Process monitoring detects when a required processes is inactive and can evaluate the command line parameters of a process, and the minimum number of required instances of a process may be specified as well.
Process Monitoring can also alert on inactive processes from a remote SNMP agent by polling SNMP counter values. Process monitoring alerts are identical between Windows and Non-Windows hosts.
SNMP data is collected by the Heartbeat Agent.
Monitoring a process
To monitor a process, click the + button and specify the process name as well as the number of required instances (usually "1"). Wildcards can be specified for the process name, e.g. "java*" would match all processes starting with "java".
Command Line Parameters
If only processes with specific command-line parameters should be evaluated, then the required command line can be specified as well. If a command line is not specified, then it will be ignored. This parameter supports wildcards as well.
Process Network Status (aka Netstat)
Enumerates all processes which have an active TCP network connection and makes that information available in the web reports, it provides the same data as the built-in netstat command. If "Detect Changes" is selected, optionally also generates an alert when a process starts listening on a previously inactive TCP connection and vice versa.
The following options are available:
•Enabled (All Connections): Enumerates all processes which have an active TCP network connection, including both client-side and server-side processes.
•Enabled (Listening Ports Only): Enumerates all processes which are listening for incoming TCP requests, usually server-side processes like web servers, database servers and such.
Detects when a previously closed TCP port is in the active listening state, or when a TCP port that was previously listening is now closed. Events are logged with the event severity selected in the Options below.
Determines how often the process state is refreshed.
Sets the database where the process data is stored.
The Process Network Status feature is only available on Windows-based hosts.
You can customize the severity with which an event is written to the event log by changing the "log errors as" option below the list. When a specified process is not active, event 10401 is logged to the event log once. When the process becomes active again event 10402 will be logged to the application event log (see also Event Log).
You can also configure a start-up delay to avoid false notifications for processes that start after the EventSentry service is starting. Simply set the "Start monitoring processes" option to the number of seconds it takes for all processes to be active.
"Notify at most once every" sets how often an alert is generated when the required process(es) is not active.