One of the easiest ways is to use a perfcounter. Pop a DOS box on your 2003 machine and run typeperf -qx > perflist.txt

That will give you a text file that you can go through for the syntax to use within Zabbix. Best way to go through the textfile is with an editor that will give you the return of all finds on a keyword into a separate window. (such as Notepad++ or probably Uedit)

In any case, do a keyword search on "process". There will be many. Find the process you want to monitor. Then in Zabbix, create an item and use that syntax as the key.

That list will look something like this:

\Process(Idle)\% Processor Time
\Process(System)\% Processor Time
\Process(smss)\% Processor Time
\Process(csrss)\% Processor Time
\Process(winlogon)\% Processor Time
\Process(services)\% Processor Time
\Process(lsass)\% Processor Time
\Process(svchost)\% Processor Time
\Process(svchost#1)\% Processor Time
\Process(svchost#2)\% Processor Time
\Process(svchost#3)\% Processor Time
\Process(svchost#4)\% Processor Time

You'll probably have 2,000+ lines of "\Process", and it depends on exactly what you want to monitor about that particular process.

An example - we want to see how the process tmw2k is consuming CPU including user time, priveleged time, page faults. We also want to monitor IO read/write bytes. Out of those 2,000+ lines we would select the appropiate syntax (or keys) :

\Process(Tmw2k)\% User Time
\Process(Tmw2k)\% Privileged Time
\Process(Tmw2k)\Page Faults/sec
\Process(Tmw2k)\IO Read Bytes/sec
\Process(Tmw2k)\IO Write Bytes/sec

This post will give you an idea on how to enter those into Zabbix:
http://www.zabbix.com/forum/showthread.php?t=12342

If you are using the Windows template to monitor this machine and want this metric to apply to other windows machines, I would create the item(s) at the Windows template level.

Final point to note is that these perfcounters are unique to each machine. While some are probably standard across the W2K3 platform, not all are. They vary according to OS level, service pack, applications installed, what is running, etc. So you would want to run the typeperf command on each machine you want to monitor and double check the syntax.

Monitoring a process on a Windows 2003 server

Tchjts1,

Thank you for your detailed reply to my post. I will attempt the process you outlined this morning. The attribute I want to monitor is more in line with whether the service/process is active or inactive. I'm going through the output gatherned by piping the typeperf command to a file and it is a great deal of information, more then I expected.

George...

Monitoring a process on a Windows 2003 server

Tchjts1,

I just waded through the things that could be monitored for a process and it's an impressive amount of stuff:

Processor time
User time
Privileged time
Virtual bytes peak
Virtual bytes
Page faults/sec
Working set peak
Working set
Page file bytes peak
Private bytes
Thread count
Priority base
Elapsed time
ID process
Creating process ID
Pool paged bytes
Pool nonpaged bytes
Handle count
IO Read operations/sec
IO write operations/sec
IP data operations/sec
IO other operations/sec
IO read operations/sec
IO read bytes/sec
IO write bytes/sec
IO data bytes/sec
IO other bytes/sec

I imagine I could determine through some of the above attributes whether the process is operational, but I'm not sure this is the best way. Some of these process attributes may come in handy as I become more adept with Zabbix (right now I'm anything but adept) but for the moment my mission is to track the availability of critical processes.

George...

You could probably do an item and key very similar to what is set up for monitoring processes such as Apache, SSH, Zabbix Server, etc.

If I were you, I would simply clone the item for Apache, associated with your windows template. Then I would just modify the key (and description) and change the "apache" portion to whatever the process is you want to monitor.

Make sure that whatever the process name you use is listed in the output of the typeperf list you created.

Below is the screenshot of the item for monitoring the number of Apache processes. You get to that by going to Configuration --> Items and select your windows template from the dropdowns. Once there and you have the below window up, at the bottom, click on "clone". That will give you an editable window. Change the description and the key as appropriate. All you should need to do for the key is change the "httpd" value inside the brackets to the correct name of the process you want to monitor, then save the item.

Once you save it, at the next screen at the very bottom right, click on "mass update". That will update any hosts you have that template assigned to.

From there, you have some monitoring options. You could add a trigger so that if the process is not running, it will show that on the dashboard. To do that, go to Configuration --> Triggers and under the Windows Template again, click on "Apache is not running on template windows" and click on "clone" and change "Apache" in the name field to whatever your process is, then change the Expression field - change "httpd" to your process name. Assign it whatever severity you want.

A second option is to create a graph for it. There will be a default graph under Monitoring --> Latest data, but you could also generate one by going to Configuration --> graphs. Then you could create a screen with that graph, or a group of graphs for that host, or a group of graphs for that process on all hosts.

Have fun

Monitoring a process on a Windows 2003 server

I'm back on it after an interlude of other stuff. I'm attempting to follow your directions but am having issues. I log in with admin I click on 'Configuration' selection 'Items' which results in an 'Item Filter' window plus there is an 'History' are with the following:

Host Profiles (local node)
Hosts(name of a window server node I added)
Configuration of items(name of window server node I added)
Hosts(local node)
Configuration of items(local node)

In addition there is a 'Configuration of items' area with a 'Create Item' button.

I click on 'Select' in the 'Item Filter' window and a 'Hosts (local node)' window appears with a list of templates one of them being 'Template_Windows'. I click on the Template_Windows' and 'Template_Windows' populates in the 'from Host like' input area of the 'Item Filter' window. Well I pretty much don't know what the hell I'm trying to do and how I'm to get there. Please excuse my inability to proceed but I guess i need more explicit help.

You are making it more complicated than it needs to be. Stay way from the "filters" button. When you go to Configuration --> Items, over to the top right is dropdowns for "Group" and "host". Put "Group" to all and for the host, select template windows.

Now scroll down through the description column and click on "Number of running processes apache". from there, follow my previous guideline for cloning that item.

Monitoring a process on a Windows 2003 server

Okay I've done what you indicated. Cloned and created then saved a configuration item then created a trigger. If I stop the process on a server with the agent what should I see?

Well, provided that the trigger is accurate, on your dashboard you should see a red indicator under the severity column similar to what I show below. You can then hover your mouse over that red number and a pop-up will tell you what the issue is.

Depending on what you have set for the "update interval" for that item, I think by default Apache is set to every 60 seconds and the clone process would carry that over, then it may take up to 60 seconds for the alert to trip.

BTW, if it doesn't work, you might want to share your trigger syntax on here... unless it's super-duper secret.

Monitoring a process on a Windows 2003 server

My dashboard is cursory at best. I've one host group 'Zabbix servers'. Clearly I've not done the groundwork properly.

Easily solved.

Go to your host in the Zabbix GUI... Configuration --> Hosts. Select the proper host. Find the field called "New Group" and put in whatever you want the group name to be. Save it and now you will have 2 groups on your dashboard.

Okay I did it. I added added a server to 'Windows server' and saved it. Went to my dashboard and there was not a server group called 'Windows server'.

I trust you are doing all this as a user who is added to the "Zabbix Adminstrator" group?

To check that, go to Administration --> Users... select the individual user you are viewing the dashboard as (Not the user group) at the bottom of the window (Above the "save" button) is a line "User Rights (Show)". Click on "Show" Do you see the host group that host belongs to listed in the far left column under "Read-Write"? Also, the individual host should be in the next row down under Read-Write also.

I followed your directions to create another group. My new group does not appear. When in Administration/Dashboard and making my child node the 'current node' I get 'Unable to select conrfiguration' error. I'm at a loss on how to proceed. I think I should start fresh, clean up what I've done with the nodes and re-define them.

Ah. You are working with a distributed setup... multiple Zabbix servers?

I only use one central server... so I can't help you in that arena.