Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-7549

Windows service child process (Example: svchost)

XMLWordPrintable

    • Icon: Change Request Change Request
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • None
    • Agent (G), Agent2 plugin (N)
    • None

      Hey.
         So i am looking to monitor a process in Zabbix and capture memory usage and cpu usage for said process, of course currently the discovery rule does not actually process the process name so to discovery services and monitor the process CPU/Memory is not out of the box.

      I resolved that by doing some pre-processing etc.. to capture it out of {#SERVICE.PATH}. Now the problem is when there is a service that spawns different process i cannot monitor them. Below is a prime example "svchost". As you can see in the below output i need to monitor this process but in the discovery rule i get the below. 

       

      {
        "

      {#SERVICE.NAME]": "LPDSVC",   "\{#SERVICE.DISPLAYNAME}

      ": "LPD Service",
        "{#SERVICE.DESCRIPTION}": "Enables client computers to print to the Line Printer Daemon (LPD) service on this server using TCP/IP and the Line Printer Remote (LPR) protocol.",
        "{#SERVICE.STATE}": 0,
        "{#SERVICE.STATENAME}": "running",
        "{#SERVICE.PATH}": "C:\\Windows\\System32
      svchost.exe -k LPDService",
        "{#SERVICE.USER}": "LocalSystem",
        "{#SERVICE.STARTUPTRIGGER}": 0,
        "{#SERVICE.STARTUP}": 0,
        "{#SERVICE.STARTUPNAME}": "automatic"
      }

       

      Of course svchost.exe spawns multiple child process like the below. So my question is how do i identify the correct process using the discovery rules?

      \Process(svchost)% User Time
      \Process(svchost#1)% User Time
      \Process(svchost)% User Time
      \Process(svchost#1)% User Time
      \Process(svchost#2)% User Time
      \Process(svchost#3)% User Time
      \Process(svchost#4)% User Time
      \Process(svchost)% User Time
      \Process(svchost#1)% User Time
      \Process(svchost)% User Time
      \Process(svchost)% User Time
      \Process(svchost#1)% User Time

       

      In my example i ran a WMI query against Win32_Process and got the PID then queried win32_PerfFormattedData_PerfProc_Process and got the data and it turned out that the LPD was using "svchost#3".

       

      So i guess how can i get this information with native Zabbix keys?? The only option i have available is to not use Zabbix native keys and use WMI for my service discovery which i could then query the CPU/Mem details using the processID

       

      Thanks

            vso Vladislavs Sokurenko
            colum.flannigan@omegasrvshn.com Colum Flannigan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: