Monitor windows background process (no service)

funny_sandwich · August 10, 2023, 6:41am

CMK version:Checkmk Raw Edition 2.2.0p5
OS version:Ubuntu 22.04 LTS live server

Hi everyone,
I am trying to monitor a windows background process with “Process Discovery”.
I use Process matching: exact name of the process without arguments and enter the exact name of the exe:

In the monitoring section the process appears it seems to count the summary of processes:

In the windows task manager the process is running in the section of “background processes” and not in “app” section. When i try to monitor a running notepad++.exe it works fine so I’ll guess that windows background processes are handled different?
Someone can help me out?

robin.gierse · August 11, 2023, 12:32pm

Your screenshots suggest, that all is working well. What is the misunderstanding here?

If it does not work, maybe “background process” for Windows means it is not really running? Like in a suspended state?

Maybe you can work around this by monitoring a Windows service?

funny_sandwich · August 14, 2023, 6:02am

Hi @robin.gierse,
it’s telling me that there are 138 processes running, I do not think this is correct. When quitting all of these processes checkmk still tells me everything is fine and the process is running.
So i guess the matching is not really working… As said in my initial post, doing the same with notepad++.exe is working fine…
Sadly i can not find a windows service according to that program…

andreas-doehler · August 14, 2023, 6:15am

Two points from my side. Please use “Regular expression matching…” inside the discovery rule.
The second point is - please check the agent output how does the command / command line looks there.
There are some different possible formats

(\\NT-AUTORITÄT\SYSTEM,20768,29868,0,4816,20,431875000,4570156250,490,46,144019)	logioptionsplus_updater.exe

or

(\\NT-AUTORITÄT\SYSTEM,20768,29868,0,4816,20,434375000,4589218750,490,46,144272)	C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe	--run-as-service

The output format depends on the settings inside the agent. If you have the second format then your rule will not work. That’s why i recommend the regular expression search.

funny_sandwich · August 14, 2023, 6:43am

@andreas-doehler
Doing the search with regular expression works fine…
Thanks for your input! Will stick to regex in future!

LaSoe · August 21, 2023, 3:10pm

I recommend to output the Windows processes in the Agent Output always with the full path.

This can be customized via Agent Bakery Rule:
→ Finetune Windows process monitoring > Include full path: on

or you can also change it in the config file:

# ps
enabled: yes
use_wmi: yes
full_path: yes