I will be thinking of this over the weekend but wanted to throw the question out in case anyone has figured it out.
We’d like to alert if an “unexpected” process is running on a Linux server as a specific user. I have no idea what this process might be called – it could be anything. Basically I have a user that’s supposed to run 3 and exactly 3 processes with specific names… if anything else shows up, I want an alert.
it is possible to accomplish your needs. You need to create a manual check State and count of processes and there you can define upper ond lower limits for your process counts.
If you’re using up to CMK v1.6, you find it in “manual checks”, starting with v2.0 in “forced checks”.
Create the check with parameter “name of the operating user” and set limits to “3” for all options, if always exactly 3 processes should run as this user.
If you know the exact processes (not their number), I’d create two of those manual checks:
first like point 2 above, extended by the process matching and
second like first one, but this time explicitly matching all processes Not matched by first one, as well as setting levels to “0” in all options
Choosing point 3 above leads to two services:
first monitoring the NEEDED processes
second monitoring (and alarming), if user runs other - not wanted - processes of any kind…
Hope this helps,
Marsellus W.
BTW: try to provide information about used version next time, so that we directly know which hints are needed
There was this posting where one fellow forum user wanted to “catch” an unknown process that is causing high CPU load. The accepted solution was a small but powerful shell script that lists the five top processes in terms of CPU. Perhaps this could work for you as well?
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.