-
Notifications
You must be signed in to change notification settings - Fork 15
Check_Process State Filter on Windows Machine. #169
-
I've tried to use the State Filter with Check_Process on a windows machine but never get back anything. Am I using this incorrectly?
According to the documentation;
state | Current state (windows: started, stopped, hung - linux: idle, lock, running, sleep, stop, wait and zombie)
C:\Program Files\snclient>snclient.exe run check_process filter='state=running'
←[0;37m[15:44:53.550][D] filter: state=running←[0m
←[0;37m[15:44:53.550][D] condition warning: count = 0←[0m
←[0;37m[15:44:53.551][D] condition critical: state = 'stopped' or count = 0←[0m
←[0;37m[15:44:53.551][D] condition ok: none←[0m
CRITICAL - no processes found with this filter. |'count'=0;0;0;0 'rss'=0B;;;0 'virtual'=0B;;;0 'cpu'=0%;;;0
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 3 comments 1 reply
-
running is a linux process state, on windows there is started, stopped and hung. Let me know if this can be described more clearly in the documentation.
Beta Was this translation helpful? Give feedback.
All reactions
-
Thanks. Probably for documentation;;
state | Current state (windows: started, stopped, hung) (linux: idle, lock, running, sleep, stop, wait and zombie)
I've tried all three windows states and get nothing :(
C:\Program Files\snclient>snclient.exe run check_process process="*" filter="state=started"
←[0;37m[21:38:19.576][D] filter: state=started←[0m
←[0;37m[21:38:19.576][D] condition warning: count = 0←[0m
←[0;37m[21:38:19.577][D] condition critical: state = 'stopped' or count = 0←[0m
←[0;37m[21:38:19.577][D] condition ok: none←[0m
CRITICAL - no processes found with this filter. |'count'=0;0;0;0 'rss'=0B;;;0 'virtual'=0B;;;0 'cpu'=0%;;;0
C:\Program Files\snclient>snclient.exe run check_process filter="state=started"
←[0;37m[21:38:44.880][D] filter: state=started←[0m
←[0;37m[21:38:44.880][D] condition warning: count = 0←[0m
←[0;37m[21:38:44.880][D] condition critical: state = 'stopped' or count = 0←[0m
←[0;37m[21:38:44.880][D] condition ok: none←[0m
CRITICAL - no processes found with this filter. |'count'=0;0;0;0 'rss'=0B;;;0 'virtual'=0B;;;0 'cpu'=0%;;;0
C:\Program Files\snclient>snclient.exe run check_process filter="state=stopped"
←[0;37m[21:39:27.499][D] filter: state=stopped←[0m
←[0;37m[21:39:27.499][D] condition warning: count = 0←[0m
←[0;37m[21:39:27.500][D] condition critical: state = 'stopped' or count = 0←[0m
←[0;37m[21:39:27.501][D] condition ok: none←[0m
CRITICAL - no processes found with this filter. |'count'=0;0;0;0 'rss'=0B;;;0 'virtual'=0B;;;0 'cpu'=0%;;;0
C:\Program Files\snclient>snclient.exe run check_process filter="state=hung"
←[0;37m[21:39:35.129][D] filter: state=hung←[0m
←[0;37m[21:39:35.129][D] condition warning: count = 0←[0m
←[0;37m[21:39:35.130][D] condition critical: state = 'stopped' or count = 0←[0m
←[0;37m[21:39:35.131][D] condition ok: none←[0m
CRITICAL - no processes found with this filter. |'count'=0;0;0;0 'rss'=0B;;;0 'virtual'=0B;;;0 'cpu'=0%;;;0
Beta Was this translation helpful? Give feedback.
All reactions
-
Running in trace mode, I can see this check has returned two notepad process with a state of started.
C:\Program Files\snclient>snclient.exe run check_process process="notepad.exe"
←[0;37m[10:16:42.340][T] os args: []string{"snclient.exe", "run", "--", "check_process", "process=notepad.exe"}←[0m
←[0;37m[10:16:42.340][T] command: check_process←[0m
←[0;37m[10:16:42.341][T] args: []string{"process=notepad.exe"}←[0m
←[0;37m[10:16:42.578][T] finalize check results:←[0m
←[0;37m[10:16:42.578][D] filter: none←[0m
←[0;37m[10:16:42.579][D] condition warning: count = 0←[0m
←[0;37m[10:16:42.579][D] condition critical: state = 'stopped' or count = 0←[0m
←[0;37m[10:16:42.579][D] condition ok: none←[0m
←[0;37m[10:16:42.580][T] details: map[string]string{"_state":"0", "cpu":"0.005360", "detail-syntax":"${exe}=${state}", "empty-syntax":"%(status) - no processes found with this filter.", "ok-syntax":"%(status) - all %{count} processes are ok.", "oldest":"1729559690", "rss":"33738752", "top-syntax":"%(status) - ${problem_list}", "virtual":"4406975967232", "youngest":"0"}←[0m
←[0;37m[10:16:42.580][T] list data:←[0m
←[0;37m[10:16:42.581][T] - map[string]string{"_state":"0", "command_line":""C:\WINDOWS\system32\notepad.exe" ", "cpu":"0.000381", "creation":"2024-10-22 11:14:50 AEST", "creation_unix":"1729559690", "exe":"notepad.exe", "filename":"C:\WINDOWS\system32\notepad.exe", "handles":"242", "kernel":"3.156250", "pagefile":"2668", "peak_pagefile":"3156", "peak_virtual":"2203494084608", "peak_working_set":"15992", "pid":"11752", "process":"notepad.exe", "rss":"15650816", "state":"started", "user":"1.109375", "virtual":"2203483869184", "working_set":"15650816"}←[0m
←[0;37m[10:16:42.582][T] - map[string]string{"_state":"0", "command_line":"notepad snclient_local.ini", "cpu":"0.004979", "creation":"2024-11-04 09:29:38 AEST", "creation_unix":"1730676578", "exe":"notepad.exe", "filename":"C:\WINDOWS\system32\notepad.exe", "handles":"265", "kernel":"0.093750", "pagefile":"2980", "peak_pagefile":"3516", "peak_virtual":"2203503538176", "peak_working_set":"17912", "pid":"6680", "process":"notepad.exe", "rss":"18087936", "state":"started", "user":"0.046875", "virtual":"2203492098048", "working_set":"18087936"}←[0m
←[0;37m[10:16:42.582][T] detail template: ${exe}=${state}←[0m
←[0;37m[10:16:42.583][T] output template: %(status) - all %{count} processes are ok.←[0m
OK - all 2 processes are ok. |'count'=2;0;0;0 'rss'=33738752B;;;0 'virtual'=4406975967232B;;;0 'cpu'=0.00536%;;;0
However, I apply a filter for the state, and I get nothing back.
C:\Program Files\snclient>snclient.exe run check_process process="notepad.exe" filter="state = 'started'"
←[0;37m[10:17:58.667][T] os args: []string{"snclient.exe", "run", "--", "check_process", "process=notepad.exe", "filter=state = 'started'"}←[0m
←[0;37m[10:17:58.668][T] command: check_process←[0m
←[0;37m[10:17:58.669][T] args: []string{"process=notepad.exe", "filter=state = 'started'"}←[0m
←[0;37m[10:17:58.910][T] finalize check results:←[0m
←[0;37m[10:17:58.911][D] filter: state = 'started'←[0m
←[0;37m[10:17:58.911][D] condition warning: count = 0←[0m
←[0;37m[10:17:58.911][D] condition critical: state = 'stopped' or count = 0←[0m
←[0;37m[10:17:58.912][D] condition ok: none←[0m
←[0;37m[10:17:58.912][T] details: map[string]string{"_state":"0", "cpu":"0.000000", "detail-syntax":"${exe}=${state}", "empty-syntax":"%(status) - no processes found with this filter.", "ok-syntax":"%(status) - all %{count} processes are ok.", "oldest":"-1", "rss":"0", "top-syntax":"%(status) - ${problem_list}", "virtual":"0", "youngest":"0"}←[0m
←[0;37m[10:17:58.912][T] detail template: ${exe}=${state}←[0m
←[0;37m[10:17:58.913][T] output template: %(status) - no processes found with this filter.←[0m
CRITICAL - no processes found with this filter. |'count'=0;0;0;0 'rss'=0B;;;0 'virtual'=0B;;;0 'cpu'=0%;;;0
Beta Was this translation helpful? Give feedback.
All reactions
-
i found something, the alias settings were wrong for windows, fixed in 56a027b
Beta Was this translation helpful? Give feedback.