ZABBIX BUGS AND ISSUES
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-9143

Zabbix agent does not see some processes since Windows 7

    Details

      Description

      Zabbix agent does not see some processes using proc.num item key.

      1. zabbix_agentd_old.exe
        286 kB
        dimir
      2. zabbix_agentd_x64_old.exe
        376 kB
        dimir
      3. zabbix_agentd_x64.exe
        376 kB
        dimir
      4. zabbix_agentd.exe
        286 kB
        dimir
      1. Screen Shot 2014-10-19 at 0.51.00.png
        200 kB

        Issue Links

          Activity

          Hide
          Oleg Ivanivskyi added a comment -

          If this issue is related to permissions it will be great to provide some details under ZBXNEXT-2553.

          Show
          Oleg Ivanivskyi added a comment - If this issue is related to permissions it will be great to provide some details under ZBXNEXT-2553 .
          Hide
          dimir added a comment - - edited

          There are 2 ways to run Zabbix agent on Windows:

          • as a service
          • as a console application

          I guess we should deal here with the case when agent is run as a service. Because first of all, console application is mostly meant for debugging and secondly, there are usually no permission problems (the same user is used to start an agent as console application, agent as a client and Zabbix get).

          As Filipp Sudanov already mentioned above, when we run Zabbix agent as a service it gets started as SYSTEM user. Let's get a bit into detail here. In my case (Windows 2008), here is what we get if we log user name (using GetUserName() to get the user name) from within the agent run as a service:

            2720:20150203:210637.830 Current user:"SYSTEM"
          

          Now, I've added some logging to proc.num command and this is what I get on the agent when I run zabbix_get -s 127.0.0.1 -k proc.num to request data from it:

            2720:20150203:210637.830 Current user:"SYSTEM", requested proc name:""
            2720:20150203:210637.830 MATCH: (p:smss.exe u:SYSTEM)
            2720:20150203:210637.830 MATCH: (p:csrss.exe u:SYSTEM)
            2720:20150203:210637.830 MATCH: (p:wininit.exe u:SYSTEM)
            2720:20150203:210637.830 MATCH: (p:services.exe u:SYSTEM)
            2720:20150203:210637.830 MATCH: (p:lsass.exe u:SYSTEM)
            2720:20150203:210637.846 MATCH: (p:lsm.exe u:SYSTEM)
            2720:20150203:210637.846 MATCH: (p:svchost.exe u:SYSTEM)
            2720:20150203:210637.846 MATCH: (p:svchost.exe u:NETWORK SERVICE)
            2720:20150203:210637.846 MATCH: (p:svchost.exe u:LOCAL SERVICE)
            2720:20150203:210637.846 MATCH: (p:svchost.exe u:SYSTEM)
            2720:20150203:210637.846 MATCH: (p:svchost.exe u:SYSTEM)
            2720:20150203:210637.846 MATCH: (p:SLsvc.exe u:NETWORK SERVICE)
            2720:20150203:210637.846 MATCH: (p:svchost.exe u:LOCAL SERVICE)
            2720:20150203:210637.861 MATCH: (p:svchost.exe u:SYSTEM)
            2720:20150203:210637.861 MATCH: (p:svchost.exe u:NETWORK SERVICE)
            2720:20150203:210637.861 MATCH: (p:svchost.exe u:LOCAL SERVICE)
            2720:20150203:210637.861 MATCH: (p:spoolsv.exe u:SYSTEM)
            2720:20150203:210637.861 MATCH: (p:artstartsvc.exe u:SYSTEM)
            2720:20150203:210637.861 MATCH: (p:dsNcService.exe u:SYSTEM)
            2720:20150203:210637.861 MATCH: (p:FileZilla Server.exe u:SYSTEM)
            2720:20150203:210637.861 MATCH: (p:svchost.exe u:NETWORK SERVICE)
            2720:20150203:210637.877 MATCH: (p:svchost.exe u:LOCAL SERVICE)
            2720:20150203:210637.877 MATCH: (p:snmp.exe u:SYSTEM)
            2720:20150203:210637.877 MATCH: (p:svchost.exe u:NETWORK SERVICE)
            2720:20150203:210637.877 MATCH: (p:tlntsvr.exe u:SYSTEM)
            2720:20150203:210637.877 MATCH: (p:tvnserver.exe u:SYSTEM)
            2720:20150203:210637.877 MATCH: (p:svchost.exe u:SYSTEM)
            2720:20150203:210637.877 MATCH: (p:zabbix_agentd.exe u:SYSTEM)
            2720:20150203:210637.877 MATCH: (p:zabbix_agentd.exe u:SYSTEM)
            2720:20150203:210637.877 MATCH: (p:vmware-usbarbitrator.exe u:SYSTEM)
            2720:20150203:210637.893 MATCH: (p:msdtc.exe u:NETWORK SERVICE)
            2720:20150203:210637.893 MATCH: (p:csrss.exe u:SYSTEM)
            2720:20150203:210637.893 MATCH: (p:winlogon.exe u:SYSTEM)
            2720:20150203:210637.893 MATCH: (p:LogonUI.exe u:SYSTEM)
            2720:20150203:210637.893 MATCH: (p:taskeng.exe u:SYSTEM)
            2720:20150203:210637.893 MATCH: (p:zabbix_agentd.exe u:SYSTEM)
            2720:20150203:210637.908 MATCH: (p:wmiprvse.exe u:SYSTEM)
            2720:20150203:210637.908 MATCH: (p:csrss.exe u:SYSTEM)
            2720:20150203:210637.908 MATCH: (p:winlogon.exe u:SYSTEM)
            2720:20150203:210637.908 MATCH: (p:taskeng.exe u:Administrator)
            2720:20150203:210637.908 MATCH: (p:rdpclip.exe u:Administrator)
            2720:20150203:210637.908 MATCH: (p:Dwm.exe u:Administrator)
            2720:20150203:210637.908 MATCH: (p:Explorer.EXE u:Administrator)
            2720:20150203:210637.908 MATCH: (p:tvnserver.exe u:Administrator)
            2720:20150203:210637.924 MATCH: (p:jusched.exe u:Administrator)
            2720:20150203:210637.924 MATCH: (p:GoogleToolbarNotifier.exe u:Administrator)
            2720:20150203:210637.924 MATCH: (p:ProcessHacker.exe u:Administrator)
            2720:20150203:210637.924 MATCH: (p:unsecapp.exe u:Administrator)
            2720:20150203:210637.924 MATCH: (p:csrss.exe u:SYSTEM)
            2720:20150203:210637.924 MATCH: (p:winlogon.exe u:SYSTEM)
            2720:20150203:210637.924 MATCH: (p:taskeng.exe u:dimir)
            2720:20150203:210637.924 MATCH: (p:rdpclip.exe u:dimir)
            2720:20150203:210637.924 MATCH: (p:jucheck.exe u:Administrator)
            2720:20150203:210637.939 MATCH: (p:Dwm.exe u:dimir)
            2720:20150203:210637.939 MATCH: (p:Explorer.EXE u:dimir)
            2720:20150203:210637.939 MATCH: (p:tvnserver.exe u:dimir)
            2720:20150203:210637.939 MATCH: (p:jusched.exe u:dimir)
            2720:20150203:210637.939 MATCH: (p:cmd.exe u:dimir)
            2720:20150203:210637.939 MATCH: (p:cmd.exe u:dimir)
            2720:20150203:210637.939 MATCH: (p:cmd.exe u:Administrator)
            2720:20150203:210637.939 MATCH: (p:conime.exe u:Administrator)
            2720:20150203:210637.955 MATCH: (p:wuauclt.exe u:Administrator)
            2720:20150203:210637.955 MATCH: (p:firefox.exe u:Administrator)
            2720:20150203:210637.955 MATCH: (p:dsNetworkConnect.exe u:Administrator)
            2720:20150203:210637.955 MATCH: (p:notepad++.exe u:Administrator)
            2720:20150203:210637.955 MATCH: (p:LogonUI.exe u:SYSTEM)
            2720:20150203:210637.955 MATCH: (p:SLUI.exe u:dimir)
            2720:20150203:210637.955 MATCH: (p:cmd.exe u:Administrator)
            2720:20150203:210637.955 MATCH: (p:cmd.exe u:Administrator)
            2720:20150203:210637.955 MATCH: (p:mspdbsrv.exe u:Administrator)
            2720:20150203:210637.955 MATCH: (p:zabbix_agentd.exe u:SYSTEM)
            2720:20150203:210637.955 MATCH: (p:zabbix_get.exe u:Administrator)
            2720:20150203:210637.955 Sending back [72]
          

          72 processes matched user SYSTEM (despite many are run by different user). And this is what I get if I run zabbix_agentd -t proc.num:

          zabbix_agentd.exe [3132]: Current user:"Administrator", requested proc name:""
          zabbix_agentd.exe [3132]: MATCH: (p:taskeng.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:rdpclip.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:Dwm.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:Explorer.EXE u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:tvnserver.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:jusched.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:GoogleToolbarNotifier.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:ProcessHacker.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:unsecapp.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:jucheck.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:cmd.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:conime.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:wuauclt.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:firefox.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:dsNetworkConnect.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:notepad++.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:cmd.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:cmd.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:mspdbsrv.exe u:Administrator)
          zabbix_agentd.exe [3132]: MATCH: (p:zabbix_agentd.exe u:Administrator)
          proc.num                                      [u|20]
          

          It doesn't matter which user I run zabbix_get by because it just sends request to agent over network, which actually contacts operating system.

          So this is why the different results. If I specify process name we will get different results anyway, because of different users:

          > zabbix_get.exe -s 127.0.0.1 -k proc.num[Explorer.EXE]
          2
          

          This one matched 2 different users running Explorer.EXE.

          > zabbix_agentd.exe -c \dimir\zabbix_agentd.conf -t proc.num[Explorer.EXE]
          zabbix_agentd.exe [3132]: Current user:"Administrator", requested proc name:"Explorer.EXE"
          zabbix_agentd.exe [3708]: NO MATCH: (p:taskeng.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:rdpclip.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:Dwm.exe u:Administrator)
          zabbix_agentd.exe [3708]: MATCH: (p:Explorer.EXE u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:tvnserver.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:jusched.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:GoogleToolbarNotifier.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:ProcessHacker.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:unsecapp.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:jucheck.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:cmd.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:conime.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:wuauclt.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:firefox.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:dsNetworkConnect.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:notepad++.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:cmd.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:cmd.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:mmc.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:mdm.exe u:Administrator)
          zabbix_agentd.exe [3708]: NO MATCH: (p:zabbix_agentd.exe u:Administrator)
          proc.num[Explorer.EXE]                        [u|1]
          

          This one matched only one.

          The solution might be just documenting that properly.

          Show
          dimir added a comment - - edited There are 2 ways to run Zabbix agent on Windows: as a service as a console application I guess we should deal here with the case when agent is run as a service. Because first of all, console application is mostly meant for debugging and secondly, there are usually no permission problems (the same user is used to start an agent as console application, agent as a client and Zabbix get). As Filipp Sudanov already mentioned above, when we run Zabbix agent as a service it gets started as SYSTEM user. Let's get a bit into detail here. In my case (Windows 2008), here is what we get if we log user name (using GetUserName() to get the user name) from within the agent run as a service: 2720:20150203:210637.830 Current user:"SYSTEM" Now, I've added some logging to proc.num command and this is what I get on the agent when I run zabbix_get -s 127.0.0.1 -k proc.num to request data from it: 2720:20150203:210637.830 Current user:"SYSTEM", requested proc name:"" 2720:20150203:210637.830 MATCH: (p:smss.exe u:SYSTEM) 2720:20150203:210637.830 MATCH: (p:csrss.exe u:SYSTEM) 2720:20150203:210637.830 MATCH: (p:wininit.exe u:SYSTEM) 2720:20150203:210637.830 MATCH: (p:services.exe u:SYSTEM) 2720:20150203:210637.830 MATCH: (p:lsass.exe u:SYSTEM) 2720:20150203:210637.846 MATCH: (p:lsm.exe u:SYSTEM) 2720:20150203:210637.846 MATCH: (p:svchost.exe u:SYSTEM) 2720:20150203:210637.846 MATCH: (p:svchost.exe u:NETWORK SERVICE) 2720:20150203:210637.846 MATCH: (p:svchost.exe u:LOCAL SERVICE) 2720:20150203:210637.846 MATCH: (p:svchost.exe u:SYSTEM) 2720:20150203:210637.846 MATCH: (p:svchost.exe u:SYSTEM) 2720:20150203:210637.846 MATCH: (p:SLsvc.exe u:NETWORK SERVICE) 2720:20150203:210637.846 MATCH: (p:svchost.exe u:LOCAL SERVICE) 2720:20150203:210637.861 MATCH: (p:svchost.exe u:SYSTEM) 2720:20150203:210637.861 MATCH: (p:svchost.exe u:NETWORK SERVICE) 2720:20150203:210637.861 MATCH: (p:svchost.exe u:LOCAL SERVICE) 2720:20150203:210637.861 MATCH: (p:spoolsv.exe u:SYSTEM) 2720:20150203:210637.861 MATCH: (p:artstartsvc.exe u:SYSTEM) 2720:20150203:210637.861 MATCH: (p:dsNcService.exe u:SYSTEM) 2720:20150203:210637.861 MATCH: (p:FileZilla Server.exe u:SYSTEM) 2720:20150203:210637.861 MATCH: (p:svchost.exe u:NETWORK SERVICE) 2720:20150203:210637.877 MATCH: (p:svchost.exe u:LOCAL SERVICE) 2720:20150203:210637.877 MATCH: (p:snmp.exe u:SYSTEM) 2720:20150203:210637.877 MATCH: (p:svchost.exe u:NETWORK SERVICE) 2720:20150203:210637.877 MATCH: (p:tlntsvr.exe u:SYSTEM) 2720:20150203:210637.877 MATCH: (p:tvnserver.exe u:SYSTEM) 2720:20150203:210637.877 MATCH: (p:svchost.exe u:SYSTEM) 2720:20150203:210637.877 MATCH: (p:zabbix_agentd.exe u:SYSTEM) 2720:20150203:210637.877 MATCH: (p:zabbix_agentd.exe u:SYSTEM) 2720:20150203:210637.877 MATCH: (p:vmware-usbarbitrator.exe u:SYSTEM) 2720:20150203:210637.893 MATCH: (p:msdtc.exe u:NETWORK SERVICE) 2720:20150203:210637.893 MATCH: (p:csrss.exe u:SYSTEM) 2720:20150203:210637.893 MATCH: (p:winlogon.exe u:SYSTEM) 2720:20150203:210637.893 MATCH: (p:LogonUI.exe u:SYSTEM) 2720:20150203:210637.893 MATCH: (p:taskeng.exe u:SYSTEM) 2720:20150203:210637.893 MATCH: (p:zabbix_agentd.exe u:SYSTEM) 2720:20150203:210637.908 MATCH: (p:wmiprvse.exe u:SYSTEM) 2720:20150203:210637.908 MATCH: (p:csrss.exe u:SYSTEM) 2720:20150203:210637.908 MATCH: (p:winlogon.exe u:SYSTEM) 2720:20150203:210637.908 MATCH: (p:taskeng.exe u:Administrator) 2720:20150203:210637.908 MATCH: (p:rdpclip.exe u:Administrator) 2720:20150203:210637.908 MATCH: (p:Dwm.exe u:Administrator) 2720:20150203:210637.908 MATCH: (p:Explorer.EXE u:Administrator) 2720:20150203:210637.908 MATCH: (p:tvnserver.exe u:Administrator) 2720:20150203:210637.924 MATCH: (p:jusched.exe u:Administrator) 2720:20150203:210637.924 MATCH: (p:GoogleToolbarNotifier.exe u:Administrator) 2720:20150203:210637.924 MATCH: (p:ProcessHacker.exe u:Administrator) 2720:20150203:210637.924 MATCH: (p:unsecapp.exe u:Administrator) 2720:20150203:210637.924 MATCH: (p:csrss.exe u:SYSTEM) 2720:20150203:210637.924 MATCH: (p:winlogon.exe u:SYSTEM) 2720:20150203:210637.924 MATCH: (p:taskeng.exe u:dimir) 2720:20150203:210637.924 MATCH: (p:rdpclip.exe u:dimir) 2720:20150203:210637.924 MATCH: (p:jucheck.exe u:Administrator) 2720:20150203:210637.939 MATCH: (p:Dwm.exe u:dimir) 2720:20150203:210637.939 MATCH: (p:Explorer.EXE u:dimir) 2720:20150203:210637.939 MATCH: (p:tvnserver.exe u:dimir) 2720:20150203:210637.939 MATCH: (p:jusched.exe u:dimir) 2720:20150203:210637.939 MATCH: (p:cmd.exe u:dimir) 2720:20150203:210637.939 MATCH: (p:cmd.exe u:dimir) 2720:20150203:210637.939 MATCH: (p:cmd.exe u:Administrator) 2720:20150203:210637.939 MATCH: (p:conime.exe u:Administrator) 2720:20150203:210637.955 MATCH: (p:wuauclt.exe u:Administrator) 2720:20150203:210637.955 MATCH: (p:firefox.exe u:Administrator) 2720:20150203:210637.955 MATCH: (p:dsNetworkConnect.exe u:Administrator) 2720:20150203:210637.955 MATCH: (p:notepad++.exe u:Administrator) 2720:20150203:210637.955 MATCH: (p:LogonUI.exe u:SYSTEM) 2720:20150203:210637.955 MATCH: (p:SLUI.exe u:dimir) 2720:20150203:210637.955 MATCH: (p:cmd.exe u:Administrator) 2720:20150203:210637.955 MATCH: (p:cmd.exe u:Administrator) 2720:20150203:210637.955 MATCH: (p:mspdbsrv.exe u:Administrator) 2720:20150203:210637.955 MATCH: (p:zabbix_agentd.exe u:SYSTEM) 2720:20150203:210637.955 MATCH: (p:zabbix_get.exe u:Administrator) 2720:20150203:210637.955 Sending back [72] 72 processes matched user SYSTEM (despite many are run by different user). And this is what I get if I run zabbix_agentd -t proc.num : zabbix_agentd.exe [3132]: Current user:"Administrator", requested proc name:"" zabbix_agentd.exe [3132]: MATCH: (p:taskeng.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:rdpclip.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:Dwm.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:Explorer.EXE u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:tvnserver.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:jusched.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:GoogleToolbarNotifier.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:ProcessHacker.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:unsecapp.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:jucheck.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:cmd.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:conime.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:wuauclt.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:firefox.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:dsNetworkConnect.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:notepad++.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:cmd.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:cmd.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:mspdbsrv.exe u:Administrator) zabbix_agentd.exe [3132]: MATCH: (p:zabbix_agentd.exe u:Administrator) proc.num [u|20] It doesn't matter which user I run zabbix_get by because it just sends request to agent over network, which actually contacts operating system. So this is why the different results. If I specify process name we will get different results anyway, because of different users: > zabbix_get.exe -s 127.0.0.1 -k proc.num[Explorer.EXE] 2 This one matched 2 different users running Explorer.EXE. > zabbix_agentd.exe -c \dimir\zabbix_agentd.conf -t proc.num[Explorer.EXE] zabbix_agentd.exe [3132]: Current user:"Administrator", requested proc name:"Explorer.EXE" zabbix_agentd.exe [3708]: NO MATCH: (p:taskeng.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:rdpclip.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:Dwm.exe u:Administrator) zabbix_agentd.exe [3708]: MATCH: (p:Explorer.EXE u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:tvnserver.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:jusched.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:GoogleToolbarNotifier.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:ProcessHacker.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:unsecapp.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:jucheck.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:cmd.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:conime.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:wuauclt.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:firefox.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:dsNetworkConnect.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:notepad++.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:cmd.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:cmd.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:mmc.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:mdm.exe u:Administrator) zabbix_agentd.exe [3708]: NO MATCH: (p:zabbix_agentd.exe u:Administrator) proc.num[Explorer.EXE] [u|1] This one matched only one. The solution might be just documenting that properly.
          Hide
          richlv added a comment -

          could ZBX-9283 be the same ?

          Show
          richlv added a comment - could ZBX-9283 be the same ?
          Hide
          dimir added a comment - - edited

          Attaching binaries for testing.

          • zabbix_agentd.exe (x86, fixed)
          • zabbix_agentd_x64.exe (x64, fixed)
          • zabbix_agentd_old.exe (x86, as it is now)
          • zabbix_agentd_x64_old.exe (x64, as it is now)

          Please feel free to test.

          Show
          dimir added a comment - - edited Attaching binaries for testing. zabbix_agentd.exe (x86, fixed ) zabbix_agentd_x64.exe (x64, fixed ) zabbix_agentd_old.exe (x86, as it is now) zabbix_agentd_x64_old.exe (x64, as it is now) Please feel free to test.
          Hide
          dimir added a comment -

          Fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-9143

          The main idea was taken from: https://msdn.microsoft.com/en-us/library/windows/desktop/ms686701(v=vs.85).aspx

          Show
          dimir added a comment - Fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-9143 The main idea was taken from: https://msdn.microsoft.com/en-us/library/windows/desktop/ms686701(v=vs.85).aspx
          Hide
          Filipp Sudanov (Inactive) added a comment -

          Under x64 Win2012 R2 server it now shows as many processes, as Task Manager sees. Hidden processes like smss.exe are reported.

          Show
          Filipp Sudanov (Inactive) added a comment - Under x64 Win2012 R2 server it now shows as many processes, as Task Manager sees. Hidden processes like smss.exe are reported.
          Hide
          Andris Zeila added a comment - - edited

          (1) Please check my changes in r52120

          <dimir> CLOSED

          Show
          Andris Zeila added a comment - - edited (1) Please check my changes in r52120 < dimir > CLOSED
          Hide
          Andris Zeila added a comment -

          Successfully tested

          Show
          Andris Zeila added a comment - Successfully tested
          Hide
          dimir added a comment -

          Fixed in pre-2.2.9 (r52123), pre-2.2.4 (r52126), pre-2.5.0 (r52130)

          Show
          dimir added a comment - Fixed in pre-2.2.9 (r52123), pre-2.2.4 (r52126), pre-2.5.0 (r52130)
          Show
          dimir added a comment - - edited (2) [D] Upgrade notes. https://www.zabbix.com/documentation/2.2/manual/installation/upgrade_notes_229 https://www.zabbix.com/documentation/2.4/manual/installation/upgrade_notes_244 Alexander Vladishev CLOSED
          Hide
          dimir added a comment -

          Some implementation details.

          Before this issue Zabbix agent used method EnumProcesses() to get a list of running process IDs. If there was a process name filter, OpenProcess() call was issued on each process ID to get process handle. After that process name (executable) would be requested from that handle. A handle maybe requested with different access level. We were requesting a hanlde with PROCESS_QUERY_INFORMATION and PROCESS_VM_READ access rights. This was actually not needed and resulted in "access denied" in many cases and incorrect number of running processes reported by Zabbix agent.

          In this issue we decided to use another method of getting a list of running processes, CreateToolhelp32Snapshot(). This method allows getting the list of all running processes along with process names (executables). This allows skipping unnecessary calls to OpenProcess(), which gave errors before.

          OpenProcess() is still called when a user name is specified in //proc.num// parameter, e. g. proc.num[zabbix_agentd.exe,administrator].

          More information:

          Show
          dimir added a comment - Some implementation details. Before this issue Zabbix agent used method EnumProcesses() to get a list of running process IDs. If there was a process name filter, OpenProcess() call was issued on each process ID to get process handle. After that process name (executable) would be requested from that handle. A handle maybe requested with different access level. We were requesting a hanlde with PROCESS_QUERY_INFORMATION and PROCESS_VM_READ access rights. This was actually not needed and resulted in "access denied" in many cases and incorrect number of running processes reported by Zabbix agent. In this issue we decided to use another method of getting a list of running processes, CreateToolhelp32Snapshot() . This method allows getting the list of all running processes along with process names (executables). This allows skipping unnecessary calls to OpenProcess(), which gave errors before. OpenProcess() is still called when a user name is specified in //proc.num// parameter, e. g. proc.num [zabbix_agentd.exe,administrator] . More information: EnumProcesses() https://msdn.microsoft.com/en-us/library/windows/desktop/ms682629%28v=vs.85%29.aspx https://msdn.microsoft.com/en-us/library/windows/desktop/ms682489(v=vs.85).aspx
          Hide
          dimir added a comment - - edited

          This also fixed ZBX-5849 (32-bit agent would not list 64-bit processes when run on a 64-bit machine).

          Show
          dimir added a comment - - edited This also fixed ZBX-5849 (32-bit agent would not list 64-bit processes when run on a 64-bit machine).

            People

            • Assignee:
              Unassigned
              Reporter:
              Alexey Pustovalov
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: