I wrote a simple PowerShell script to check and see if certain processes are running in Windows. I am running multiple instances of these processes which run in a command window so all of the processes have the same name but I need to differientiate between each instance of the running process. They are actually each connected to a different data stream and must be running all of the time. Fortunately, each of the command windows has a different title so I can use that to know which data set each cmd process is running. I am using Get-Process which includes a property MainWindowTitle that has what I want.
I created the script and ran it in ProwerShell and it returned the information that I needed.
PowerShell Script
get-process | where-object { $_.MainWindowTitle -Like "ITWS Solace JMS 1.9.2" } | select-object ProcessName, mainWindowTitle
Results Running Script In PowerShell
ProcessName MainWindowTitle
----------- ---------------
cmd ITWS Solace JMS 1.9.2
I then modified the script so it would work in Zabbix as a UserParameter. I then tested this using the Zabbix_agent2.exe and got the same resultes with the value I needed in the MainWindowTitle property.
UserParameter Setup In Configuration File
UserParameter=IsITWSRunning,PowerShell -NoProfile -ExecutionPolicy Bypass -file D:/Zabbix_Scripts/IsITWSRunning.ps1
PowerShell Script
where-object { $_.MainWindowTitle -Like "ITWS Solace JMS 1.9.2" } | select-object ProcessName, mainWindowTitle | Write-Output
Results using Zabbix_Agent2.exe
IsITWSRunning [s|Using MainWindowTitle ITWS
ProcessName MainWindowTitle
----------- ---------------
cmd ITWS Solace JMS 1.9.2]
I then set up an item in Zabbix and tested it.
Item Key: IsITWSRunning
Type: Zabbix Agent
Type Of Information Text
The return value was empty.
After a lot of additional testing I finally determined that when an item is set up to use a UserParameter that calls a PowerShell script using Get-Process it always returns an empty value in the MainWindowTitle property. This is despite the fact that when I test the same UserParameter using the Zabbix_Agent2.exe the data returned does contain a value in the MainWindowTitle (I also noticed that the MainWindowTitle is always 0 which is not true when testing with the Zabbix_agent2.exe).
This is the PowerShell script I used to get all of the processes with the ProcessName 'cmd'.
get-process | where-object { $_.ProcessName -Like "cmd" } | Format-List * | Write-Output
I tested this running the script in PowerShell and then using the Zabbix_Agent2.exe and got the results below. It returned multiple processes but I am only showing the one running the process of interest.
Results with Zabbix_Agent2.exe
__NounName : Process
Name : cmd
Handles : 34
VM : 16388096
WS : 2887680
PM : 1769472
NPM : 3824
Path : C:\Windows\system32\cmd.exe
Company : Microsoft Corporation
CPU : 0.03125
FileVersion : 6.3.9600.16384 (winblue_rtm.130821-1623)
ProductVersion : 6.3.9600.16384
Description : Windows Command Processor
Product : Microsoftr Windowsr Operating System
Id : 6932
PriorityClass : Normal
HandleCount : 34
WorkingSet : 2887680
PagedMemorySize : 1769472
PrivateMemorySize : 1769472
VirtualMemorySize : 16388096
TotalProcessorTime : 00:00:00.0312500
BasePriority : 8
ExitCode :
HasExited : False
ExitTime :
Handle : 1696
MachineName : .
MainWindowHandle : 197186
MainWindowTitle : ITWS Solace JMS 1.9.2
MainModule : System.Diagnostics.ProcessModule (cmd.exe)
MaxWorkingSet : 1413120
MinWorkingSet : 204800
Modules : {System.Diagnostics.ProcessModule (cmd.exe),
System.Diagnostics.ProcessModule (ntdll.dll),
System.Diagnostics.ProcessModule (KERNEL32.DLL),
System.Diagnostics.ProcessModule
(KERNELBASE.dll)...}
NonpagedSystemMemorySize : 3824
NonpagedSystemMemorySize64 : 3824
PagedMemorySize64 : 1769472
PagedSystemMemorySize : 30496
PagedSystemMemorySize64 : 30496
PeakPagedMemorySize : 1802240
PeakPagedMemorySize64 : 1802240
PeakWorkingSet : 3354624
PeakWorkingSet64 : 3354624
PeakVirtualMemorySize : 20439040
PeakVirtualMemorySize64 : 2199043694592
PriorityBoostEnabled : True
PrivateMemorySize64 : 1769472
PrivilegedProcessorTime : 00:00:00.0312500
ProcessName : cmd
ProcessorAffinity : 65535
Responding : True
SessionId : 3
StartInfo : System.Diagnostics.ProcessStartInfo
StartTime : 12/15/2021 3:54:12 PM
SynchronizingObject :
Threads : {3724}
UserProcessorTime : 00:00:00
VirtualMemorySize64 : 2199039643648
EnableRaisingEvents : False
StandardInput :
StandardOutput :
StandardError :
WorkingSet64 : 2887680
Site :
Container :
I then tested using as an item in Zabbix. For all of the processes the MainWindowTile was empty.
Results using item in Zabbix
__NounName : Process
Name : cmd
Handles : 34
VM : 16388096
WS : 2887680
PM : 1769472
NPM : 3824
Path : C:\Windows\system32\cmd.exe
Company : Microsoft Corporation
CPU : 0.03125
FileVersion : 6.3.9600.16384 (winblue_rtm.130821-1623)
ProductVersion : 6.3.9600.16384
Description : Windows Command Processor
Product : Microsoftr Windowsr Operating System
Id : 6932
PriorityClass : Normal
HandleCount : 34
WorkingSet : 2887680
PagedMemorySize : 1769472
PrivateMemorySize : 1769472
VirtualMemorySize : 16388096
TotalProcessorTime : 00:00:00.0312500
BasePriority : 8
ExitCode :
HasExited : False
ExitTime :
Handle : 1640
MachineName : .
MainWindowHandle : 0
MainWindowTitle :
MainModule : System.Diagnostics.ProcessModule (cmd.exe)
MaxWorkingSet : 1413120
MinWorkingSet : 204800
Modules : {System.Diagnostics.ProcessModule (cmd.exe),
System.Diagnostics.ProcessModule (ntdll.dll),
System.Diagnostics.ProcessModule (KERNEL32.DLL),
System.Diagnostics.ProcessModule
(KERNELBASE.dll)...}
NonpagedSystemMemorySize : 3824
NonpagedSystemMemorySize64 : 3824
PagedMemorySize64 : 1769472
PagedSystemMemorySize : 30496
PagedSystemMemorySize64 : 30496
PeakPagedMemorySize : 1802240
PeakPagedMemorySize64 : 1802240
PeakWorkingSet : 3354624
PeakWorkingSet64 : 3354624
PeakVirtualMemorySize : 20439040
PeakVirtualMemorySize64 : 2199043694592
PriorityBoostEnabled : True
PrivateMemorySize64 : 1769472
PrivilegedProcessorTime : 00:00:00.0312500
ProcessName : cmd
ProcessorAffinity : 65535
Responding : True
SessionId : 3
StartInfo : System.Diagnostics.ProcessStartInfo
StartTime : 12/15/2021 3:54:12 PM
SynchronizingObject :
Threads : {3724}
UserProcessorTime : 00:00:00
VirtualMemorySize64 : 2199039643648
EnableRaisingEvents : False
StandardInput :
StandardOutput :
StandardError :
WorkingSet64 : 2887680
Site :
Container :
Am I doing something wrong or is there a bug in Zabbix or some other issue? Is there any way I can get around this?
I am using Zabbix Sever version 5.0.23 on Centos 7 with the Win64 Zabbix_Agent2 version 5.4.0 on Windows Server 2012 R2 Standard. I have tested this on other version of Window Server with the same results.
I created the script and ran it in ProwerShell and it returned the information that I needed.
PowerShell Script
get-process | where-object { $_.MainWindowTitle -Like "ITWS Solace JMS 1.9.2" } | select-object ProcessName, mainWindowTitle
Results Running Script In PowerShell
ProcessName MainWindowTitle
----------- ---------------
cmd ITWS Solace JMS 1.9.2
I then modified the script so it would work in Zabbix as a UserParameter. I then tested this using the Zabbix_agent2.exe and got the same resultes with the value I needed in the MainWindowTitle property.
UserParameter Setup In Configuration File
UserParameter=IsITWSRunning,PowerShell -NoProfile -ExecutionPolicy Bypass -file D:/Zabbix_Scripts/IsITWSRunning.ps1
PowerShell Script
where-object { $_.MainWindowTitle -Like "ITWS Solace JMS 1.9.2" } | select-object ProcessName, mainWindowTitle | Write-Output
Results using Zabbix_Agent2.exe
IsITWSRunning [s|Using MainWindowTitle ITWS
ProcessName MainWindowTitle
----------- ---------------
cmd ITWS Solace JMS 1.9.2]
I then set up an item in Zabbix and tested it.
Item Key: IsITWSRunning
Type: Zabbix Agent
Type Of Information Text
The return value was empty.
After a lot of additional testing I finally determined that when an item is set up to use a UserParameter that calls a PowerShell script using Get-Process it always returns an empty value in the MainWindowTitle property. This is despite the fact that when I test the same UserParameter using the Zabbix_Agent2.exe the data returned does contain a value in the MainWindowTitle (I also noticed that the MainWindowTitle is always 0 which is not true when testing with the Zabbix_agent2.exe).
This is the PowerShell script I used to get all of the processes with the ProcessName 'cmd'.
get-process | where-object { $_.ProcessName -Like "cmd" } | Format-List * | Write-Output
I tested this running the script in PowerShell and then using the Zabbix_Agent2.exe and got the results below. It returned multiple processes but I am only showing the one running the process of interest.
Results with Zabbix_Agent2.exe
__NounName : Process
Name : cmd
Handles : 34
VM : 16388096
WS : 2887680
PM : 1769472
NPM : 3824
Path : C:\Windows\system32\cmd.exe
Company : Microsoft Corporation
CPU : 0.03125
FileVersion : 6.3.9600.16384 (winblue_rtm.130821-1623)
ProductVersion : 6.3.9600.16384
Description : Windows Command Processor
Product : Microsoftr Windowsr Operating System
Id : 6932
PriorityClass : Normal
HandleCount : 34
WorkingSet : 2887680
PagedMemorySize : 1769472
PrivateMemorySize : 1769472
VirtualMemorySize : 16388096
TotalProcessorTime : 00:00:00.0312500
BasePriority : 8
ExitCode :
HasExited : False
ExitTime :
Handle : 1696
MachineName : .
MainWindowHandle : 197186
MainWindowTitle : ITWS Solace JMS 1.9.2
MainModule : System.Diagnostics.ProcessModule (cmd.exe)
MaxWorkingSet : 1413120
MinWorkingSet : 204800
Modules : {System.Diagnostics.ProcessModule (cmd.exe),
System.Diagnostics.ProcessModule (ntdll.dll),
System.Diagnostics.ProcessModule (KERNEL32.DLL),
System.Diagnostics.ProcessModule
(KERNELBASE.dll)...}
NonpagedSystemMemorySize : 3824
NonpagedSystemMemorySize64 : 3824
PagedMemorySize64 : 1769472
PagedSystemMemorySize : 30496
PagedSystemMemorySize64 : 30496
PeakPagedMemorySize : 1802240
PeakPagedMemorySize64 : 1802240
PeakWorkingSet : 3354624
PeakWorkingSet64 : 3354624
PeakVirtualMemorySize : 20439040
PeakVirtualMemorySize64 : 2199043694592
PriorityBoostEnabled : True
PrivateMemorySize64 : 1769472
PrivilegedProcessorTime : 00:00:00.0312500
ProcessName : cmd
ProcessorAffinity : 65535
Responding : True
SessionId : 3
StartInfo : System.Diagnostics.ProcessStartInfo
StartTime : 12/15/2021 3:54:12 PM
SynchronizingObject :
Threads : {3724}
UserProcessorTime : 00:00:00
VirtualMemorySize64 : 2199039643648
EnableRaisingEvents : False
StandardInput :
StandardOutput :
StandardError :
WorkingSet64 : 2887680
Site :
Container :
I then tested using as an item in Zabbix. For all of the processes the MainWindowTile was empty.
Results using item in Zabbix
__NounName : Process
Name : cmd
Handles : 34
VM : 16388096
WS : 2887680
PM : 1769472
NPM : 3824
Path : C:\Windows\system32\cmd.exe
Company : Microsoft Corporation
CPU : 0.03125
FileVersion : 6.3.9600.16384 (winblue_rtm.130821-1623)
ProductVersion : 6.3.9600.16384
Description : Windows Command Processor
Product : Microsoftr Windowsr Operating System
Id : 6932
PriorityClass : Normal
HandleCount : 34
WorkingSet : 2887680
PagedMemorySize : 1769472
PrivateMemorySize : 1769472
VirtualMemorySize : 16388096
TotalProcessorTime : 00:00:00.0312500
BasePriority : 8
ExitCode :
HasExited : False
ExitTime :
Handle : 1640
MachineName : .
MainWindowHandle : 0
MainWindowTitle :
MainModule : System.Diagnostics.ProcessModule (cmd.exe)
MaxWorkingSet : 1413120
MinWorkingSet : 204800
Modules : {System.Diagnostics.ProcessModule (cmd.exe),
System.Diagnostics.ProcessModule (ntdll.dll),
System.Diagnostics.ProcessModule (KERNEL32.DLL),
System.Diagnostics.ProcessModule
(KERNELBASE.dll)...}
NonpagedSystemMemorySize : 3824
NonpagedSystemMemorySize64 : 3824
PagedMemorySize64 : 1769472
PagedSystemMemorySize : 30496
PagedSystemMemorySize64 : 30496
PeakPagedMemorySize : 1802240
PeakPagedMemorySize64 : 1802240
PeakWorkingSet : 3354624
PeakWorkingSet64 : 3354624
PeakVirtualMemorySize : 20439040
PeakVirtualMemorySize64 : 2199043694592
PriorityBoostEnabled : True
PrivateMemorySize64 : 1769472
PrivilegedProcessorTime : 00:00:00.0312500
ProcessName : cmd
ProcessorAffinity : 65535
Responding : True
SessionId : 3
StartInfo : System.Diagnostics.ProcessStartInfo
StartTime : 12/15/2021 3:54:12 PM
SynchronizingObject :
Threads : {3724}
UserProcessorTime : 00:00:00
VirtualMemorySize64 : 2199039643648
EnableRaisingEvents : False
StandardInput :
StandardOutput :
StandardError :
WorkingSet64 : 2887680
Site :
Container :
Am I doing something wrong or is there a bug in Zabbix or some other issue? Is there any way I can get around this?
I am using Zabbix Sever version 5.0.23 on Centos 7 with the Win64 Zabbix_Agent2 version 5.4.0 on Windows Server 2012 R2 Standard. I have tested this on other version of Window Server with the same results.