Hi All
I want to monitor a few Windows terminalservers for a (or multiple) Windows process (e.g. cmd.exe or dropbox.exe) which should NOT run (never)!. I could script something but maybe there is a solution with the available process sensor (or maybe another one).
As soon as the process runs, a sensor should go red.
Any suggestions?
regards Thomas
Article Comments
Dear Thomas
Our support does not cover custom scripts, I am sorry. Please do a remote WMI query, using the parameters from the parent device placeholders to create the credential object.
Another option is to use the PRTG Windows Process sensor and create a factory sensor which inverts the first sensor's status. The status formula for that is
10000 - status(2345)
This example is for a source sensor with the ID 2345. The computation with 10000 seems weird, but is due to the fixpoint encoding of 100% with two decimal places, resulting in the value of 10000.
Sep, 2015 - Permalink
Ok I see.
I changed my script to use a second argument and use the Parameter in the custom exe script.
on error resume next
' Commandline Argument is process.exe
' ex: cscript getprocess.vbs explorer.exe
' **************************************
strComputer = "."
if isNull(WScript.Arguments.Item(0)) then
wscript.echo "Process not given -> getprocess.vbs processname.exe"
wscript.quit
else
strProcess = WScript.Arguments.Item(0)
end if
strComputer = WScript.Arguments.Item(1)
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery( _
"Select * from Win32_Process WHERE name ='"&strProcess&"'")
if colItems.Count < 1 then
Wscript.Echo colItems.Count&":Ok"
Wscript.quit("0")
ELSE
wscript.echo colItems.Count&":processes running"
wscript.quit("1")
end if
Parameter: notepad.exe %host
That works.
Sep, 2015 - Permalink
I made the same functionality now with Powershell, much easier to read the code
e.g. GetRunningProcess.ps1 firef*
# get paramter as Process to search for
Param(
[string]$ProcessName
)
# search for process
$pr = get-process -name $ProcessName
# If Process count is 0 (NULL) return 0:OK else count processes and return
if ($pr.count -eq $NULL)
{
write-host "0:OK"
}
ELSE
{
$Processes=[string]$pr.count+":OK"
write-host $Processes
}
Then work with limits of the sensor > 1 then error.
Sep, 2015 - Permalink
Ok. I made a script now
on error resume next ' Commandline Argument is process.exe ' ex: cscript getprocess.vbs explorer.exe ' ************************************** strComputer = "." if isNull(WScript.Arguments.Item(0)) then wscript.echo "Process not given -> getprocess.vbs processname.exe" wscript.quit else strProcess = WScript.Arguments.Item(0) end if Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" _ & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery( _ "Select * from Win32_Process WHERE name ='"&strProcess&"'") if colItems.Count < 1 then Wscript.Echo colItems.Count&":Ok" Wscript.quit("0") ELSE wscript.echo colItems.Count&":processes running" wscript.quit("1") end ifBut it checks if the process is running on the PRTG probe, not the device I want to check.
Whats wrong?
regards Thomas
Sep, 2015 - Permalink