CheckProcState

This check checks the state of one or more processes on the system and generates a critical state if any process is not in the required state.

Option	Values	Description
match=(strings|substr|regexp)		Specifies if the supplied value must match the actual process name or command line exactly (strings, the default), must match a part of the actual value (substr), or if it should be matched as a regular expression.
cmdLine		If present, the process name specified is compared to the entire command line. By default it is matched to the process name only.
ShowAll		A flag to toggle if all process states should be listed.
ShowFail?	(default)	A flag to indicate if only failed process states should be listed.
process=state		A process name and a state the process should have. The state can be either started or stopped. If no state is given started is assumed. The name is the name of the executable.
Alias	alias	Give a process an alias
ignore-perf-data		If present performance data will be stripped out
Proc:<alias>=<state>		A process name and a state the process should have.
(Max|Min)(Warn|Crit)Count	number	Process count bounds For instance: MaxCritCount?=4 means if a process has more then 4 instances it will be a critical condition.

The commands given in the examples below should be edited (for your own needs) and copied to the nsc.ini file (comes with installation and can be found in the monitored machine, aka the client) under section [External Alias].

Please remember that for each external alias there's a command declared (under NSCA command or NRPE command sections – depends what you're working with) that uses the external alias declared.

The command also need to have identical name to the value defined for that service check in the Nagios linux server (usually windows.cfg file and service_description field in define Service block).

Let's start with a simple one – check that a file named NameOfMonitoredFileReplaceWithYours?.exe is running (aka in started state in the windows machine).

In the [External Alias] section in the nsc.ini file there's an alias that looks like this:

alias_process=checkProcState $ARG1$=started

so we will leave it and we just have to supply it with our file name as an argument.

We will need to add the following line to the command section (NRPE command section if that's what you are working with).

NEED_TO_COMPLETE_EXAMPLE_HERE_BY_MICKEM_STAY_TUNED

NSCA is all client side, so if you're working with NSCA you cant use arguments and probably the following line (without the alias section) will be good for you: Check Process=CheckProcState NameOfMonitoredFileReplaceWithYours?.exe=started

again, Check Process is the name declared in Nagios server and it has to be the same.

Examples

Process running/not running

Check that quake.exe is not running and NSClient++.exe is running:

Sample Command:

CheckProcState ShowAll quake.exe=stopped NSClient++.exe=started

OK: quake.exe : Stopped - NSClient++.exe : Running

Nagios Configuration:

define command {
  command_name <<CheckProcState>>
  command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckProcState -a ShowAll $ARG1$=stopped $ARG2$=started
}
<<CheckProcState>> quake.exe!NSClient++.exe

From Commandline (with NRPE):

check_nrpe -H IP -p 5666 -c CheckProcState -a ShowAll quake.exe=stopped NSClient++.exe=started

Process running/not running

Check that quake.exe is not running and my.exe and NSClient++.exe is running and only show problems:

Sample Command:

CheckProcState quake.exe=stopped NSClient++.exe=started

CRITICAL: NSClient++.exe : Stopped

Nagios Configuration:

define command {
  command_name <<CheckProcState>>
  command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckProcState -a $ARG1$=stopped $ARG2$=started
}
<<CheckProcState>> quake.exe!NSClient++.exe

From Commandline (with NRPE):

check_nrpe -H IP -p 5666 -c CheckProcState -a quake.exe=stopped NSClient++.exe=started

Check number of processes running

make sure that atleast 50 instance of svchost.xe is running.

Sample Command:

CheckProcState MinCritCount=50 svchost.exe=started

OK: ...

Nagios Configuration:

define command {
  command_name <<CheckProcState>>
  command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckProcState -a MinCritCount=50 $ARG1$=started
}
<<CheckProcState>> svchost.exe

From Commandline (with NRPE):

check_nrpe -H IP -p 5666 -c CheckProcState -a MinCritCount=50 svchost.exe=started

Substrings and commandline

Check that cmd.exe with substring printloop in commandline is running:

Sample Command:

CheckProcState match=regexp cmdLine ShowAll .*cmd.*printloop.*=started

OK: ...

Nagios Configuration:

define command {
  command_name <<CheckProcState>>
  command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckProcState -a match=regexp cmdLine ShowAll .*cmd.*$ARG1$.*=started
}
<<CheckProcState>> printloop

From Commandline (with NRPE):

check_nrpe -H IP -p 5666 -c CheckProcState -a match=regexp cmdLine ShowAll .*cmd.*printloop.*=started

More process counts

Check if there's any notepad.exe running. OK if there's none, warn if there's 4, critical when there's 10:

Sample Command:

CheckProcState MaxWarnCount=4 MaxCritCount=10 ShowAll notepad.exe=started

OK: ...

Nagios Configuration:

define command {
  command_name <<CheckProcState>>
  command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckProcState -a MaxWarnCount=$ARG2$ MaxCritCount=$ARG3$ ShowAll $ARG1$=started
}
<<CheckProcState>> notepad.exe!4!10

From Commandline (with NRPE):

check_nrpe -H IP -p 5666 -c CheckProcState -a MaxWarnCount=4 MaxCritCount=10 ShowAll notepad.exe=started