Process Monitoring with NetCrunch WMI Sensors.
Learn how to configure a node-specific WMI Object sensor to monitor a specific Windows process and generate an event when the process is restarted. This sensor-based monitoring strategy leverages the uniqueness of PID, against the generic name of a process.
WMI Object sensor
The WMI Object sensor is located in the Monitoring Sensors section of a device node settings: Node Settings > Monitoring Sensors > WMI > WMI Object Sensor.
- Select WMI Object from the WMI Sensor portfolio of sensors.
- Provide the Object ID - this will be the name/description of the sensor and will give you the ability to distinguish among multiple sensors on the same node. The name should be meaningful.
-
Use the following sensor selections:
- Namespace: root\CIMV2
- WMI_Class: Win32_Process
- Instance Key: Name
- Instance: Your monitoring target. (SE note: Name is not unique to the process. Use this sensor to monitor a single instance process by name)
- Validate your sensor results by using the test icon, located at the top right corner of the WMI Object Window.
Creating Alerts
For a single instance process, the easiest way to check whether a process was started/restarted is to watch PID (Process Identifier) of the process. Steps below will guide you how to set an alert based on PID.
- Open sensor and click on + add alert
- Select new event for Status Object Change
-
Use the following Alert settings
- ObjectId: ProcessId
-
When Previous State was:
- State: Unknown
- Condition: Not Equals
-
and the State changes to:
- State: Unknown
- Condition: Not Equals
- Set name of the alert i.e "CRM Process Was Started/Restarted"
This logic detects PID change and it will raise an alert when PID change will be detected. Please note that the first PID that will be read will not raise an alert.
Reversing this logic provides notification that a process has been terminated, and can be configured as the following Alert
- Add new event for Status Object Change
-
Use the following Alert settings
-
ObjectID: ProcessId
-
When the Previous State was:
- State: Any
-
and the State changes to:
- State: Unknown
- Condition: Equals
-
-
Set name of the alert i.e. "CRM Process is not working" and set severity to Critical
This alert will be triggered when a named process loses its PID. This event will be auto-closed when the process is started.
This feature requires NetCrunch version 10.1+
- [05.05.2020]Monitoring Windows tasks with NetCrunch
Monitoring Windows tasks can be a challenge as there is no easy way of retrieving information about them. Starting from version 10.9 NetCrunch introduced dedicated sensor and system view to view and monitor Windows tasks
- [26.03.2020]Enabling SNMP on a Windows machine
Despite the fact, that Microsoft depreciated SNMP for the Windows Server 2012 onwards, it is sometimes necessary to enable SNMP in this system. Below you will find a simple walkthrough how to do it.
- [15.03.2020]Windows VPN Monitoring with NetCrunch
Remote work is growing and sometimes indispensable. There is a number of different VPN services that can be used to provide secure access to company networks for remote workers or those traveling away from the office. This article will describe how to set up VPN Monitoring in NetCrunch on the example of Windows VPN
- [30.01.2020] Monitoring of Windows Shared Cluster
Monitoring Windows Shared Clusters can be achieved in many different ways. This article demonstrates the power of NetCrunch scripts combined with data parsers to show you how easy and fast it is to setup NetCrunch to collect data about free and used space on clusters
- [20.01.2019] Monitoring operating systems - Windows System Views
System views is a powerful tool to see the status of various aspects of the given system in real time. This article will focus on System Views on Windows-based machines
- [12.11.2018] Windows Server Monitoring
Use NetCrunch to monitor Windows Server resources, services, and metrics. Gain control and insight of your Windows Server infrastructure health with full monitoring and trend data collection from the entire Windows Common Information Model (CIM).
- [06.07.2018]Analyze Windows failed login events with a custom log view
Use NetCrunch to monitor and display failed logon activity on all Windows machines in your network by monitoring Windows Event Log.
- [28.05.2018]Monitoring Windows Event Logs for Warnings and Errors.
Learn how to monitor Windows Event Log to receive alerts and notifications when event with specified id appears.
- [24.05.2016] Correct Monitoring of Windows Processes on multi-core machines
This article will explain how NetCrunch monitors Windows processes and why these values are wrong in perfmon.
