale thread instances

Specify the number of days you want to keep inactive thread instances. The minimum is 0 days, and the maximum is 7 days.

The default number is zero (0) and when set to zero, all inactive or stale instances will be deleted immediately.

Process Alert Options

Alert Delay Count

Set the number of collection intervals for which host defers an alert while it waits for the process count to be re-established across the host or group. If you delay the alert, the system has time to detect that a process has died and restart it automatically before PATROL generates an alarm.

Alert State

Select the state change (ALARM or WARNING) that will occur when the minimum or maximum process count is exceeded, and the alert delay count reaches 0. The state change applies to the following attributes:

  • Process Count Check (ProcessCountCheck)
  • Process Ownership Check (ProcessOwnerCheck)
  • Parent PID is 1 (ProcessParentPID1)

Important: The alert thresholds for Process Count Check (ProcessCountCheck) must not be modified for the product to work as designed. Alerts for process presence monitoring are generated based on the Process Count Check (ProcessCountCheck) attribute for which the following thresholds are defined:

  • 0 for OK
  • 1 for WARNING
  • 2 for ALARM

Automatic process monitoring

Configure the Linux remote monitoring profile to add processes to the monitoring list if any process exceeds the CPU consumption for a specified time duration.

Field

Description

Automatic Process Monitoring

Disable Automatic Process Monitoring

Select this checkbox to disable the default monitoring of processes.

By default, the system monitors all processes configured with the specified percentage of CPU consumption for the defined time durations.

CPU Utilization in %

Enter the CPU consumption limit for a process (in percentage).  The value must match the following regular expression pattern: '^[0-9]+$'.

By default, this value is set to 90.

Time Duration in secs

The time duration (in seconds) during which a process exceeds the CPU usage limit. The input that you specify must match the regular expression pattern: '^[0-9]+$'.

By default, this value is set to 300.

Process configuration examples 

The following table describes how specific filters are processed by filter rules:

Scenario

Example

Comments

To receive an alert if the process count drops below
or exceeds the predefined number of processes

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

None

To monitor processes started by authorized users and
receive an alert if an unauthorized user starts a process

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Acceptable process owner: abc

If "xyz" user starts bash process
Process Ownership Check (ProcessOwnerCheck) attribute will
raise an alarm.

To monitor a process started by a specific user and
exclude processes started by other users

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Acceptable process owner: abc|pqr|xyz

Use Process Owners for Filtering?: Select the check box

A pipe separated list or a regular expression of
acceptable process owners.

Here, abc, pqr and xyz are acceptable process owners.

To monitor processes whose Parent Process ID is one

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Parent Process ID must be 1: Select the check box 

Filter Processes with Parent Process ID 1: Do not select the check box

This configuration is usually suitable for system processes with parent process ID 1.

If for some process, the parent PID is not 1, ProcessParentPID1

would be in WARN/ALARM state.

To filter processes whose Parent Process ID is one

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Parent Process ID must be 1: Select the check box

Filter Processes with Parent Process ID 1: Select check box

Exclude all processes that match the Process Name String criteria but whose parent PID is not 1.

To delay alert by 'N' number of collections

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Alert Delay Count: 3

Alert State: Warning or Alarm

This setting will delay an alert if some process violates the
set minimum or maximum limit.

To avoid delay and get an immediate alert if a process
violates configured minimum or maximum thresholds

Process Label: bash

Process Name String: bash.*

Minimum count: 5

Maximum count: 15

Alert Delay Count: 0

Alert State: Warning or Alarm

None

To monitor processes that begin with /usr/sbin

Process Label: bash sys_processes

Process Name String: bash.* ^/usr/sbin

Monitors all the processes that
begin with /usr/sbin

Monitor processes like:

/usr/sbin/sshd

/usr/sbin/syslogd

/usr/sbin/inetd

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*