Configuring Processes
In the List of Processes section, click Add to configure a new process for monitoring. You can configure multiple processes for monitoring. The following table describes the fields that you need to configure the process monitoring. In the Process configuration examples topic provides examples that would help you configure the monitor type.
Field | Description |
|---|---|
Process Details | |
Process Label | Enter a display name for processes to be monitored. The display name (process label) cannot contain special characters ( . [ ! @ # $ % ? { } ^ \ \ / | + = & * ( ) ) ; ] ) and blank spaces. The label can contain a maximum of 100 characters. For example: Display name can be sshd_proc, patrolagent_proc. |
Process Name String | Enter a string that matches names of processes to be monitored. You can also enter a regular expression. For example:
Note: PATROL monitors all processes that match the string you type in this field. When you enter text in this field, you may end up monitoring multiple processes. For example, if you type vi in this field, the PATROL Agent monitors processes named vi, view, and previous. |
Minimum Count | Select the minimum number of process instances that might be running on the local computer or in the host group. To monitor multiple instances of the same process, this value must be set to 2 or greater. If the number of running process instances falls below this value, the PATROL Agent generates an alert. |
Maximum Count | Select the maximum number of process instances that might be running on the local computer or in the host group. If the number of running process instances exceeds this value, the PATROL Agent generates an alert. Note: The value in this field must be equal to or greater than the value in the Minimum Count field. |
Acceptable process owner | Enter a comma-separated regular expressions to identify the acceptable process owners. |
Use process Owners for Filtering | Select this check box to filter processes based on the process owners. Note: Because the process filtering for the processes is based on owners, the owner of the processes is always a subset of the provided owner set. Therefore, the Process Ownership Check (ProcessOwnerCheck) attribute is deactivated when the check box is selected. |
Parent Process ID Must Be 1 | Select this check box to set the parent process ID of the processes as 1. A process with a PPID of 1 is owned by init, or the UNIX scheduler. |
Filter Processes with Parent Process ID 1 | If you select this check box, only the processes having parent process ID as 1 are filtered. If you do not select the check box, the processes are filtered irrespective of their parent process ID. If you select the Parent Process ID Must Be 1 check box, and if you filter processes with parent process ID 1, the Parent PID is 1 (ProcessParentPID1) attribute is deactivated. |
Process Restart Options | |
Restart Automatically | To automatically restart a process when the KM detects that the process count is less than the set minimum value. The KM uses the value in the Command Execution Attempts field to determine how many times the would try to restart a process. Note: To restart a process automatically, you must provide a start command and a command execution account user name and password. |
Command Execution Attempts | Enter a value in this field to set the number of times the host would attempt to run the Start Process or Stop Process command before it stops trying to run the command. The value that you enter in this field must be 1 or greater. |
Start Command | Enter the command string that starts the process instance. To use the command, specify a command execution username and password. |
Stop Command | Enter the command string that stops the process instance. To use the command, specify a command execution username and password. |
Command Execution User Name | Enter the user ID with which the command is executed. |
Command Execution Password | Enter the password for the username with which the command is executed. |
Process Alert Options | |
Alert Delay Count | Select a value to set the number of collection intervals that this host defers an alert while it waits for the process count to be reestablished across the host or group. If you delay the alert, the system has time to detect that a process has died and restart it automatically before PATROL generates an alarm. |
Alert State | Select the state change (ALARM or WARNING) that will occur when the minimum or maximum process count is exceeded and the alert delay count reaches 0. The state change applies to the following attributes:
Note: The alert thresholds for Process Count Check (ProcessCountCheck) must not be modified for the product to work as designed. Alerts for process presence monitoring are generated based on the Process Count Check (ProcessCountCheck) attribute for which the following thresholds are defined:
|
Process configuration examples
The following table describes how specific filters are processed by filter rules:
Scenario | Example | Comments |
|---|---|---|
To receive an alert if the process count drops below | Process Label: bash Process Name String: bash.* Minimum count: 5 Maximum count: 15 | None |
To monitor processes started by authorized users and | Process Label: bash Process Name String: bash.* Minimum count: 5 Maximum count: 15 Acceptable process owner: abc | If "xyz" user starts bash process |
To monitor process started by a specific user and | Process Label: bash Process Name String: bash.* Minimum count: 5 Maximum count: 15 Acceptable process owner: abc|pqr|xyz Use Process Owners for Filtering?: Select the checkbox | A pipe separated list or a regular expression of Here, abc, pqr and xyz are acceptable process owners. |
To monitor processes whose Parent Process ID is one | Process Label: bash Process Name String: bash.* Minimum count: 5 Maximum count: 15 Parent Process ID must be 1: Select the checkbox Filter Processes with Parent Process ID 1: Do not select the checkbox | This configuration is usually suitable for system processes with parent process ID 1. If for some process, the parent PID is not 1, ProcessParentPID1 would be in WARN/ALARM state. |
To filter processes whose Parent Process ID is one | Process Label: bash Process Name String: bash.* Minimum count: 5 Maximum count: 15 Parent Process ID must be 1: Select checkbox Filter Processes with Parent Process ID 1: Select checkbox | Exclude all processes which match the Process Name String criteria but whose parent PID is not 1 |
To delay alert by 'N' number of collections | Process Label: bash Process Name String: bash.* Minimum count: 5 Maximum count: 15 Alert Delay Count: 3 Alert State: Warning or Alarm | This will delay an alert if some process violates the |
To avoid delay and get immediate alert if a process | Process Label: bash Process Name String: bash.* Minimum count: 5 Maximum count: 15 Alert Delay Count: 0 Alert State: Warning or Alarm | None |
To monitor processes that begin with /usr/sbin | Process Label: bash sys_processes Process Name String: bash.* ^/usr/sbin | Monitors all the processes that Monitor processes like: /usr/sbin/sshd /usr/sbin/syslogd /usr/sbin/inetd |