Process monitoring with specific start command

PrieserMax · November 27, 2024, 3:42pm

Hello,
once again a question from me.
→ I would like to monitor multiple server processes with different parameters
E.g. if the process name is “TEST.exe” I want to monitor some of the running processes. They are startet with parameters, e.g. from CMD via:
TEST.exe parameter
That is seen in Task-Manager in the last row.
I created a Process Discovery rule in Checkmk.
Process name: TEST.exe
Process Matching → Regular expression matching command line
Command line: .parameter.

I also created a Fintune Windows process monitoring rule.
It has the checkboxes set under “Use WMI” and “Include full path”

If I only include the process name in the process discovery rule, the process is found.
But if I include the Command line value, no processes are found.

I’m using the latest Checkmk 2.3.0p21 on both Checkmk Appliance and Agent.

Greetings
Max

r.sander · November 27, 2024, 4:47pm

You have confused the parameters here.

“Process Name” refers to how the service check should be named ( @thohenstatt).

The regular expression matching the command line has to include TEST.exe in your case. You can use match groups here and reference them in the “Process name” parameter.

E.g.: the regex would be “TEST.exe (.+)” and the “Process Name” the could contain “TEST %s”. The services would then be named “Process TEST parameter”.

PrieserMax · November 29, 2024, 10:12am

Thank you very much

The regex TEST(.+) works now, with TEST.exe it didnt’t work
Sadly, it only finds it in one service, but I want to monitor five parameters separately.
→ So I would have 5 services with those 5 parameters.
Who could I realise that?

Greetings
Max

r.sander · November 29, 2024, 10:32am

Please post the lines from the <<<ps>>> section of the agent data that show these 5 processes.

PrieserMax · December 4, 2024, 8:05am

<<<ps:sep(9)>>>
(SYSTEM,0,8,0,0,0,0,29146903437500,0,8,426613)  System Idle Process
(SYSTEM,0,148,0,4,0,0,23852656250,4212,195,426613)      System
(SYSTEM,0,113704,0,136,1,0,63125000,0,4,426617) Registry
(SYSTEM,0,1224,0,384,0,156250,1093750,59,2,426613)      smss.exe
(SYSTEM,0,6668,0,488,2,143281250,678906250,1024,14,426611)      csrss.exe
(SYSTEM,0,7244,0,592,1,0,312500,178,3,426611)   wininit.exe
(SYSTEM,0,14532,0,600,2,4062500,23906250,352,11,426611) csrss.exe
(\\NT-AUTORITÄT\SYSTEM,3476,11276,0,664,3,937500,1093750,270,2,426611)  winlogon.exe
(SYSTEM,0,17528,0,736,9,1057343750,1963437500,721,7,426611)     services.exe
(\\NT-AUTORITÄT\SYSTEM,21584,36808,0,744,21,3031718750,3193906250,1985,13,426611)       lsass.exe
(\\NT-AUTORITÄT\SYSTEM,1052,4520,0,884,1,0,0,96,2,426610)       svchost.exe
(\\NT-AUTORITÄT\SYSTEM,11712,27612,0,912,11,246406250,659375000,1153,22,426610) svchost.exe
(\\Font Driver Host\UMFD-1,3948,9132,0,936,3,312500,312500,53,5,426610) fontdrvhost.exe
(\\Font Driver Host\UMFD-0,1720,4844,0,944,1,2500000,7812500,53,5,426610)       fontdrvhost.exe
(\\NT-AUTORITÄT\Netzwerkdienst,11088,18736,0,92,10,1112656250,824687500,1118,10,426610) svchost.exe
(\\NT-AUTORITÄT\SYSTEM,3844,12316,0,420,3,74062500,107343750,482,10,426610)     svchost.exe
(\\NT-AUTORITÄT\Netzwerkdienst,61448,64364,0,904,60,33593750,38281250,922,52,426610)    svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,6340,10872,0,1060,6,82343750,104687500,166,4,426610)     svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,1856,8288,0,1068,1,1093750,2812500,226,4,426610) svchost.exe
(\\NT-AUTORITÄT\SYSTEM,2272,10640,0,1184,2,2031250,1093750,223,2,426610)        svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,2188,12712,0,1192,2,1406250,625000,275,3,426610) svchost.exe
(\\Window Manager\DWM-1,24176,68608,0,1212,23,7812500,6406250,597,11,426610)    dwm.exe
(\\NT-AUTORITÄT\Netzwerkdienst,4108,9740,0,1232,4,1793437500,2236250000,253,13,426610)  svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,19656,24756,0,1284,19,6471718750,2378437500,476,9,426610)        svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,3564,8980,0,1328,3,566093750,1102187500,274,9,426610)    svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,11140,19864,0,1576,10,38750000,83750000,430,12,426610)   svchost.exe
(\\NT-AUTORITÄT\Netzwerkdienst,4836,13060,0,1588,4,1093750,1875000,375,5,426610)        svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,2864,7828,0,1652,2,23437500,30468750,173,9,426610)       svchost.exe
(\\NT-AUTORITÄT\SYSTEM,10232,20524,0,1660,9,46406250,94843750,310,5,426610)     svchost.exe
(\\NT-AUTORITÄT\SYSTEM,5260,15212,0,1724,5,101562500,163906250,300,10,426610)   svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,3740,10324,0,1736,3,26562500,15781250,468,8,426610)      svchost.exe
(\\NT-AUTORITÄT\SYSTEM,1472,6368,0,1744,1,4375000,10625000,222,4,426610)        svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,2012,8636,0,1816,1,312500,1562500,291,6,426610)  WUDFHost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,4512,10972,0,1896,4,13593750,9687500,347,8,426610)       svchost.exe
(\\NT-AUTORITÄT\SYSTEM,2380,9348,0,1908,2,781250,625000,206,5,426610)   svchost.exe
(\\NT-AUTORITÄT\SYSTEM,8392,18088,0,1920,8,26718750,51093750,402,13,426610)     svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,1640,6536,0,1980,1,312500,156250,195,3,426610)   svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,2520,9788,0,2016,2,3437500,2656250,326,6,426610) svchost.exe
(\\NT-AUTORITÄT\SYSTEM,2644,12960,0,2112,2,1093750,2031250,206,5,426610)        svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,2728,8524,0,2120,2,115312500,179218750,186,4,426610)     svchost.exe
(\\NT-AUTORITÄT\SYSTEM,2596,10388,0,2184,2,1250000,3906250,234,4,426610)        svchost.exe
(\\NT-AUTORITÄT\SYSTEM,2660,8472,0,2208,2,2968750,9062500,272,5,426610) svchost.exe
(\\NT-AUTORITÄT\Netzwerkdienst,1752,7632,0,2236,1,1562500,4375000,172,4,426610) svchost.exe
(\\NT-AUTORITÄT\SYSTEM,22880,33560,0,2248,23,4978593750,3318437500,503,20,426610)       svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,2012,8128,0,2372,1,0,781250,196,7,426610)        svchost.exe
(\\NT-AUTORITÄT\SYSTEM,2740,11136,0,2628,2,468750,781250,260,7,426610)  svchost.exe
(\\NT-AUTORITÄT\Netzwerkdienst,2716,10708,0,2636,2,212812500,259843750,243,5,426610)    svchost.exe
(\\NT-AUTORITÄT\SYSTEM,2948,11344,0,2772,2,468750,468750,283,6,426609)  svchost.exe
(\\NT-AUTORITÄT\SYSTEM,3784,11016,0,2788,3,45937500,71562500,258,6,426609)      svchost.exe
(\\NT-AUTORITÄT\SYSTEM,9408,28444,0,2908,9,11562500,16093750,632,12,426609)     spoolsv.exe
(\\NT-AUTORITÄT\SYSTEM,1232,5792,0,3032,1,156250,156250,121,2,426609)   svchost.exe
(\\NT-AUTORITÄT\SYSTEM,41620,53012,0,3040,40,197187500,119531250,559,11,426609) svchost.exe
(\\NT-AUTORITÄT\SYSTEM,4364,11728,0,3056,4,156250,1093750,171,9,426609) svchost.exe
(\\NT-AUTORITÄT\SYSTEM,17660,38996,0,3064,17,15156250,3906250,356,5,426609)     ASInterfaceEmulator.exe
(\\NT-AUTORITÄT\SYSTEM,1416,7012,0,424,1,156250,0,174,2,426609) armsvc.exe
(\\NT-AUTORITÄT\Lokaler Dienst,1632,6976,0,1572,1,156250,156250,152,2,426609)   svchost.exe
(\\NT-AUTORITÄT\SYSTEM,1992,7180,0,2580,1,312500,781250,149,3,426609)   svchost.exe
(\\NT-AUTORITÄT\SYSTEM,21352,31884,0,2828,20,4911250000,8550781250,418,21,426609)       check_mk_agent.exe
(\\NT-AUTORITÄT\SYSTEM,6648,8636,0,3076,6,156250,0,146,4,426609)        cygrunsrv.exe
(\\NT-AUTORITÄT\SYSTEM,6664,8620,0,3088,6,312500,0,146,4,426609)        cygrunsrv.exe
(\\NT-AUTORITÄT\SYSTEM,6648,8512,0,3096,6,0,625000,146,4,426609)        cygrunsrv.exe
(\\NT-AUTORITÄT\SYSTEM,1292,6068,0,3108,1,0,156250,155,3,426609)        svchost.exe
(\\NT-AUTORITÄT\Netzwerkdienst,3088,9684,0,3116,3,20781250,41562500,261,15,426609)      svchost.exe
(\\NT-AUTORITÄT\Netzwerkdienst,5520,15880,0,3124,5,605312500,270781250,284,7,426609)    svchost.exe
(\\NT-AUTORITÄT\SYSTEM,2568,10916,0,3148,2,0,937500,176,2,426609)       VGAuthService.exe
(\\NT-AUTORITÄT\SYSTEM,1856,7436,0,3156,1,468750,625000,145,5,426609)   vm3dservice.exe
(\\NT-AUTORITÄT\SYSTEM,35768,64100,0,3180,34,17812500,23906250,758,20,426609)   OfficeClickToRun.exe
(\\NT-AUTORITÄT\SYSTEM,2916,9480,0,3196,2,73750000,125156250,217,6,426609)      svchost.exe
(\\NT-AUTORITÄT\SYSTEM,13604,26240,0,3240,13,240625000,187343750,424,14,426609) vmtoolsd.exe
(\\NT-AUTORITÄT\SYSTEM,5528,13308,0,3252,5,3281250,3125000,238,20,426609)       svchost.exe
(\\NT-AUTORITÄT\Netzwerkdienst,4328,13040,0,3304,4,18593750,25625000,263,5,426609)      svchost.exe
(\\NT-AUTORITÄT\SYSTEM,4552,21804,0,3312,4,6562500,6250000,398,6,426609)        svchost.exe
(SYSTEM,0,308996,0,3348,369,4109488125000,276757968750,1205,60,426609)  MsMpEng.exe
(\\NT-AUTORITÄT\SYSTEM,1880,7568,0,3684,1,156250,2031250,139,4,426609)  vm3dservice.exe
(\\NT-AUTORITÄT\SYSTEM,3824,13700,0,3820,3,13125000,28437500,419,14,426609)     svchost.exe
(\\NT-AUTORITÄT\SYSTEM,6660,13568,0,4084,6,625000,937500,163,4,426609)  conhost.exe
(\\NT-AUTORITÄT\SYSTEM,6660,13556,0,3420,6,781250,1093750,163,4,426609) conhost.exe
(\\NT-AUTORITÄT\SYSTEM,6664,13572,0,3436,6,92656250,261406250,191,4,426609)     conhost.exe
(\\NT-AUTORITÄT\SYSTEM,6376,9220,0,4440,6,23906250,25468750,204,4,426609)       syslog-ng.exe
(\\NT-AUTORITÄT\SYSTEM,5616,6488,0,4456,5,12343750,94531250,164,9,426609)       cron.exe
(\\NT-AUTORITÄT\SYSTEM,5532,7176,0,4472,5,468750,156250,235,3,426609)   sshd.exe
(\\NT-AUTORITÄT\SYSTEM,3228,9204,0,4676,3,239375000,37187500,3536,4,426609)     cmk-agent-ctl.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,1028,4948,0,5028,1,156250,156250,101,1,426609)    srvany.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,755872,231860,0,3568,738,34843750,43281250,1096,117,426609)       javaw.exe
(\\NT-AUTORITÄT\SYSTEM,4112,14560,0,4912,4,9687500,9687500,271,10,426609)       dllhost.exe
(\\NT-AUTORITÄT\Netzwerkdienst,2952,11024,0,5352,2,156250,156250,238,9,426609)  msdtc.exe
(\\NT-AUTORITÄT\Netzwerkdienst,17924,33856,0,5588,17,6997187500,7390937500,536,13,426608)       WmiPrvSE.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,2446980,2116556,0,5804,2389,25789218750,5037343750,3593,267,426608)       java.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6460,11536,0,5824,6,1093750,2031250,133,2,426608) conhost.exe
(\\NT-AUTORITÄT\SYSTEM,8340,26592,0,6312,8,11406250,21875000,442,9,426607)      svchost.exe
(\\NT-AUTORITÄT\SYSTEM,5396,14132,0,5340,5,12656250,5000000,196,4,426606)       svchost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,23248,25620,0,6492,22,520156250,602031250,145,1,426606)   TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6440,11420,0,6404,6,156250,0,133,2,426606)        conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,6536,27036,0,6548,6,85156250,79218750,478,10,426606)    sihost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,3600,15488,0,6924,3,781250,1406250,285,4,426606)        svchost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,6824,29984,0,5252,6,3125000,2343750,395,3,426606)       svchost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,5196,15096,0,5024,5,468750,937500,252,4,426606) taskhostw.exe
(\\NT-AUTORITÄT\SYSTEM,6916,22936,0,7356,6,383906250,265781250,265,7,426605)    svchost.exe
(\\NT-AUTORITÄT\SYSTEM,1708,8208,0,7580,1,312500,625000,244,4,426605)   svchost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,3360,14884,0,7884,3,468750,781250,257,4,426605)  svchost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,29068,106504,0,5128,28,18281250,35625000,1516,29,426605)        explorer.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,6028,14112,0,8532,5,1344218750,2422812500,208,12,426604)        TSVNCache.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,26216,70952,0,8692,25,5781250,3906250,804,11,426604)    ShellExperienceHost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,94088,166656,0,8872,91,38593750,14375000,1225,42,426604)        SearchUI.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,4516,21588,0,9068,4,468750,1562500,277,3,426603)        RuntimeBroker.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,12424,34480,0,9300,12,8906250,14062500,487,5,426603)    RuntimeBroker.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,30020,66400,0,9892,29,4352187500,1212500000,257,1,426602) TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,25996,60120,0,9912,25,164531250,45000000,257,1,426602)    TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11416,0,9932,6,156250,0,133,2,426602)        conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,23616,52820,0,9940,23,13437500,13281250,256,1,426602)     TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6436,11420,0,9960,6,0,156250,133,2,426602)        conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,16672,39148,0,9968,16,2500000,9531250,256,1,426602)       TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6448,11412,0,9992,6,0,0,133,2,426602)     conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,16688,39156,0,10000,16,2343750,8593750,256,1,426602)      TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6440,11408,0,10024,6,312500,0,133,2,426602)       conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,65636,103480,0,10036,64,4577968750,1207500000,267,1,426602)       TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6436,11412,0,10056,6,0,156250,133,2,426602)       conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,60836,96584,0,10068,59,164843750,55156250,267,1,426602)   TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,53444,85384,0,10104,52,21875000,20000000,266,1,426602)    TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,45076,67252,0,10132,44,16250000,15625000,256,1,426602)    TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11416,0,10144,6,0,0,133,2,426602)    conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,45212,67336,0,10164,44,17656250,18125000,256,1,426602)    TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6436,11408,0,10172,6,156250,312500,133,2,426602)  conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11416,0,10196,6,312500,156250,133,2,426602)  conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,45108,67220,0,10204,44,20000000,15000000,256,1,426602)    TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,45200,67264,0,10228,44,14843750,15625000,256,1,426602)    TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,45284,67328,0,8504,44,15156250,16250000,256,1,426602)     TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6448,11420,0,6220,6,0,156250,133,2,426602)        conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,45292,67368,0,6820,44,13281250,14687500,256,1,426602)     TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6448,11416,0,7248,6,156250,0,133,2,426602)        conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6428,11412,0,9688,6,312500,156250,133,2,426602)   conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,25756,55680,0,9708,25,2004843750,606250000,257,1,426602)  TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,20456,44344,0,7740,19,311250000,96718750,256,1,426602)    TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,25444,51436,0,9400,24,1176562500,349375000,257,1,426602)  TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,16672,39136,0,7448,16,3593750,8750000,256,1,426602)       TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6436,11408,0,9760,6,156250,0,133,2,426602)        conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,20772,46340,0,7380,20,86093750,35468750,257,1,426602)     TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6436,11416,0,9748,6,156250,0,133,2,426602)        conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,19276,42716,0,8760,18,204375000,77343750,256,1,426602)    TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11420,0,8740,6,156250,0,133,2,426602)        conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,25852,54652,0,10244,25,1109687500,315000000,257,1,426602) TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,24856,51368,0,10276,24,12646562500,3146718750,256,1,426602)       TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,27884,56200,0,10304,27,5222343750,987031250,257,1,426602) TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,25896,53188,0,10324,25,379687500,123437500,267,1,426602)  TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11408,0,10332,6,156250,312500,133,2,426602)  conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6452,11416,0,10356,6,0,156250,133,2,426602)       conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,17040,39684,0,10364,16,155625000,58906250,256,1,426602)   TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,18104,41040,0,10396,17,1228437500,538593750,256,1,426602) TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,20772,44684,0,10424,20,309843750,116562500,257,1,426602)  TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,19720,44660,0,10452,19,167500000,66093750,256,1,426602)   TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11420,0,10492,6,156250,312500,133,2,426602)  conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6440,11412,0,10504,6,156250,0,133,2,426602)       conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,16708,39172,0,10512,16,1406250,8593750,256,1,426602)      TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,23028,49616,0,10540,22,1415468750,471406250,256,1,426602) TEST.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6448,11416,0,10572,6,0,312500,133,2,426602)       conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11412,0,10592,6,0,0,133,2,426602)    conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6440,11412,0,10604,6,0,156250,133,2,426602)       conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6432,11412,0,10616,6,0,156250,133,2,426602)       conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11420,0,10628,6,156250,156250,133,2,426602)  conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11412,0,10644,6,0,0,133,2,426602)    conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11416,0,10692,6,156250,0,133,2,426602)       conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11408,0,10708,6,156250,0,133,2,426602)       conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6448,11416,0,10752,6,0,0,133,2,426602)    conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6428,11412,0,10780,6,0,156250,133,2,426602)       conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6444,11412,0,10796,6,0,156250,133,2,426602)       conhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6448,11416,0,10808,6,0,0,133,2,426602)    conhost.exe
(SYSTEM,0,15236,0,11392,8,166250000,93906250,218,8,426602)      NisSrv.exe
(\\NT-AUTORITÄT\SYSTEM,3728,12252,0,12028,3,156250,312500,210,4,426599) dllhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,3760,16700,0,12112,3,5625000,13750000,289,1,426599)     RuntimeBroker.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,9392,27904,0,11508,9,5000000,3281250,437,8,426593)      smartscreen.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,1808,7884,0,11984,1,0,156250,157,1,426592)      eDocPrintProMonitor.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,5664,17980,0,6868,5,31718750,22343750,283,4,426592)     vmtoolsd.exe
(\\NT-AUTORITÄT\SYSTEM,45348,58136,0,12300,44,1717812500,3222968750,590,18,426589)      WmiPrvSE.exe
(\\NT-AUTORITÄT\Lokaler Dienst,27568,27744,0,13000,26,272343750,1438906250,337,22,426489)       svchost.exe
(\\NT-AUTORITÄT\SYSTEM,9100,15792,0,1228,8,2812500,1875000,295,9,426488)        svchost.exe
(\\NT-AUTORITÄT\SYSTEM,2068,9376,0,5508,2,0,312500,187,1,425988)        svchost.exe
(\\NT-AUTORITÄT\SYSTEM,6356,10960,0,6304,6,937500,312500,194,4,425986)  svchost.exe
(SYSTEM,0,5752,0,12360,2,4375000,18750000,343,12,424726)        csrss.exe
(\\NT-AUTORITÄT\SYSTEM,2836,10824,0,3016,2,625000,1093750,285,4,424726) winlogon.exe
(\\Font Driver Host\UMFD-3,2276,6532,0,2368,2,625000,468750,53,5,424726)        fontdrvhost.exe
(\\Window Manager\DWM-3,28764,71072,0,10476,28,21250000,14687500,602,22,424726) dwm.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,3648,17848,0,5080,3,1718750,9375000,431,11,424725)        rdpclip.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,6704,27412,0,4688,6,107812500,107187500,468,11,424725)    sihost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,3516,15392,0,1860,3,625000,2031250,283,3,424725)  svchost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5580,26344,0,12704,5,1250000,1718750,351,4,424725)        svchost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,4656,14716,0,1916,4,937500,781250,243,6,424725)   taskhostw.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,51056,144936,0,5784,49,47500000,88125000,2083,59,424725)  explorer.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,22224,63328,0,11492,21,5156250,2187500,744,21,424724)     ShellExperienceHost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,85780,158336,0,5540,83,24531250,13125000,1166,40,424724)  SearchUI.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,4128,16228,0,4416,4,1093750,1562500,264,2,424724) RuntimeBroker.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,8316,24652,0,8060,8,6718750,8593750,436,6,424724) RuntimeBroker.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,3828,15820,0,12732,3,1093750,1718750,395,11,424724)       ctfmon.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,9148,27904,0,4784,8,156250,1093750,442,8,424722)  smartscreen.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,1832,7912,0,11152,1,0,156250,157,1,424714)        eDocPrintProMonitor.exe
(SYSTEM,0,159088,0,13100,123,212572500000,6255781250,995,44,420375)     MsSense.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,3628,12468,0,6596,3,312500,156250,227,5,420358)   dllhost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,4832,24160,0,12368,4,1093750,2187500,288,4,420357)        ApplicationFrameHost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,1616,11396,0,12516,1,468750,312500,151,2,420357) svchost.exe
(\\NT-AUTORITÄT\SYSTEM,3796,10496,0,4804,3,625000,1406250,166,11,420356)        SenseTVM.exe
(SYSTEM,0,15156,0,4052,4,12031250,9375000,320,5,420356) SecurityHealthService.exe
(\\NT-AUTORITÄT\Lokaler Dienst,55636,53696,0,2484,53,5702343750,377968750,104,5,420355) SenseNdr.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,3800,16876,0,2604,3,9531250,15000000,292,2,420347)        RuntimeBroker.exe
(\\NT-AUTORITÄT\Lokaler Dienst,3904,18860,0,11716,3,781250,937500,285,3,419160) svchost.exe
(SYSTEM,0,8040,0,6708,1,312500,156250,186,1,368950)     svchost.exe
(\\NT-AUTORITÄT\SYSTEM,3928,9692,0,12092,3,937500,625000,204,7,341677)  svchost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,24088,69284,0,13096,23,6875000,10156250,813,18,337949)  OneDrive.exe
(SYSTEM,0,5108,0,8216,1,0,1250000,167,10,162627)        csrss.exe
(\\NT-AUTORITÄT\SYSTEM,2076,9104,0,11712,2,156250,937500,227,2,162627)  winlogon.exe
(\\Font Driver Host\UMFD-4,1588,4668,0,7352,1,156250,0,53,5,162627)     fontdrvhost.exe
(\\NT-AUTORITÄT\SYSTEM,15332,51948,0,9744,14,1406250,1093750,472,16,162627)     LogonUI.exe
(\\Window Manager\DWM-4,26660,51940,0,8704,26,1718750,1250000,541,19,162627)    dwm.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,3408,18176,0,11772,3,0,1875000,406,5,162626)    rdpclip.exe
(\\NT-AUTORITÄT\SYSTEM,1712,7140,0,4936,1,0,468750,134,3,162626)        vm3dservice.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,1572,6756,0,11000,1,156250,156250,130,1,162626) rdpinput.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,3824,15868,0,7268,3,1406250,1718750,392,11,162624)      ctfmon.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,4156,17900,0,5000,4,625000,1093750,368,9,162624)        TabTip.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,1316,5060,0,3320,1,156250,156250,116,1,162624)  TabTip32.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED2,3792,12520,0,12132,3,312500,625000,226,5,162616)        dllhost.exe
(\\NT-AUTORITÄT\SYSTEM,7136,29088,0,5840,6,312500,468750,386,5,162579)  LogonUI.exe
(\\NT-AUTORITÄT\SYSTEM,2788,4484,0,11076,2,781250,2187500,220,4,148013) MicrosoftEdgeUpdate.exe
(SYSTEM,0,13736,0,11108,4,468750,625000,338,4,1237)     SenseIR.exe
(\\NT-AUTORITÄT\SYSTEM,22168,42112,0,5348,21,8593750,8750000,681,15,227)        svchost.exe
(\\NT-AUTORITÄT\SYSTEM,10320,22876,0,5272,10,781250,1093750,483,13,206) svchost.exe
(SYSTEM,0,11164,0,9368,2,156250,312500,245,7,169)       svchost.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,2396,4676,0,4868,2,0,781250,88,1,63)      cmd.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,12256,25888,0,1884,11,625000,1562500,217,4,63)    conhost.exe
(\\NT-AUTORITÄT\Lokaler Dienst,8104,15592,0,7736,7,1250000,1093750,314,10,61)   WmiPrvSE.exe
(\\NT-AUTORITÄT\SYSTEM,2104,9256,0,13068,2,156250,312500,189,8,38)      WmiApSrv.exe
(\\NT-AUTORITÄT\SYSTEM,5140,4764,0,3368,5,0,0,122,5,8)  cron.exe
(\\NT-AUTORITÄT\SYSTEM,5140,4740,0,11044,5,0,0,122,5,8) cron.exe
(\\NT-AUTORITÄT\SYSTEM,5136,4740,0,1564,5,0,0,122,5,8)  cron.exe
(\\NT-AUTORITÄT\SYSTEM,5176,4760,0,7264,5,0,156250,122,6,8)     cron.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5608,7260,0,1104,5,0,156250,164,8,8)      bash.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5596,7248,0,1020,5,0,312500,166,8,8)      bash.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5608,7252,0,1552,5,0,312500,166,8,8)      bash.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5612,7260,0,5668,5,0,156250,166,8,8)      bash.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,18908,22052,0,7700,18,468750,1875000,134,6,6)     PSIperl
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,18900,22048,0,7712,18,937500,1406250,134,6,6)     PSIperl
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,18912,22056,0,1640,18,937500,1718750,134,6,6)     PSIperl
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,18916,22064,0,3660,18,1406250,1250000,134,6,6)    PSIperl
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5240,6732,0,5644,5,0,468750,164,7,6)      sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5232,6792,0,100,5,156250,312500,164,7,6)  sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5236,6728,0,9256,5,0,312500,164,7,6)      sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5240,6732,0,4916,5,0,156250,164,7,6)      sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,18756,21024,0,9428,18,1406250,1250000,124,5,5)    PSIperl
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,18780,21032,0,11432,18,1406250,1093750,124,6,5)   PSIperl
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,18784,21036,0,6268,18,1562500,1250000,124,6,5)    PSIperl
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,18780,21032,0,3416,18,1406250,1093750,124,6,5)    PSIperl
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5272,6760,0,444,5,156250,156250,162,8,5)  sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5272,6764,0,4692,5,0,312500,162,8,5)      sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5280,6772,0,3500,5,156250,156250,164,8,5) sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5292,6776,0,11116,5,0,312500,162,8,5)     sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5168,4736,0,12980,5,0,156250,121,4,5)     sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5200,4748,0,7868,5,0,156250,121,5,5)      sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5196,4744,0,4944,5,156250,0,121,5,5)      sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,5200,4752,0,7608,5,0,156250,121,5,5)      sh.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,520,72,0,9116,0,0,0,12,1,5)       sendtele.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,520,72,0,6880,0,0,0,12,1,5)       sendtele.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,524,72,0,8816,0,0,0,12,1,5)       sendtele.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,520,72,0,7940,0,0,0,12,1,5)       sendtele.exe
(\\SERVERNAMEREDACTED\ADMINUSERREDACTED,1496,6148,0,4992,1,0,156250,97,5,0)       cmk-agent-ctl.exe
(\\NT-AUTORITÄT\SYSTEM,2784,1204,0,4380,0,0,0,25,1,0)   cscript.exe
(\\NT-AUTORITÄT\SYSTEM,6716,80,0,8712,0,0,0,0,1,0)      conhost.exe
<<<>>>

r.sander · December 4, 2024, 8:42am

You should configure the agent to output more info for processes. When using the bakery the ruleset “Finetune Windows process monitoring” can be used. Otherwise create this entry in the check_mk.user.yml config file:

ps:
    enabled: yes
    use_wmi: yes
    full_path: yes

This way you get the full command line and can distinguish using the arguments to TEST.exe.

PrieserMax · December 4, 2024, 9:18am

I have changed the values in the corresponding config file (“C:\Program Files (x86)\checkmk\service\install\check_mk.user.yml”)

I also restarted the service, but it still doesn’t output the required informations.
→ Exactly the same output

Do you have any idea why?

PrieserMax · December 16, 2024, 1:00pm

Do you have another idea?
Greetings
Max

r.sander · December 16, 2024, 1:43pm

The config file check_mk_user.yml is in the directory C:\ProgramData\checkmk\agent.