Texfile monitoring in Windows not working?

Troubleshooting
1

I have downloaded mk_logwatch.exe and placed in the plugins-folder of monitored pc.
Created logwatch.cfg and tested with placing it in plugins folder, config-folder, agent-folder.

Content:
C:\logfiles\log.txt
C error (<-- indented with a spac, but it dont show here).

Then I run a discovery on the host from WATOto, and expect to find a new service for logwatch, but nothing changes.

What am I doing wrong…?

2

Hi @Thunder-Cloud

In principle, what you describe sounds correct. What happens if you execute the agent “locally”?
Do you get a “logwatch” section? If not, then probably something in your config is missing.

Additionally: when I search this forum for cases like yours, I can find multiple threads with the same or a similar issue, so… you should be able to find an answer for your issue.

HTH,
Thomas

3

Yes the logwatch section appears if the config file is in the same directory as mk_logwatch.exe

Still no services is identified when running a discovery although I have tried to plaece the confi file in various mentions locations.

I have not been able to find a solution to get this to work, hence I created this thread here.

4

Hi,
you have to

  • store mk_logwatch.exe in the plugin directory
  • store logwatch.cfg in the config directory
  • create the file c:\logfiles\log.txt with some content
  • restart the CMK agent

Karl

5

Thanks Karl,

Sound simple. But still nothing happens at all.

6

Hi,
can you post the agent output, the content of your logfile and the content of logwatch.cfg?

Karl

7

Hi @Thunder-Cloud

OK, so your local output “proves” that what you did seems to be correct on the
target to be monitored.

Have you tried to telnet/netcat the host? Does it return the logwatch section as well?
If you try the same with "cmk -d <TARGET>" do you get the logwatch
section, too?

Thomas

1 Like
8

Hi,
have you disabled “Messages in text logfiles” in the windows agent?

Karl

9

If I telnet to port 6556 I get a <<< logwatch >>> line, but I dont find it inthe output below.

"C:\ProgramData\checkmk\agent\config\logwatch.cfg"
C:\PAF\test.txt
C Fail event detected on md device
I mdadm.*: Rebuild.event detected
W Error
C Error: (.)

"C:\PAF\test.txt"
Error this is a test
Error: this is a test

Output from:
C:\Program Files (x86)\checkmk\service>check_mk_agent.exe test
<<<check_mk>>>
Version: 1.6.0p20
BuildDate: Jan 13 2021
AgentOS: windows
Hostname: PC01
Architecture: 64bit
WorkingDirectory: C:\Program Files (x86)\checkmk\service
ConfigFile: C:\Program Files (x86)\checkmk\service\check_mk.yml
LocalConfigFile: C:\ProgramData\checkmk\agent\check_mk.user.yml
AgentDirectory: C:\Program Files (x86)\checkmk\service
PluginsDirectory: C:\ProgramData\checkmk\agent\plugins
StateDirectory: C:\ProgramData\checkmk\agent\state
ConfigDirectory: C:\ProgramData\checkmk\agent\config
TempDirectory: C:\ProgramData\checkmk\agent\tmp
LogDirectory: C:\ProgramData\checkmk\agent\log
SpoolDirectory: C:\ProgramData\checkmk\agent\spool
LocalDirectory: C:\ProgramData\checkmk\agent\local
OnlyFrom:
<<<wmi_cpuload:sep(124)>>>
[system_perf]
AlignmentFixupsPersec|Caption|ContextSwitchesPersec|Description|ExceptionDispatchesPersec|FileControlBytesPersec|FileControlOperationsPersec|FileDataOperationsPersec|FileReadBytesPersec|FileReadOperationsPersec|FileWriteBytesPersec|FileWriteOperationsPersec|FloatingEmulationsPersec|Frequency_Object|Frequency_PerfTime|Frequency_Sys100NS|Name|PercentRegistryQuotaInUse|PercentRegistryQuotaInUse_Base|Processes|ProcessorQueueLength|SystemCallsPersec|SystemUpTime|Threads|Timestamp_Object|Timestamp_PerfTime|Timestamp_Sys100NS|WMIStatus
0||4195097171||816051|122111211531|3168914788|85535750|211211868417|49702735|58627752987|35833015|0|10000000|10000000|10000000||155974256|4294967295|229|0|3954267575|132578096338992086|3242|132585501601365135|7404998244472|132585537601360000|OK
[computer_system]
AdminPasswordStatus|AutomaticManagedPagefile|AutomaticResetBootOption|AutomaticResetCapability|BootOptionOnLimit|BootOptionOnWatchDog|BootROMSupported|BootStatus|BootupState|Caption|ChassisBootupState|ChassisSKUNumber|CreationClassName|CurrentTimeZone|DaylightInEffect|Description|DNSHostName|Domain|DomainRole|EnableDaylightSavingsTime|FrontPanelResetStatus|HypervisorPresent|InfraredSupported|InitialLoadInfo|InstallDate|KeyboardPasswordStatus|LastLoadInfo|Manufacturer|Model|Name|NameFormat|NetworkServerModeEnabled|NumberOfLogicalProcessors|NumberOfProcessors|OEMLogoBitmap|OEMStringArray|PartOfDomain|PauseAfterReset|PCSystemType|PCSystemTypeEx|PowerManagementCapabilities|PowerManagementSupported|PowerOnPasswordStatus|PowerState|PowerSupplyState|PrimaryOwnerContact|PrimaryOwnerName|ResetCapability|ResetCount|ResetLimit|Roles|Status|SupportContactDescription|SystemFamily|SystemSKUNumber|SystemStartupDelay|SystemStartupOptions|SystemStartupSetting|SystemType|ThermalState|TotalPhysicalMemory|UserName|WakeUpType|Workgroup|WMIStatus
3|1|1|1|||1||Normal boot|PC01|3||Win32_ComputerSystem|60|0|AT/AT COMPATIBLE|PC01|domain.local|1|1|3|1|0|||3||Xen|HVM domU|PC01||1|2|1|||1|-1|1|1|||3|0|3||Windows User|1|65535|65535||OK|||||||x64-based PC|3|8580546560|DOMAIN\user|6||OK
<<>>
740499
<<df:sep(9)>>
C:\ NTFS 82699452 45156132 37543320 55% C:
<<>>
MemTotal: 8379440 kB
MemFree: 2547900 kB
SwapTotal: 4018804 kB
SwapFree: 18014398508998340 kB
PageTotal: 12398244 kB
PageFree: 2064256 kB
VirtualTotal: 137438953344 kB
VirtualFree: 137434639652 kB
<<fileinfo:sep(124)>>
1614076560
<<>>
[[[Application]]]
[[[Cisco AnyConnect Secure Mobility Client]]]
[[[HardwareEvents]]]
[[[Internet Explorer]]]
[[[Key Management Service]]]
[[[OAlerts]]]
[[[Security:missing]]]
[[[System]]]
[[[Windows PowerShell]]]
<<>>
AJRouter stopped/disabled AllJoyn Router Service
ALG stopped/disabled Application Layer Gateway Service
AppIDSvc stopped/demand Application Identity
Appinfo running/demand Application Information
AppMgmt stopped/demand Application Management
AppReadiness stopped/demand App Readiness
AppVClient stopped/disabled Microsoft App-V Client
AppXSvc stopped/demand AppX Deployment Service (AppXSVC)
AssignedAccessManagerSvc stopped/demand AssignedAccessManager-tjänsten
AudioEndpointBuilder running/auto Windows Audio Endpoint Builder
Audiosrv running/auto Windows Audio
autotimesvc stopped/demand Tid från mobilnät
AxInstSV stopped/demand ActiveX Installer (AxInstSV)
BDESVC stopped/disabled BitLocker Drive Encryption Service
BFE running/auto Base Filtering Engine
BITS stopped/demand Background Intelligent Transfer Service
BrokerAgent running/auto Citrix Desktop Service
BrokerInfrastructure running/auto Background Tasks Infrastructure Service
Browser running/demand Computer Browser
BTAGService stopped/disabled Ljudgatewaytjänst för Bluetooth
BthAvctpSvc stopped/disabled AVCTP-tjänsten
bthserv stopped/disabled Bluetooth Support Service
camsvc running/demand Tjänst för att hantera funktionsåtkomst
CdfCaptureService stopped/demand Citrix CDF Capture Service
CdfSvc running/auto Citrix Diagnostic Facility COM Server
CDPSvc running/auto Connected Devices Platform Service
CertPropSvc stopped/disabled Certificate Propagation
CheckMkService running/auto Check MK Service
Citrix_Encryption_Service running/auto Citrix Encryption Service
Citrix_EUEM running/auto Citrix End User Experience Monitoring Service
CitrixCseEngine running/auto Citrix Group Policy Engine
CitrixRDR running/auto Citrix Device Redirector Service
CitrixTelemetryService running/auto Citrix Telemetry Service
CitrixUWACacheService running/auto Citrix UWA Cache Service
CitrixVDACeipService running/auto Citrix CEIP Service for Vda
ClickToRunSvc running/auto Tjänsten Microsoft Office Klicka-och-kör
ClipSVC running/demand Client License Service (ClipSVC)
COMSysApp stopped/demand COM+ System Application
CoreMessagingRegistrar running/auto CoreMessaging
cpsvc running/auto Citrix Print Manager Service
CryptSvc running/auto Cryptographic Services
CscService stopped/disabled Offline Files
CtxAudioSrv running/auto Citrix Audio Redirection Service
CtxBrowserSvc running/auto Citrix HDX Browser Redirection Service
CtxClipboardSvc running/auto Citrix Clipboard Service
CtxDNDSvc running/auto Citrix DND Service
CtxFidoMux running/auto Citrix WebAuthn Redirection Service
CtxGDTSvc running/auto Citrix GDT Service
CtxHdxWebSocketService running/auto Citrix HDX HTML5 Video Redirection Service
CtxLocalUserSrv running/auto Citrix Local User Service Manager
CtxMultiTouchSvc running/auto Citrix MultiTouch Redirection Service
CtxNsapSvc running/auto Citrix Netscaler AppFlow Service
CtxPortFwdSvc running/auto Citrix HDX Port Forwarding Service
CtxSCardCertPropSvc running/auto Citrix Smart Card Certificate Propagation Service
CtxSCardRemovalPolicySvc running/auto Citrix Smart Card Removal Policy Service
CtxSensVcSvc running/auto Citrix Location and Sensor Virtual Channel Service
CtxSmartCardSvc running/auto Citrix Smart Card Service
CtxTeamsSvc running/auto Citrix HDX Teams Redirection Service
CtxWIASvc running/auto Citrix WIA Service
CWAUpdaterService running/auto Citrix Workspace Updater Service
DcomLaunch running/auto DCOM Server Process Launcher
defragsvc stopped/disabled Optimize drives
DeviceAssociationService stopped/demand Device Association Service
DeviceInstall stopped/demand Device Install Service
DevQueryBroker stopped/demand DevQuery Background Discovery Broker
Dhcp running/auto DHCP Client
diagnosticshub.standardcollector.service stopped/demand Microsoft ® standardinsamlingstjänsten Diagnostics Hub
diagsvc stopped/demand Diagnostic Execution Service
DiagTrack stopped/disabled Connected User Experiences and Telemetry
DispBrokerDesktopSvc running/auto Display Policy Service
DisplayEnhancementService running/demand Display Enhancement Service
DmEnrollmentSvc stopped/demand Registreringstjänst för enhetshantering
dmwappushservice stopped/demand Routningstjänst för push-meddelanden via Wireless Application Protocol (WAP) och enhetshantering
Dnscache running/auto DNS Client
DoSvc running/auto Delivery Optimization
dot3svc stopped/demand Wired AutoConfig
DPS stopped/disabled Diagnostic Policy Service
DsmSvc stopped/demand Device Setup Manager
DsSvc running/demand Data Sharing Service
DusmSvc stopped/disabled Dataanvändning
Eaphost stopped/demand Extensible Authentication Protocol
edgeupdate stopped/auto Microsoft Edge-uppdatering Service (edgeupdate)
edgeupdatem stopped/demand Microsoft Edge-uppdatering Service (edgeupdatem)
EFS stopped/disabled Encrypting File System (EFS)
embeddedmode stopped/demand Inbäddat läge
EntAppSvc stopped/demand Enterprise App Management Service
EventLog running/auto Windows Event Log
EventSystem running/auto COM+ Event System
fdPHost stopped/disabled Function Discovery Provider Host
FDResPub stopped/disabled Function Discovery Resource Publication
fhsvc stopped/demand File History Service
FontCache running/auto Windows Font Cache Service
FontCache3.0.0.0 stopped/demand Windows Presentation Foundation Font Cache 3.0.0.0
FoxitReaderUpdateService running/auto Foxit Reader Update Service
FrameServer stopped/demand FrameServer för Windows Kamera
gpsvc stopped/auto Group Policy Client
GraphicsPerfSvc stopped/demand GraphicsPerfSvc
hidserv stopped/demand Human Interface Device Service
HvHost stopped/demand HV-värdtjänst
icssvc stopped/disabled Tjänsten Windows Mobile Hotspot
IKEEXT running/auto IKE and AuthIP IPsec Keying Modules
InstallAgent stopped/demand Citrix XenServer Installation and Update Agent
InstallService running/demand Microsoft Store-installationstjänst
iphlpsvc running/auto IP Helper
IpxlatCfgSvc stopped/demand Konfigurationstjänst för IP-konvertering
KeyIso running/demand CNG Key Isolation
KtmRm stopped/demand KtmRm for Distributed Transaction Coordinator
LanmanServer running/auto Server
LanmanWorkstation running/auto Workstation
lfsvc running/demand Geolocation Service
LicenseManager running/demand Tjänsten Windows Licenshanteraren
lltdsvc stopped/demand Link-Layer Topology Discovery Mapper
lmhosts running/demand TCP/IP NetBIOS Helper
LSM running/auto Local Session Manager
LxpSvc stopped/demand Tjänst för lokaliserade resurser
MapsBroker stopped/auto Downloaded Maps Manager
MicrosoftEdgeElevationService stopped/demand Microsoft Edge Elevation Service
MixedRealityOpenXRSvc stopped/demand Windows Mixed Reality OpenXR Service
mpssvc running/auto Windows Defender Firewall
MRVCSvc running/auto Citrix Mobile Receiver Virtual Channel Service
MSDTC stopped/demand Distributed Transaction Coordinator
MSiSCSI stopped/demand Microsoft iSCSI Initiator Service
msiserver stopped/demand Windows Installer
msoidsvc running/auto Microsoft Online Services Sign-in Assistant
NaturalAuthentication stopped/demand Natural Authentication
NcaSvc stopped/demand Network Connectivity Assistant
NcbService running/demand Network Connection Broker
NcdAutoSetup stopped/demand Network Connected Devices Auto-Setup
Net_Driver_HPZ12 running/auto Net Driver HPZ12
Netlogon running/auto Netlogon
Netman stopped/demand Network Connections
netprofm running/demand Network List Service
NetSetupSvc stopped/demand Network Setup Service
NetTcpPortSharing stopped/disabled Net.Tcp Tjänst för delning av port
NgcCtnrSvc stopped/demand Microsoft Passport Container
NgcSvc stopped/demand Microsoft Passport
NlaSvc running/auto Network Location Awareness
nsi running/auto Network Store Interface Service
OfficeSvcManagerAddons stopped/demand OfficeSvcManagerAddons
p2pimsvc stopped/demand Peer Networking Identity Manager
p2psvc stopped/demand Peer Networking Grouping
PcaSvc running/demand Program Compatibility Assistant Service
PeerDistSvc stopped/disabled BranchCache
perceptionsimulation stopped/demand Windows Perception Simulation Service
PerfHost stopped/demand Performance Counter DLL Host
PhoneSvc stopped/demand Phone Service
PicaDvcControllerSvc running/auto Citrix Dynamic Virtual Channel Service
pla stopped/demand Performance Logs & Alerts
PlugPlay running/demand Plug and Play
Pml_Driver_HPZ12 running/auto Pml Driver HPZ12
PNRPAutoReg stopped/demand PNRP Machine Name Publication Service
PNRPsvc stopped/demand Peer Name Resolution Protocol
PolicyAgent running/demand IPsec Policy Agent
PorticaService running/auto Citrix ICA Service
Power running/auto Power
PrintNotify stopped/demand Printer Extensions and Notifications
ProfSvc running/auto User Profile Service
Proxifier stopped/auto Proxifier
PushToInstall stopped/demand Windows PushToInstall Service
QWAVE stopped/demand Quality Windows Audio Video Experience
RasAuto stopped/demand Remote Access Auto Connection Manager
RasMan running/auto Remote Access Connection Manager
RemoteAccess stopped/disabled Routing and Remote Access
RemoteRegistry stopped/auto Remote Registry
RetailDemo stopped/disabled Demotjänst för återförsäljning
RmSvc stopped/demand Tjänst för hantering av trådlösa anslutningar
RpcEptMapper running/auto RPC Endpoint Mapper
RpcLocator stopped/demand Remote Procedure Call (RPC) Locator
RpcSs running/auto Remote Procedure Call (RPC)
SamSs running/auto Security Accounts Manager
SCardSvr running/auto Smart Card
ScDeviceEnum stopped/demand Smart Card Device Enumeration Service
Schedule running/auto Task Scheduler
SCPolicySvc stopped/disabled Smart Card Removal Policy
SDRSVC stopped/demand Windows Säkerhetskopiering
seclogon stopped/demand Secondary Logon
SecurityHealthService running/demand Tjänsten Windows-säkerhet
SEMgrSvc stopped/demand Hanterare för betalningar och NFC/SE
SENS running/auto System Event Notification Service
Sense stopped/demand Windows Defender Advanced Threat Protection Service
SensorDataService stopped/demand Sensor Data Service
SensorService stopped/demand Sensor Service
SensrSvc stopped/disabled Sensor Monitoring Service
SessionEnv running/demand Remote Desktop Configuration
SgrmBroker running/auto System Guard Runtime Monitor Broker
SharedAccess stopped/disabled Internet Connection Sharing (ICS)
SharedRealitySvc stopped/demand Spatialdatatjänsten
ShellHWDetection stopped/disabled Shell Hardware Detection
shpamsvc stopped/disabled Shared PC Account Manager
smphost stopped/demand Microsoft Storage Spaces SMP
SmsRouter stopped/demand Tjänsten Microsoft Windows SMS Router.
SNMPTRAP stopped/demand SNMP Trap
spectrum stopped/demand Windows Perception Service
Spooler running/auto Print Spooler
sppsvc stopped/auto Software Protection
SSDPSRV stopped/disabled SSDP Discovery
ssh-agent stopped/disabled OpenSSH Authentication Agent
SstpSvc running/demand Secure Socket Tunneling Protocol Service
StateRepository running/demand State Repository Service
stisvc stopped/auto Windows Image Acquisition (WIA)
StorSvc running/demand Storage Service
svsvc stopped/demand Spot Verifier
swprv stopped/demand Microsoft Software Shadow Copy Provider
SysMain running/auto SysMain
SystemEventsBroker running/auto System Events Broker
TabletInputService running/auto Touch Keyboard and Handwriting Panel Service
TapiSrv stopped/demand Telephony
TermService running/demand Remote Desktop Services
Themes running/auto Themes
TieringEngineService stopped/demand Storage Tiers Management
TimeBrokerSvc running/demand Time Broker
TokenBroker running/demand Webbkontohanterare
TrkWks stopped/disabled Distributed Link Tracking Client
TroubleshootingSvc stopped/demand Tjänst för rekommenderad felsökning
TrustedInstaller stopped/demand Windows Modules Installer
tzautoupdate stopped/disabled Automatisk uppdatering av tidszon
UevAgentService stopped/disabled User Experience Virtualization Service
uhssvc running/auto Microsoft Update Health Service
UmRdpService running/demand Remote Desktop Services UserMode Port Redirector
upnphost stopped/disabled UPnP Device Host
UserManager running/auto User Manager
UsoSvc running/auto Update Orchestrator Service
VacSvc stopped/disabled Tjänsten för volymetrisk ljudkomposition
VaultSvc running/demand Credential Manager
vds stopped/demand Virtual Disk
vmicguestinterface stopped/demand Hyper-V Guest Service Interface
vmicheartbeat stopped/demand Hyper-V Heartbeat Service
vmickvpexchange stopped/demand Hyper-V Data Exchange Service
vmicrdv stopped/demand Tjänsten Virtualisering av fjärrskrivbord för Hyper-V
vmicshutdown stopped/demand Hyper-V Guest Shutdown Service
vmictimesync stopped/demand Hyper-V Time Synchronization Service
vmicvmsession stopped/demand Hyper-V PowerShell Direct Service
vmicvss stopped/demand Hyper-V Volume Shadow Copy Requestor
VSS stopped/demand Volume Shadow Copy
W32Time running/demand Windows Time
WaaSMedicSvc stopped/demand Windows Update Medic Service
WalletService stopped/demand WalletService
WarpJITSvc stopped/demand WarpJITSvc
wbengine stopped/disabled Block Level Backup Engine Service
WbioSrvc running/auto Windows Biometric Service
Wcmsvc running/auto Windows Connection Manager
wcncsvc stopped/disabled Windows Connect Now - Config Registrar
WdiServiceHost stopped/disabled Diagnostic Service Host
WdiSystemHost stopped/disabled Diagnostic System Host
WdNisSvc running/demand Windows Defender Antivirus Network Inspection Service
WebClient running/demand WebClient
Wecsvc stopped/demand Windows Event Collector
WEPHOSTSVC stopped/demand Windows Encryption Provider Host Service
wercplsupport stopped/demand Problem Reports and Solutions Control Panel Support
WerSvc stopped/disabled Windows Error Reporting Service
WFDSConMgrSvc stopped/demand Anslutningshanterare för Wi-Fi Direct-tjänster
WiaRpc stopped/demand Still Image Acquisition Events
WinDefend running/auto Windows Defender Antivirus Service
WinHttpAutoProxySvc running/demand WinHTTP Web Proxy Auto-Discovery Service
Winmgmt running/auto Windows Management Instrumentation
WinRM running/auto Windows Remote Management (WS-Management)
wisvc stopped/demand Windows Insider-tjänsten
WlanSvc stopped/disabled WLAN AutoConfig
wlidsvc stopped/demand Microsoft Account Sign-in Assistant
wlpasvc stopped/demand Local Profile Assistant Service
WManSvc stopped/demand Windows Management Service
wmiApSrv stopped/demand WMI Performance Adapter
WMPNetworkSvc stopped/disabled Windows Media Player Network Sharing Service
WpcMonSvc stopped/disabled Kontrollfunktioner för föräldrar
WPDBusEnum stopped/demand Portable Device Enumerator Service
WpnService running/auto Windows Push Notifications System Service
wscsvc running/auto Security Center
WSearch running/auto Windows Search
wuauserv stopped/demand Windows Update
WwanSvc stopped/disabled WWAN AutoConfig
XblAuthManager stopped/disabled Xbox Live autentiseringshanterare
XblGameSave stopped/disabled Spara speldata till Xbox Live
XboxGipSvc stopped/disabled Xbox Accessory Management Service
XboxNetApiSvc stopped/disabled Nätverkstjänst för Xbox Live
xenagent running/auto XenServer Agent
xenbus_monitor running/auto XenServer PV Driver Monitor
XenInstall stopped/demand Citrix Hypervisor PV Driver Installer
XenSvc running/auto Citrix Hypervisor Windows Management Agent
AarSvc_2395b67 stopped/demand Agent Activation Runtime_2395b67
BcastDVRUserService_2395b67 stopped/demand Användartjänst för Spel-DVR och sändning_2395b67
BluetoothUserService_2395b67 stopped/demand Bluetooth User Support Service_2395b67
CaptureService_2395b67 stopped/demand CaptureService_2395b67
cbdhsvc_2395b67 running/demand Clipboard User Service_2395b67
CDPUserSvc_2395b67 running/auto Connected Devices Platform User Service_2395b67
ConsentUxUserSvc_2395b67 stopped/demand ConsentUX_2395b67
CredentialEnrollmentManagerUserSvc_2395b67 stopped/demand CredentialEnrollmentManagerUserSvc_2395b67
DeviceAssociationBrokerSvc_2395b67 stopped/demand DeviceAssociationBroker_2395b67
DevicePickerUserSvc_2395b67 stopped/demand DevicePicker_2395b67
DevicesFlowUserSvc_2395b67 stopped/demand DevicesFlow_2395b67
MessagingService_2395b67 stopped/demand MessagingService_2395b67
OneSyncSvc_2395b67 running/auto Synkroniseringsvärd_2395b67
PimIndexMaintenanceSvc_2395b67 stopped/demand Contact Data_2395b67
PrintWorkflowUserSvc_2395b67 running/demand PrintWorkflow_2395b67
UnistoreSvc_2395b67 stopped/demand User Data Storage_2395b67
UserDataSvc_2395b67 stopped/demand User Data Access_2395b67
WpnUserService_2395b67 running/auto Windows Push Notifications User Service_2395b67
<<<winperf_phydisk>>>
1614076560.40 234 10000000
2 instances: 0_C: _Total
-36 0 0 rawcount
-34 82163158287 82163158287 type(20570500)
-34 132585501603985209 132585501603985209 type(40030500)
1166 82163158287 82163158287 type(550500)
-32 40319937692 40319937692 type(20570500)
-32 132585501603985209 132585501603985209 type(40030500)
1168 40319937692 40319937692 type(550500)
-30 41843220595 41843220595 type(20570500)
-30 132585501603985209 132585501603985209 type(40030500)
1170 41843220595 41843220595 type(550500)
-28 558779663 558779663 average_timer
-28 5039364 5039364 average_base
-26 1665232028 1665232028 average_timer
-26 1306104 1306104 average_base
-24 3188514931 3188514931 average_timer
-24 3733260 3733260 average_base
-22 5039364 5039364 counter
-20 1306104 1306104 counter
-18 3733260 3733260 counter
-16 229402805248 229402805248 bulk_count
-14 42483751936 42483751936 bulk_count
-12 186919053312 186919053312 bulk_count
-10 229402805248 229402805248 average_bulk
-10 5039364 5039364 average_base
-8 42483751936 42483751936 average_bulk
-8 1306104 1306104 average_base
-6 186919053312 186919053312 average_bulk
-6 3733260 3733260 average_base
1248 7362435815960 7362435815960 type(20570500)
1248 132585501603985209 132585501603985209 type(40030500)
1250 307090 307090 counter
<<<winperf_if>>>
1614076560.43 510 10000000
1 instances: XenServer_PV_Network_Device__0
-122 9743279589 bulk_count
-110 35455931 bulk_count
-244 22789099 bulk_count
-58 12666832 bulk_count
10 100000000000 large_rawcount
-246 5019397597 bulk_count
14 13046752 bulk_count
16 6902278 bulk_count
18 2840067 large_rawcount
20 2 large_rawcount
22 0 large_rawcount
-4 4723881992 bulk_count
26 12637436 bulk_count
28 29396 bulk_count
30 0 large_rawcount
32 0 large_rawcount
34 0 large_rawcount
1086 0 large_rawcount
1088 0 large_rawcount
1090 0 bulk_count
1092 0 bulk_count
1094 0 large_rawcount
<<<winperf_processor>>>
1614076560.45 238 10000000
3 instances: 0 1 _Total
-232 3843570468750 4202156250000 4022863359375 100nsec_timer_inv
-96 2140054531250 1959007343750 2049530937500 100nsec_timer
-94 1421376093750 1243823906250 1332600000000 100nsec_timer
-90 2070307432 2198601541 4268908973 counter
458 2110156250 889218750 1499687500 100nsec_timer
460 33898906250 29795468750 31847187500 100nsec_timer
1096 89949005 20861976 110810981 counter
1098 2 0 2 rawcount
1508 3481766484511 3670399762574 3576083123542 100nsec_timer
1510 3481766484511 3670399762574 3576083123542 100nsec_timer
1512 0 0 0 100nsec_timer
1514 0 0 0 100nsec_timer
1516 1135813251 1128780347 2264593598 bulk_count
1518 0 0 0 bulk_count
1520 0 0 0 bulk_count
<<<dotnet_clrmemory:sep(124)>>>
AllocatedBytesPersec|Caption|Description|FinalizationSurvivors|Frequency_Object|Frequency_PerfTime|Frequency_Sys100NS|Gen0heapsize|Gen0PromotedBytesPerSec|Gen1heapsize|Gen1PromotedBytesPerSec|Gen2heapsize|LargeObjectHeapsize|Name|NumberBytesinallHeaps|NumberGCHandles|NumberGen0Collections|NumberGen1Collections|NumberGen2Collections|NumberInducedGC|NumberofPinnedObjects|NumberofSinkBlocksinuse|NumberTotalcommittedBytes|NumberTotalreservedBytes|PercentTimeinGC|PercentTimeinGC_Base|ProcessID|PromotedFinalizationMemoryfromGen0|PromotedMemoryfromGen0|PromotedMemoryfromGen1|Timestamp_Object|Timestamp_PerfTime|Timestamp_Sys100NS|WMIStatus
2684683184|||2601|0|10000000|10000000|70254592|814908|2217980|1651668|23190940|8033192|Global|33442112|15330|255|202|14|0|286|1602|71421952|1509851136|2221|4294967295|0|422144|814908|1651668|0|7405001566428|132585537604680000|OK
0|||0|0|10000000|10000000|0|0|0|0|0|0|notepad++|0|0|0|0|0|0|0|4|0|0|0|0|0|0|0|0|0|7405001566428|132585537604680000|OK
84914488|||257|0|10000000|10000000|10485760|331184|835120|0|5054232|279520|OUTLOOK|6168872|2037|21|7|3|0|2|606|12541952|402644992|300|269993354|12880|11656|331184|0|0|7405001566428|132585537604680000|OK
0|||0|0|10000000|10000000|0|0|0|0|0|0|OUTLOOK#1|0|25|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|7405001566428|132585537604680000|OK
686648|||1|0|10000000|10000000|5242880|172|293044|295292|297716|34104|CtxWebBrowser|624864|135|2|2|0|0|5|6|729088|33546240|1122|2855717552|2308|48|172|295292|0|7405001566428|132585537604680000|OK
678456|||1|0|10000000|10000000|5242880|172|12|292276|292312|34104|CtxWebBrowser#1|326428|107|2|2|0|0|5|6|729088|33546240|919|2855717077|18828|48|172|292276|0|7405001566428|132585537604680000|OK
72288|||0|0|10000000|10000000|5242880|0|12|19916|32940|17752|CtxWebBrowser#2|50704|32|2|2|0|0|1|4|139264|33546240|35|2855560721|15832|0|0|19916|0|7405001566428|132585537604680000|OK
80480|||0|0|10000000|10000000|5242880|0|12|20160|37164|17752|CtxWebBrowser#3|54928|32|2|2|0|0|1|4|139264|33546240|19|2855558355|18680|0|0|20160|0|7405001566428|132585537604680000|OK
176799456|||148|0|10000000|10000000|5242880|50124|16604|33084|2765948|830416|SelfService|3612968|2018|35|34|1|0|137|62|9076736|33546240|39|407208243|960|31582|50124|33084|0|7405001566428|132585537604680000|OK
135854668|||1185|0|10000000|10000000|5242880|179180|181160|232|3018580|2824712|mRemoteNG|6024452|3266|20|19|4|0|0|388|11386880|33546240|599|2855559711|19680|126746|179180|232|0|7405001566428|132585537604680000|OK
252063352|||54|0|10000000|10000000|6291456|12272|501528|495552|4679856|2230800|KeePass|7412184|1359|33|6|1|0|0|260|13725696|402644992|150|850756721|17372|12272|12272|495552|0|7405001566428|132585537604680000|OK
650856904|||788|0|10000000|10000000|5242880|209844|211616|3716|1016668|903152|CDViewer|2131436|717|125|120|3|0|5|140|7659520|33546240|84|44592046|10264|209844|209844|3716|0|7405001566428|132585537604680000|OK
37933176|||57|0|10000000|10000000|6291456|17592|17872|235688|5723536|363872|FileMaker Pro 18 Advanced|6105280|5373|8|4|2|0|126|67|13574144|402644992|9837|3322813654|10260|17592|17592|235688|0|7405001566428|132585537604680000|OK
497004|||33|0|10000000|10000000|5242880|4044|61696|47236|56740|34104|concentr|152540|137|3|2|0|0|3|43|270336|33546240|72|1388076484|10564|2032|4044|47236|0|7405001566428|132585537604680000|OK
1904672|||77|0|10000000|10000000|5242880|10324|99304|208516|215248|462904|SelfServicePlugin|777456|92|2|2|0|0|1|12|1449984|33546240|54|2855560886|9228|10324|10324|208516|0|7405001566428|132585537604680000|OK
<<ps:sep(9)>>
(SYSTEM,8,8,0,0,0,0,8045726718750,0,2,740522) System Idle Process
(SYSTEM,3832,24,0,4,0,0,101833906250,6113,246,740522) System
(SYSTEM,140528,81164,0,88,7,0,169375000,0,4,740526) Registry
(SYSTEM,2151718416,464,0,680,1,0,1718750,53,2,740522) smss.exe
(SYSTEM,2151773624,4612,0,860,2,106250000,492656250,871,15,740515) csrss.exe
(SYSTEM,2151745556,5436,0,964,1,0,625000,160,1,740515) wininit.exe
(SYSTEM,2151894568,5096,0,980,2,87343750,1160625000,855,15,740515) csrss.exe
(SYSTEM,2151804236,16932,0,788,3,1562500,9375000,356,7,740515) winlogon.exe
(SYSTEM,2151764292,12432,0,808,6,7260312500,12060156250,899,11,740515) services.exe
(SYSTEM,2151804172,29216,0,768,12,3492187500,2243281250,2113,11,740515) lsass.exe
(SYSTEM,2151747108,5676,0,1128,1,156250,156250,107,2,740514) svchost.exe
(SYSTEM,2151750692,5588,0,1136,1,312500,468750,232,5,740514) WUDFHost.exe
(SYSTEM,2151753372,3936,0,1144,2,12500000,24375000,43,5,740514) fontdrvhost.exe
(SYSTEM,4301048,9204,0,1156,2,156250,1250000,215,8,740514) PicaSessionAgent.exe
(SYSTEM,2151875576,9412,0,1180,9,335781250,319375000,46,5,740514) fontdrvhost.exe
(SYSTEM,2151764288,6436,0,1292,2,1250000,781250,266,6,740514) WUDFHost.exe
(SYSTEM,2151830996,32540,0,1324,25,51900937500,60202812500,1165,20,740514) svchost.exe
(SYSTEM,2151823684,46032,0,1440,37,470667343750,144936093750,1419,14,740514) svchost.exe
(SYSTEM,2152409460,22592,0,1488,492,2454062500,1507656250,74451,7,740514) svchost.exe
(SYSTEM,2152226920,243916,0,1640,89,22805937500,4145937500,1274,15,740514) dwm.exe
(SYSTEM,4299184,11428,0,1656,2,22343750,92343750,199,4,740514) GfxMgr.exe
(SYSTEM,4314532,10128,0,1664,3,66406250,489062500,454,8,740514) PicaTwiHost.exe
(SYSTEM,4292932,9352,0,1672,1,1093750,1562500,174,4,740514) PicaEuemRelay.exe
(SYSTEM,4426040,94672,0,1724,89,4930781250,11845312500,205,2,740514) CtxGfx.exe
(SYSTEM,2151757088,7000,0,1820,1,7343750,4218750,202,3,740513) svchost.exe
(SYSTEM,2151793444,12612,0,1828,4,2305000000,1337343750,498,24,740513) svchost.exe
(SYSTEM,2151756512,8192,0,1844,2,5468750,6406250,194,6,740513) svchost.exe
(SYSTEM,2151753252,8528,0,1908,6,45312500,33125000,169,4,740513) svchost.exe
(SYSTEM,2151754932,8052,0,1916,2,625000,937500,225,4,740513) svchost.exe
(SYSTEM,2151761748,11208,0,1924,2,937500,937500,232,2,740513) svchost.exe
(SYSTEM,2151767328,13824,0,1984,2,21093750,11718750,184,6,740513) svchost.exe
(SYSTEM,2151754564,8616,0,2028,2,500781250,609062500,239,7,740513) svchost.exe
(SYSTEM,2151787984,16604,0,1764,6,71718750,84218750,412,11,740513) svchost.exe
(SYSTEM,2151750984,7716,0,2000,1,156250,468750,137,2,740513) svchost.exe
(SYSTEM,2151770936,10188,0,2116,3,679375000,1247812500,324,13,740513) svchost.exe
(SYSTEM,2151789124,12820,0,2160,3,2500000,5937500,237,3,740513) svchost.exe
(SYSTEM,2151837988,21652,0,2216,22,1591250000,837187500,736,11,740513) svchost.exe
(SYSTEM,2151760868,8540,0,2228,1,468750,625000,188,3,740513) svchost.exe
(SYSTEM,2151764508,11980,0,2320,3,122343750,203906250,9632,8,740513) svchost.exe
(SYSTEM,2151783752,13304,0,2344,5,59375000,909687500,399,6,740513) svchost.exe
(SYSTEM,2151790240,16312,0,2524,10,46718750,66250000,436,14,740513) svchost.exe
(SYSTEM,2151763220,10220,0,2544,2,27500000,26875000,238,6,740513) svchost.exe
(SYSTEM,2151761528,9284,0,2632,3,23906250,13750000,193,9,740513) svchost.exe
(SYSTEM,2156068156,108164,0,2640,97,32129375000,28927812500,257,5,740513) svchost.exe
(SYSTEM,2151753004,7300,0,2672,1,5781250,7031250,264,4,740512) svchost.exe
(SYSTEM,2151766836,11656,0,2736,10,482656250,403906250,8703,10,740512) svchost.exe
(SYSTEM,1349120,732516,0,2788,2,0,92141875000,0,46,740512) Memory Compression
(SYSTEM,2151757788,9312,0,2824,2,2187500,2187500,186,2,740512) svchost.exe
(SYSTEM,2151769016,10472,0,2856,2,1093750,937500,258,6,740512) svchost.exe
(SYSTEM,2151757104,9380,0,2896,2,1562500,5312500,174,4,740512) svchost.exe
(SYSTEM,2151796796,11588,0,2904,2,11875000,5781250,223,10,740512) svchost.exe
(SYSTEM,2151779180,15752,0,3008,3,30625000,40312500,400,12,740512) svchost.exe
(SYSTEM,2151754880,8608,0,2724,2,91093750,150781250,204,5,740512) svchost.exe
(SYSTEM,2151760744,9900,0,3076,2,1406250,625000,362,4,740512) svchost.exe
(SYSTEM,2151980244,109672,0,3236,168,19361718750,7437812500,37792,20,740511) svchost.exe
(SYSTEM,2151761016,10064,0,3308,2,147500000,80937500,429,4,740511) svchost.exe
(SYSTEM,2151958156,70252,0,3320,82,1875000,4843750,394,9,740511) svchost.exe
(SYSTEM,2151769192,12952,0,3360,3,3593750,4062500,483,6,740511) svchost.exe
(SYSTEM,39812,6172,0,3512,1,8404843750,120000000,146,4,740511) EncSvc.exe
(SYSTEM,2151868512,16840,0,3576,5,113281250,196562500,361,9,740511) svchost.exe
(SYSTEM,4261960,5000,0,3632,1,468750,0,117,2,740511) CtxLocalUserSrv.exe
(SYSTEM,34892,6684,0,3676,1,2343750,1406250,157,3,740511) CdfSvc.exe
(SYSTEM,4931740,88456,0,3688,82,792656250,455000000,1246,55,740511) BrokerAgent.exe
(SYSTEM,2151759028,8592,0,3756,2,6875000,19375000,273,6,740511) svchost.exe
(SYSTEM,2151748764,6004,0,3828,1,468750,312500,124,3,740511) svchost.exe
(SYSTEM,4298316,12000,0,3844,4,625000,625000,251,5,740511) MSOIDSVC.EXE
(SYSTEM,2152288016,112332,0,3900,239,36831406250,26865000000,913,28,740511) MsMpEng.exe
(SYSTEM,238216,31328,0,3932,26,10312500,9531250,407,6,740511) UWACacheService.exe
(SYSTEM,2151814472,33036,0,3940,25,638750000,63281250,238,2,740511) CseEngine.exe
(SYSTEM,4304844,12540,0,3948,4,107500000,38125000,284,7,740511) CtxAudioService.exe
(SYSTEM,4287068,8428,0,3956,4,75781250,78437500,142,2,740511) CtxCeipSvc.exe
(SYSTEM,4273056,8332,0,3964,2,67343750,271250000,164,7,740511) CtxSvcHost.exe
(SYSTEM,4270092,7152,0,3972,2,937500,1875000,193,5,740511) CtxSvcHost.exe
(SYSTEM,50208,9812,0,3980,4,7343750,9687500,305,7,740511) WebSocketService.exe
(SYSTEM,4270160,7240,0,3988,1,62812500,277031250,151,5,740511) CtxSvcHost.exe
(SYSTEM,4270176,7608,0,4000,1,62343750,285312500,160,5,740511) CtxSvcHost.exe
(SYSTEM,4270156,7232,0,4008,1,68593750,275468750,154,5,740511) CtxSvcHost.exe
(SYSTEM,4271080,7256,0,4016,1,61093750,273750000,153,6,740511) CtxSvcHost.exe
(SYSTEM,4277072,7704,0,4028,3,65468750,274062500,150,8,740511) CtxSvcHost.exe
(SYSTEM,4270588,7124,0,4036,1,68593750,272343750,145,5,740511) CtxSvcHost.exe
(SYSTEM,4453804,15760,0,4044,170,1642968750,1808281250,49584,9,740511) CtxSvcHost.exe
(SYSTEM,4270124,6940,0,4052,1,156250,781250,139,5,740511) CtxSvcHost.exe
(SYSTEM,4271104,8664,0,4060,2,57500000,280000000,166,5,740511) CtxSvcHost.exe
(SYSTEM,4270148,7044,0,4068,1,63437500,270781250,136,5,740511) CtxSvcHost.exe
(SYSTEM,4276460,8388,0,4076,1,50468750,260781250,143,5,740511) CtxSvcHost.exe
(SYSTEM,2151743792,5112,0,4084,1,156250,0,109,2,740510) xenbus_monitor_9_1_0_4.exe
(SYSTEM,2151807112,22044,0,4100,5,59375000,61562500,407,7,740510) svchost.exe
(SYSTEM,6103100,293856,0,4132,1336,587968750,237656250,44185,13,740510) xenguestagent.exe
(SYSTEM,149200,15560,0,4160,12,1406250,1406250,297,5,740510) UpdaterService.exe
(SYSTEM,52056,7792,0,4204,1,1022343750,1878750000,180,2,740510) FoxitReaderUpdateService.exe
(SYSTEM,4822556,43840,0,4272,40,342343750,3347656250,918,35,740510) PicaSvc2.exe
(SYSTEM,2151755052,7020,0,4344,1,1250000,4375000,142,3,740510) svchost.exe
(SYSTEM,2151752028,6856,0,4448,1,156250,156250,144,2,740510) svchost.exe
(SYSTEM,2151758272,8260,0,5036,2,2812500,1875000,189,4,740509) svchost.exe
(SYSTEM,2151750692,5864,0,3388,1,1093750,10312500,137,2,740509) xenagent_9_1_0_4.exe
(SYSTEM,4272228,8528,0,5264,3,361250000,402656250,164,5,740508) CtxSvcHost.exe
(SYSTEM,4263376,6964,0,5272,2,75000000,46718750,124,4,740508) CtxSvcHost.exe
(SYSTEM,2151763528,10240,0,5344,2,103125000,143906250,221,7,740508) svchost.exe
(SYSTEM,2151758108,8820,0,5428,2,5156250,9218750,170,5,740508) svchost.exe
(SYSTEM,2151782592,17128,0,5704,7,694459531250,177280937500,271,8,740507) svchost.exe
(SYSTEM,4274900,5712,0,5892,1,0,312500,135,2,740505) MSOIDSVCM.EXE
(SYSTEM,2151781832,13164,0,6020,4,19843750,43281250,402,16,740504) svchost.exe
(SYSTEM,2151778972,10752,0,5668,6,187968750,54531250,215,8,740503) NisSrv.exe
(SYSTEM,2151802344,20680,0,7140,13,6136406250,12027968750,439,13,740498) WmiPrvSE.exe
(SYSTEM,2151814152,46008,0,6512,34,6055468750,6346562500,2199,12,740491) WmiPrvSE.exe
(SYSTEM,185336,31704,0,7068,22,290312500,35937500,460,9,740486) SemsService.exe
(SYSTEM,4263072,5808,0,7064,1,67031250,263437500,128,5,740486) CtxSvcHost.exe
(SYSTEM,4266300,4868,0,5748,1,156250,312500,129,5,740486) CtxRdr.exe
(SYSTEM,2151768480,13468,0,8108,9,1963281250,3970156250,315,9,740459) WmiPrvSE.exe
(SYSTEM,2151776228,13676,0,7352,3,299687500,542968750,254,4,740387) svchost.exe
(SYSTEM,2151802516,18512,0,6400,5,6093750,3281250,404,9,740364) svchost.exe
(SYSTEM,4890248,57156,0,6864,58,151406250,108125000,614,14,740363) TelemetryService.exe
(SYSTEM,4779988,19188,0,7964,22,1093750,625000,320,5,740363) AotListener.exe
(SYSTEM,2151769608,6660,0,6108,6,312500,312500,128,2,740363) conhost.exe
(SYSTEM,2151735060,6972,0,1452,4,59843750,27500000,90,5,740361) SgrmBroker.exe
(SYSTEM,2151774504,8732,0,1876,2,312500,1406250,169,3,740360) uhssvc.exe
(SYSTEM,2151831588,18684,0,2016,5,96562500,23750000,322,9,740360) svchost.exe
(SYSTEM,2151784528,13132,0,2364,3,37187500,46562500,259,6,740360) svchost.exe
(SYSTEM,2151779844,10140,0,2704,3,9375000,2656250,312,8,740359) svchost.exe
(SYSTEM,2151785768,14032,0,7088,5,8906250,3906250,229,3,739551) svchost.exe
(SYSTEM,2151904080,10120,0,6200,6,8906250,1562500,200,5,733309) svchost.exe
(SYSTEM,2151995924,46792,0,7420,45,382343750,323125000,788,19,716695) OfficeClickToRun.exe
(SYSTEM,2151837496,11020,0,6792,3,312500,625000,191,4,716685) dllhost.exe
(SYSTEM,2151760516,7384,0,7212,2,312500,625000,165,1,716667) AppVShNotify.exe
(SYSTEM,2151764936,10156,0,3536,5,4218750,11250000,333,7,716643) svchost.exe
(SYSTEM,2151979008,55176,0,1896,43,19206562500,2935625000,873,25,716637) SearchIndexer.exe
(\DOMAIN\user,4285464,7484,0,6312,1,312500,1250000,140,4,703020) PicaUserAgent.exe
(\DOMAIN\user,2151873284,40208,0,588,11,478281250,453906250,785,14,703019) sihost.exe
(\DOMAIN\user,2151815212,25552,0,5524,11,315625000,86562500,438,10,703019) svchost.exe
(\DOMAIN\user,2151879628,38656,0,6844,11,522968750,141406250,1210,4,703019) svchost.exe
(\DOMAIN\user,2151884732,22116,0,4816,9,86406250,96718750,355,11,703018) taskhostw.exe
(SYSTEM,2151809440,24380,0,3036,6,1256562500,529062500,333,10,703018) svchost.exe
(SYSTEM,93532,1088,0,3584,2,1947968750,528281250,280,2,703018) iSCSIAgent.exe
(SYSTEM,2151756104,8316,0,3476,2,781250,468750,193,4,703017) svchost.exe
(SYSTEM,2151821244,20332,0,4256,5,228593750,382656250,541,8,703017) ctfmon.exe
(\DOMAIN\user,2152489612,187804,0,2300,92,5000937500,5458750000,3783,86,703015) explorer.exe
(\DOMAIN\user,2151844708,24972,0,6980,4,19531250,18750000,351,8,703014) svchost.exe
(\DOMAIN\user,2152093540,74332,0,8204,23,84375000,41250000,748,15,703005) StartMenuExperienceHost.exe
(\DOMAIN\user,126928,10224,0,8292,5,88906250,323750000,401,47,703004) CtxMtHost.exe
(\DOMAIN\user,116956,14760,0,8472,4,44218750,132343750,403,13,703003) PicaVcHost.exe
(\DOMAIN\user,2151833552,26124,0,8500,6,12812500,10781250,331,3,703002) RuntimeBroker.exe
(\DOMAIN\user,2186631272,103916,0,8952,205,937187500,223750000,1801,50,702997) SearchUI.exe
(\DOMAIN\user,2151985576,51912,0,9096,17,200312500,141718750,791,16,702996) RuntimeBroker.exe
(\DOMAIN\user,2151839404,28328,0,8540,7,336562500,432968750,412,9,702993) RuntimeBroker.exe
(\DOMAIN\user,2151956208,37336,0,10204,9,68593750,45000000,507,10,702985) WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
(\DOMAIN\user,2151868348,15276,0,9536,6,5000000,7812500,339,11,702982) dllhost.exe
(\DOMAIN\user,2151787652,11380,0,9036,2,1875000,3437500,174,2,702981) SecurityHealthSystray.exe
(SYSTEM,2151792324,15908,0,10072,4,19531250,13281250,430,9,702980) SecurityHealthService.exe
(\DOMAIN\user,176920,34596,0,9916,36,41250000,69375000,311,1,702979) picpick.exe
(\DOMAIN\user,350844,75520,0,9876,81,4774062500,3409843750,1070,25,702978) OneDrive.exe
(\DOMAIN\user,227760,31212,0,9228,17,20156250,25781250,430,13,702973) SelfServicePlugin.exe
(\DOMAIN\user,216896,34288,0,8256,13,972968750,1357343750,802,51,702966) Receiver.exe
(\DOMAIN\user,209312,24096,0,10564,13,3906250,4687500,628,11,702957) concentr.exe
(\DOMAIN\user,207632,31036,0,9292,7,152343750,229687500,699,25,702952) wfcrun32.exe
(\DOMAIN\user,516620,100304,0,8332,68,19629531250,1772343750,1194,39,702925) Teams.exe
(\DOMAIN\user,313476,33856,0,11680,23,75937500,26718750,385,13,702921) Teams.exe
(\DOMAIN\user,2151788780,11908,0,8240,3,937500,1250000,264,2,702899) svchost.exe
(\DOMAIN\user,2151927624,33176,0,2260,15,20312500,42031250,504,4,702853) ApplicationFrameHost.exe
(\DOMAIN\user,5082556,608,0,9576,50,18593750,7343750,1120,20,702853) WinStore.App.exe
(\DOMAIN\user,2151840320,25176,0,7748,4,2968750,2500000,354,2,702852) RuntimeBroker.exe
(SYSTEM,2151775856,15580,0,8368,3,86718750,55781250,291,6,702733) svchost.exe
(\DOMAIN\user,143672,23716,0,12116,8,433281250,588593750,546,19,702653) AuthManSvr.exe
(\DOMAIN\user,70568,10456,0,8236,1,2343750,2031250,183,1,702211) VdaRedirector.exe
(\DOMAIN\user,2152071892,53564,0,13164,22,149062500,63906250,822,26,702076) ShellExperienceHost.exe
(\DOMAIN\user,2151840448,26856,0,11324,6,36562500,39375000,358,6,702075) RuntimeBroker.exe
(SYSTEM,2151777108,9312,0,4664,2,1875000,7031250,224,7,701697) svchost.exe
(\DOMAIN\user,2151778600,6284,0,10112,2,5312500,5625000,201,3,701695) SettingSyncHost.exe
(\DOMAIN\user,5422240,128028,0,10260,212,400937500,608437500,1221,21,699771) FileMaker Pro 18 Advanced.exe
(\DOMAIN\user,2151772808,7768,0,6968,1,0,468750,152,3,699430) svchost.exe
(\DOMAIN\user,158196,16980,0,10376,4,69218750,77031250,229,4,699428) FileCoAuth.exe
(\DOMAIN\user,328924,45884,0,10264,29,849687500,550937500,742,22,695396) CDViewer.exe
(\DOMAIN\user,462172,82264,0,3424,90,16961562500,11435781250,11643,93,695392) wfica32.exe
(SYSTEM,286592,40684,0,9008,69,14397343750,4439531250,1094,38,684315) BankID.exe
(\DOMAIN\user,2152023736,40784,0,15208,11,27968750,13281250,529,11,660193) LockApp.exe
(\DOMAIN\user,2151861196,28108,0,240,7,78750000,45468750,362,4,660193) RuntimeBroker.exe
(SYSTEM,2151770228,8236,0,14164,2,1406250,1875000,164,4,655740) svchost.exe
(SYSTEM,2151820744,22792,0,5924,11,1209687500,1492187500,612,20,655302) spoolsv.exe
(SYSTEM,4303260,9404,0,10372,2,2656250,1562500,246,14,655301) CpSvc.exe
(\DOMAIN\user,4962296,62888,0,17372,46,29843750,44843750,612,6,596986) KeePass.exe
(\DOMAIN\user,2151841312,19984,0,17972,3,1406250,3281250,274,1,591108) notepad.exe
(\DOMAIN\user,419036,74508,0,19680,53,3418437500,931250000,1162,12,520852) mRemoteNG.exe
(SYSTEM,77416,10128,0,19808,3,2343750,74687500,236,5,520846) WmiPrvSE.exe
(\DOMAIN\user,649628,102412,0,960,57,83593750,69375000,1391,41,518549) SelfService.exe
(\DOMAIN\user,372700,35288,0,18680,22,1406250,3125000,539,11,518547) CtxWebBrowser.exe
(\DOMAIN\user,332044,26880,0,15832,16,2187500,1250000,420,10,518546) CtxWebBrowser.exe
(\DOMAIN\user,399356,44816,0,18828,30,4375000,1875000,488,15,518543) CtxWebBrowser.exe
(\DOMAIN\user,411836,50308,0,2308,34,6406250,3437500,490,15,518543) CtxWebBrowser.exe
(\DOMAIN\user,2151805892,15524,0,21916,3,781250,625000,222,1,466900) SecurityHealthHost.exe
(SYSTEM,2151837116,17760,0,20620,4,15000000,25156250,335,9,421790) TabTip.exe
(\DOMAIN\user,7192648,50600,0,13280,1438,592219843750,160493125000,12923,519,418255) Microsoft.Photos.exe
(\DOMAIN\user,2152103320,73076,0,16348,217,901356718750,817635781250,466,8,418254) RuntimeBroker.exe
(\DOMAIN\user,810204,214088,0,13096,336,2825156250,3262656250,539,21,392463) Teams.exe
(\DOMAIN\user,82644,11920,0,6696,3,2500000,2187500,467,7,392267) WebSocketAgent.exe
(SYSTEM,2151765172,12176,0,8228,2,6718750,8750000,196,2,358537) svchost.exe
(\DOMAIN\user,2191935460,385012,0,12880,324,4451875000,1898906250,6936,64,358215) OUTLOOK.EXE
(\DOMAIN\user,2151895424,35300,0,20652,10,24687500,42656250,693,11,358206) iexplore.exe
(\DOMAIN\user,249880,16576,0,25124,19,145937500,66718750,650,8,358205) iexplore.exe
(SYSTEM,2185574288,45104,0,24332,16,10625000,12968750,532,11,309818) mmc.exe
(SYSTEM,2151804156,17268,0,21036,3,2031250,2187500,312,2,309655) dllhost.exe
(SYSTEM,4319720,17648,0,16504,9,18936250000,29824218750,394,18,309627) check_mk_agent.exe
(SYSTEM,2151802564,16632,0,17316,6,241875000,238281250,413,10,180552) svchost.exe
(SYSTEM,2151755644,9276,0,34256,2,0,781250,389,2,52073) svchost.exe
(SYSTEM,2151772624,11880,0,34264,2,781250,937500,280,2,52073) svchost.exe
(\DOMAIN\user,2152074876,24,0,30832,34,6406250,4062500,810,19,51298) SystemSettings.exe
(SYSTEM,2152075720,87144,0,33556,130,1660781250,347343750,169,5,48647) MsMpEngCP.exe
(\DOMAIN\user,4513936,56,0,30556,16,5625000,2812500,521,21,27548) Calculator.exe
(\DOMAIN\user,156244,24024,0,35488,7,3437500,4843750,615,34,11986) PicaShell.exe
(\DOMAIN\user,2152738924,178340,0,28220,75,178125000,134531250,1669,38,1160) msedge.exe
(\DOMAIN\user,2151871492,12108,0,16332,3,312500,625000,287,10,1160) msedge.exe
(\DOMAIN\user,2152171192,75340,0,4732,17,190156250,95312500,445,10,1160) msedge.exe
(\DOMAIN\user,2152173780,53820,0,23800,24,68125000,36093750,614,16,1160) msedge.exe
(\DOMAIN\user,2152068580,22272,0,13888,7,625000,1406250,326,10,1159) msedge.exe
(\DOMAIN\user,2160583200,112940,0,32984,59,90156250,12343750,305,15,1159) msedge.exe
(\DOMAIN\user,4366680,25444,0,14580,5,6250000,5000000,242,6,869) putty.exe
(\DOMAIN\user,2151771100,6508,0,34852,4,37031250,269062500,103,2,811) cmd.exe
(\DOMAIN\user,2151843056,22392,0,23120,7,1250000,1718750,276,5,811) conhost.exe
(\DOMAIN\user,2186092980,142992,0,32752,77,18750000,7343750,1238,61,663) SearchUI.exe
(\DOMAIN\user,2164901524,168460,0,6800,82,237968750,21250000,381,16,629) msedge.exe
(\DOMAIN\user,2151842376,20488,0,33112,3,2343750,6250000,282,3,612) notepad.exe
(\DOMAIN\user,2152081056,23880,0,32432,7,1250000,937500,385,10,343) msedge.exe
(SYSTEM,2151763448,13352,0,35140,6,312500,156250,199,8,334) audiodg.exe
(\DOMAIN\user,2156254772,24620,0,30656,10,781250,625000,228,12,330) msedge.exe
(SYSTEM,2151749592,7620,0,32636,2,312500,312500,128,4,306) svchost.exe
(\DOMAIN\user,4876560,39828,0,34832,30,8125000,18750000,355,7,234) notepad++.exe
(\DOMAIN\user,2185386076,24116,0,29216,8,625000,937500,408,9,77) smartscreen.exe
(\DOMAIN\user,2151768304,6608,0,35816,3,156250,468750,106,1,77) cmd.exe
(\DOMAIN\user,2151873416,31972,0,35616,11,2656250,9218750,278,5,76) conhost.exe
(SYSTEM,2151792128,13152,0,30960,4,468750,156250,200,8,5) PrintIsolationHost.exe
(\DOMAIN\user,4315740,13076,0,24484,3,468750,468750,246,10,1) check_mk_agent.exe
(\DOMAIN\user,4241372,1212,0,35300,0,0,0,22,1,0) check_mk_agent.exe
<<<>>>
<<<>>>
<<>>
1614076561

10

I dont kno how to check this?
Its a default installation ot the agent.

11

Hi,
you are using the RAW edition - is this correct?
What’s the content of your agent configuration file (a yaml-file) on the target host?

Karl

12

Hey @Thunder-Cloud

When I “Ctrl-F” this whole thread, I cannot find a “logwatch” section in your agent output
after all. As @kdeutsch said: What have you configured in your check_mk.user.yml file?

A very brief test I did, with a Test-Windows host, was successful by doing the following:

  • Copy plugin into C:\ProgramData\checkmk\agent\plugins
  • Create logwatch.cfg in C:\ProgramData\checkmk\agent\config
  • Modify C:\ProgramData\checkmk\agent\check_mk.user.yml to include the file I wanna watch, e.g. (Note: modified for brevity):

logwatch:
- C:\log.txt

  • Restart CheckMK Service
  • Run Discovery, and Done.

There’s not much more to it… One or more of those steps above, might be missing on your end.

Thomas

13

Thanks Thomas,

Yes it´s the RAW edition.

After adding the file path to the logwatch: section in the yaml-file and running a discovery the service was found.

Strange though is that after the next check cycle the service vanished , and is not found by discovery again, although nothing was changed…
:face_with_symbols_over_mouth:

14

OK, that’s good to hear! :slight_smile:

This may sound like I’m stating the obvious
but from my experience a “logwatch” check only vanishes
if the file one monitors no longer exists… Maybe something
is periodically removing the file you want to check?

15

It’s a static text file I created only for test, to get mk_logwatch working.
But now I got it working once with your help so I know what to laborate with.
Thanks again :slight_smile:

16

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.