Hi,
I was wondering if anyone was able to pull a list of current running processes on windows machines to a zabbix server. I'd prefer something like what top or ps does in linux.

Rolandsym

Zabbix isn't really designed to collect information like this.

I haven't given it much thought ...but ...

You could probably create an action that does something like this and stores it on the local server or convert it to one line and store it in zabbix.

I can use wmic command like

wmic PROCESS GET NAME,WORKINGSETSIZE

and get a list soft of like PS a little bit. The only problem is the list get's over 255 characters. Is there away to get more stuff displayed. You said something like a log? Would that be just popping the above command to overwrite a file and the scan ever so often to pull the whole file up as a log?

Rolandsym

Zabbix isn't really designed to collect information like this.

Why not? Create an item having type text and pass whatever information you want to the item.

You may have an output from top, ps, vmstat, whetever, sent to ZABBIX server and stored in the database. You may also create a screen which would show you the latest output from top, nice graphs, anything you want :)

I created the monitor using the wmic command set it type text but it cuts it off after so many characters. I believe the limit is 255 characters or am I wrong? This is mainly for windows machines/servers. On examples of Terminal servers they usually have about 160+ processes running. It fills up the 255 characters unless there is a disconnection going on?

I'm hoping to get this done and then maybe in the future I can find a way to pop out a list of the top 5 processor or memory intensive processes over a period time(pipe dream). I appreciate the response.

Rolandsym

Roland,

I would like to do the same thing.

Maybe a modification could accomodate the goal:

write an individual item for applications that you have installed on the system, then monitor each proc as a sep item.

in my case, I have java.exe that consumes 1GB of mem - and can cause the CPU to spike in load to 100% for times.

I want to capture this process individually and watch its load on the system over time...

however I am not as familiar with zabbix or wmic to do this yet.

Is there a shared repository of items/triggers/templates on the zabbix site where users have putup configs for traps they made?

[this is always an ongoing issue with monitoring apps - a TON of duplicated effort on the part of the users and not too much sharing :( ]

Phlux,
That's an idea, the only problem comes down to lots of manual entry. Monitoring is suppose to make my life easier. So then you have lots of static entries you have to keep up. If you talking to a handful of machines that's ok. I'm looking into monitoring hundreds up to a thousand at dozens of sites. Most of them windows based. I want to be able to pop out reports and do quick system analysis. Kind of like what the Altiris, LPI and N-able programs do but not have a company lie to my face about things not working then charging my 32 grand for an update to fix their problem.
Zabbix has a lot of potential it just needs a little better documention or a place to put some existing documentatin other than in the forums. I am more than willing to drop my incomplete notes somewhere :D

Now for you java issue. You can use the perfcounter["\Process(java)\% Processor Time"] counter to track it or something similar. You need to use a developer client to translate the % in the counter. Remember the typeperf -qx | find "java" to see the counters for the java process.

Hope this helps,
Rolandsym

Ill happily save your notes in my inbox :)

I was thinking you could make a single template of the apps that you want to monitor - then just apply the template to all the hosts; obvious assumption is that the hosts run the same application set.

Agreed on the commercial mon problem.

As I was saying the other day - its so farking frustrating with monitoring apps, that they may well be wonderful applications (the OSS ones) - but the documentation is always poor at best or non-existent.

I still, after 15 years in IT - dont understand how this remains to be an issue.

:)

How do I expand the database to hold more than 255 characters? I currently just get this info.

Name PageFileUsage ProcessId WorkingSetSize
System Idle Process 0 0 28672
System 0 4 192512
smss.exe 180224 896 208896
csrss.exe 4415488 944 8351744
winlogon.exe 10690560 972 6975488
services.exe 6377472 1016 5746688
lsass.exe 4915200 1028 4038656
ati2evxx.exe 790528 1204 815104
svchost.exe 3293184 1228 3174400
svchost.exe 2347008 1320 2322432
svchost.exe 28065792 1448 29908992
svchost.exe 1798144 1536 1605632
svchost.exe 2035712 1744 1622016
ccSetMgr.exe 4026368 1860 3063808
ccEvtMgr.exe 4210688 1884 503808
spoolsv.exe 3870720 2032 2113536
mainserv.exe 3231744 1364 1372160
AuaObm.exe 512000 1524 188416
BANTMonitorSvc.exe 5230592 1504 9093120
bbnt.exe 2142208 1624 2564096
AuaObmJW.exe 23621632 163

That's only a portion of what is being sent? The zabbix_agentd.log file shows it tried to send the rest up. Where in the database must I adjust this field to accept more than 255 characters? To note, this is a test system so I'm not to worried about screwing it up if I can figure things out. Do I modify history_text?

Rolandsym

That's only a portion of what is being sent? The zabbix_agentd.log file shows it tried to send the rest up. Where in the database must I adjust this field to accept more than 255 characters? To note, this is a test system so I'm not to worried about screwing it up if I can figure things out. Do I modify history_text?
What is your version of ZABBIX? The table may keep data of any length, there is nothing to be fixed in the table.

My version of server is 1.4.1 with mysql and I've duplicated it on the 1.4.1 client and the pre-1.4.2 client release. I checked the values in the database for the history_text table. It's set as text and should be ok. The client log is attached file shows it gathering the data below...

on the server I get this....

14296:20070810:142842 Value [Name PageFileUsage ProcessId WorkingSetSize
System Idle Process 0 0 28672 System 0 4 192512 smss.exe 180224 896 192512
csrss.exe 3502080 944 7528448
winlogon.exe 10723328 972 7147520
services.exe 6426624 1016 5808128
lsass.exe 5341184 1028 3280896
ati2evxx.exe 790528 1204 811008 svchost.exe 3289088 1228 3129344
svchost.exe 2424832 1320 2564096
svchost.exe 28704768 1448 31518720
svchost.exe 1953792 1536 2437120
svchost.exe 2072576 1744 1806336
ccSetMgr.exe 4026368 1860 3100672
ccEvtMgr.exe 4206592 1884 1232896
spoolsv.exe 3993600 2032 2146304
mainserv.exe 3231744 1364 1380352
AuaObm.exe 512000 1524 184320
BANTMonitorSvc.exe 5218304 1504 9084928
bbnt.exe 2142208 1624 2564096
AuaObmJW.exe 23928832 163]
14296:20070810:142842 Query [begin;]
14296:20070810:142842 In process_data([snt-tech2.snt.local],[info.Processlist],[Name PageFileUsage ProcessId WorkingSetSize
System Idle Process 0 0 28672
System 0 4 192512
smss.exe 180224 896 192512
csrss.exe 3502080 944 7528448
winlogon.exe 10723328 972 7147520
services.exe 6426624 1016 5808128
lsass.exe 5341184 1028 3280896
ati2evxx.exe 790528 1204 811008
svchost.exe 3289088 1228 3129344
svchost.exe 2424832 1320 2564096
svchost.exe 28704768 1448 31518720
svchost.exe 1953792 1536 2437120
svchost.exe 2072576 1744 1806336
ccSetMgr.exe 4026368 1860 3100672
ccEvtMgr.exe 4206592 1884 1232896
spoolsv.exe 3993600 2032 2146304
mainserv.exe 3231744 1364 1380352
AuaObm.exe 512000 1524 184320
BANTMonitorSvc.exe 5218304 1504 9084928
bbnt.exe 2142208 1624 2564096
AuaObmJW.exe 23928832 163],[])
14296:20070810:142842 Query [select i.itemid,i.key_,h.host,h.port,i.delay,i.descriptio n,i.nextcheck,i.type,i.snmp_community,i.snmp_oid,h .useip,h.ip,i.history,i.lastvalue,i.prevvalue,i.ho stid,h.status,i.value_type,h.errors_from,i.snmp_po rt,i.delta,i.prevorgvalue,i.lastclock,i.units,i.mu ltiplier,i.snmpv3_securityname,i.snmpv3_securityle vel,i.snmpv3_authpassphrase,i.snmpv3_privpassphras e,i.formula,h.available,i.status,i.trapper_hosts,i .logtimefmt,i.valuemapid,i.delay_flex,h.dns from hosts h, items i where h.status=0 and h.hostid=i.hostid and h.host='snt-tech2.snt.local' and i.key_='info.Processlist' and i.status=0 and i.type in (2,7) and h.hostid>=100000000000000*0 and h.hostid<=(100000000000000*0+99999999999999) ]
14296:20070810:142842 In check_security()
14296:20070810:142842 Processing [Name PageFileUsage ProcessId WorkingSetSize ^M^M
System Idle Process 0 0 28672
System 0 4 192512
smss.exe 180224 896 192512
csrss.exe 3502080 944 7528448
winlogon.exe 10723328 972 7147520
services.exe 6426624 1016 5808128
lsass.exe 5341184 1028 3280896
ati2evxx.exe 790528 1204 811008
svchost.exe 3289088 1228 3129344
svchost.exe 2424832 1320 2564096
svchost.exe 28704768 1448 31518720
svchost.exe 1953792 1536 2437120
svchost.exe 2072576 1744 1806336
ccSetMgr.exe 4026368 1860 3100672
ccEvtMgr.exe 4206592 1884 1232896
spoolsv.exe 3993600 2032 2146304
mainserv.exe 3231744 1364 1380352
AuaObm.exe 512000 1524 184320
BANTMonitorSvc.exe 5218304 1504 9084928
bbnt.exe 2142208 1624 2564096
AuaObmJW.exe 23928832 163]
14296:20070810:142842 In process_new_value(info.Processlist)
14296:20070810:142842 In add_history(info.Processlist,,4,10)
14296:20070810:142842 In add_history(19678,TEXT:[(null)])
14296:20070810:142842 In add_history_str()
14296:20070810:142842 In DBget_maxid(history_text,id)
14296:20070810:142842 Query [select nextid from ids where nodeid=0 and table_name='history_text' and field_name='id']
14296:20070810:142842 Query [update ids set nextid=nextid+1 where nodeid=0 and table_name='history_text' and field_name='id']
14296:20070810:142842 Query [select nextid from ids where nodeid=0 and table_name='history_text' and field_name='id']
14296:20070810:142842 15015
14296:20070810:142842 Query [insert into history_text (id,clock,itemid,value) values (15015,1186770522,19678,'Name PageFileUsage ProcessId WorkingSetSize
System Idle Process 0 0 28672
System 0 4 192512
smss.exe 180224 896 192512
csrss.exe 3502080 944 7528448
winlogon.exe 10723328 972 7147520
services.exe 6426624 1016 5808128
lsass.exe 5341184 1028 3280896
ati2evxx.exe 790528 1204 811008
svchost.exe 3289088 1228 3129344
svchost.exe 2424832 1320 2564096
svchost.exe 28704768 1448 31518720
svchost.exe 1953792 1536 2437120
svchost.exe 2072576 1744 1806336
ccSetMgr.exe 4026368 1860 3100672
ccEvtMgr.exe 4206592 1884 1232896
spoolsv.exe 3993600 2032 2146304
mainserv.exe 3231744 1364 1380352
AuaObm.exe 512000 1524 184320
BANTMonitorSvc.exe 5218304 1504 9084928
bbnt.exe 2142208 1624 2564096
AuaObmJW.exe 23928832 163')]
14296:20070810:142842 End of add_history
14296:20070810:142842 In update_item()
14296:20070810:142842 In calculate_item_nextcheck (19678,45,,1186770522)
14296:20070810:142842 End calculate_item_nextcheck (result:1186770567)
14296:20070810:142842 Query [update items set nextcheck=1186770567,prevvalue=lastvalue,lastvalue ='Name PageFileUsage ProcessId WorkingSetSize ',lastclock=1186770522 where itemid=19678]
14296:20070810:142842 End update_item()
14296:20070810:142842 In update_functions(19678)
14296:20070810:142842 Query [select distinct function,parameter,itemid,lastvalue from functions where itemid=19678]
14296:20070810:142842 End update_functions()


---- Now I noticed the history_text field is also linked to the history_str now that's a 255 character limit. But why should this matter? Any direction or help is much appreciated.

Rolandsym

Please try the latest pre 1.4.2. It support correct representation of plain text data (type-text) in screens. So, a nice top-like view of running processes is a reality.

I re-installed zabbix on my test server Tuesday with Monday nights pre-1.4.2 build and I am still a getting the same issue and used the same client on the test machine. Was it fixed Last night?(August 15th's build?)

Rolandsym