Application classes and their prefixes

This topic provides an overview about the application classes and  list of application class prefixes. 

An application in PATROL is any resource used or running on a computer. The Knowledge Module for Windows Servers has a basic set of applications that monitor events such as CPU, logical disk, and memory usage. Each running copy of an application discovered by PATROL is called an instance of the particular application class. Each application instance is represented by an icon in the COMPUTER window. For more information, see Application-classes-and-icons.

Application discovery

PATROL discovers applications using instructions provided by the Knowledge Module for Windows (KM). The instructions provided by the KM include application discovery rules that you have defined.

When PATROL discovers an application, it represents the application with an icon either in the icon window for the monitored computer on which it runs or in an application window specified for all application instances of that class.

You can add a new application class to PATROL so that it will find all future instances of that application running on monitored computers.

PATROL periodically runs application discovery to discover new applications and to verify that previously discovered applications and files are still there. If an application or file previously discovered is not found, PATROL triggers an alert, either audible or visual, for the missing resource.

Application discovery rules

Application discovery rules are defined using either:

  • Simple discovery
  • PATROL Script Language (PSL) discovery

Simple discovery uses simple pattern-matching to find instances of the application running on the monitored computer.

PSL discovery uses scripts written in PATROL Script Language to find the application instances.

Application class prefixes

Click the prefix to view the parameters under an application class. For information about the parameters that provide critical information about Windows operation, see Critical-parameters.

Prefix

Application Class

NT_HEALTH

NT_NETBEUI

NT_BSK

NT_NETBIOS

NT_CACHE

NT_CPU

NT_CPU_CONTAINER

NT_EVINSTS

ELM 

NT_EVLOGFILES

FTP 

NT_FTP

  • NT_HYPER-V
  • NT_HYPERV_HYPERVISOR
  • NT_HYPERV_PARTITION_CONT
  • NT_HYPERV_PARTITION
  • NT_HYPERV_LOGICAL_PROCESSOR_CONT
  • NT_HYPERV_LOGICAL_PROCESSOR
  • NT_HYPERV_PART_VIRTUAL_PRCR_CONT
  • NT_HYPERV_PART_VIRTUAL_PRCR
  • NT_HYPERV_PARTITION_VHD_CONT
  • NT_HYPERV_PARTITION_VHD

NT_ICMP

NT_IP

NT_IPX

  • NT_JOBS
  • NT_JOBS_PROCESS
  • NT_JOBS_PROCESS_GROUP

NT_LOGICAL_DISKS

  • NT_NTFS_DISKS_QUOTA
  • NT_NTFS_JOURNAL
  • NT_NTFS_MOUNT

NT_MEMORY

NT_NETWORK

NT_PAGEFILE

PATROL_NT

NT_PHYSICAL_DISK

NT_PROCESS

NT_PRINTER

NT_PRINTERJOB

  • NT_REGISTRY
  • NT_REGISTRY_KEYINST

NT_SECURITY

NT_SERVICES

NT_SERVER

NT_SYSTEM

NT_TCP

NT_UDP

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*