New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


How can I monitor a dynamic Windows Process?

Votes:

0

Your Vote:

Up

Down

I know it is possible to monitor certain processes via WMI and the "WMI Process" sensor, but I want to monitor a process with a dynamic name. For example the process "MyProgram123.exe" changes every week its name to "MyProgram1234.exe" and PRTG always reports an error because he can't find the process.

Is there a solution for that particular scenario?

custom-sensor powershell process process-monitoring prtg

Created on Aug 22, 2016 8:44:59 AM by  Dariusz Gorka [Paessler Support]

Last change on Aug 22, 2016 8:46:46 AM by  Dariusz Gorka [Paessler Support]



5 Replies

Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 16 or later

How to Monitor a Dynamic Windows Process

To monitor a dynamic Windows process, use the following PowerShell (.ps1) script.

  • The script basically checks if the desired process runs on the remote host or not.
  • The script looks for a process that is like the given process name.
  • For example, consider the process "FTPServer100.exe" that increases the number at the end every day. The script can look for a process that is named like "FTPServer" and will find the process "FTPServer" also with changing numbers.

How to Use the Script

Save the script as .ps1 file in this subfolder of the PRTG program directory on the probe system from where you want to check the process: \Custom Sensors\EXE\

#    ____  ____  ____________
#   / __ \/ __ \/_  __/ ____/
#  / /_/ / /_/ / / / / / __  
# / ____/ _, _/ / / / /_/ /  
#/_/   /_/ |_| /_/  \____/                         
#    NETWORK MONITOR
#-------------------
#(c) 2016 Stephan Linke, Paessler AG
#
#This script checks if a certain dynamic process is running on a remote machine.
#

# Parameter "-computername" for the remote hosts address and "-proc" for the dynamic process name
param(
    $computername = "localhost",
    $proc = "proc"
    )

# Get processes of the remote machine that are like the provided dynamic process name
$Processes = (Get-WmiObject -ComputerName $computername -Query "SELECT * FROM Win32_Process WHERE NAME LIKE '%$($proc)%'")

# Check if the process is found or not, report it back to PRTG.
if([string]::IsNullOrEmpty($Processes)) {
    Write-Host ([string]::Format("{0}:{0} Process not found {1}.",0,$proc));
} else {
    Write-Host ([string]::Format("{0}:{0} Process found {1}.",1,$proc));
}

The next step is to add an EXE/Script sensor. In the sensor settings, choose the created script from the list and provide the following Parameters:

-computername <remoteaddress> -proc <processname>

Please adjust the <remoteaddress> and <processname> parameters like in the examples below, depending on your scenario:

  • <remoteaddress>: WindowsHost123
  • <processname>: FTPServer

You can leave the other default settings unchanged.

Created on Aug 22, 2016 9:10:32 AM by  Dariusz Gorka [Paessler Support]

Last change on Feb 22, 2018 7:58:44 AM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Actually this script used as is gives back an error

Response not well-formed: "(In C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXE\Dynamic Windows Process.ps1:25 car:8 + } else { + ~ '}' di chiusura mancante nel blocco di istruzioni. + CategoryInfo : ParserError: (:) [], ParseException + FullyQualifiedErrorId : MissingEndCurlyBrace )" (code: PE132)

Created on Feb 19, 2018 9:28:41 AM by  marcopalumbo (0)



Votes:

0

Your Vote:

Up

Down

Hi there,

We tested the script several times. Please make sure that you have copied the script properly and didn't missed any characters.

Additionally, please activate the "Write EXE result to disk" option in the sensor's settings and post the log files (Result of Sensor XXX.Data.txt and Result of Sensor XXX.txt) located on the corresponding probe under "C:\ProgramData\Paessler\PRTG Network Monitor\Logs (Sensors)".

Best regards.

Created on Feb 19, 2018 11:53:10 AM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Dariusz

I was able to make this script work making some little changes, this is the new code used

# Parameter "-computername" for the remote hosts address and "-proc" for the dynamic process name
param(
    $computername = "localhost",
    $proc = "proc"
    )

# Get processes of the remote machine that are like the provided dynamic process name
$Processes = (Get-WmiObject -ComputerName $computername -Query "SELECT * FROM Win32_Process WHERE NAME LIKE '%$($proc)%'").count

# Check if the process is found or not, report it back to PRTG.
  if([string]::IsNullOrEmpty($Processes)) {
    Write-Host ([string]::Format("{0}:{0} Process not found {1}.",0,$proc));
} else {
    Write-Host ([string]::Format("{0}:{0} Process found {1}.",$Processes,$proc))
};

Here described the changes made:

  • It was missing the last parenthesis } and this prevented the script from running
  • Added .count at the end of the creation of variable $Processes so to have it counted
  • Changed from ("{0}:{0} Process found {1}.",1,$proc) to ("{0}:{0} Process found {1}.",$Processes,$proc) the last Format to have the result of processes count included in the output

So far the script works perfectly when used in a sensor on a local probe but it gives back no results nor error when used on a remote machine so I guessed it's an authentication problem. Checking the logs in fact I see Access denied

Get-WmiObject : Accesso negato. (Eccezione da HRESULT: 0x80070005 
(E_ACCESSDENIED))
In C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXE\Dynamic 
Windows Process.ps1:20 car:15
+ $Processes = (Get-WmiObject -ComputerName $computername -Query "SELECT * 
FROM Wi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedA 
   ccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow 
   erShell.Commands.GetWmiObjectCommand

I've tried different other ways to get it

  • Changed setting in sensor from "Use security context of probe service" to "Use Windows credentials of parent device" and got PE095 error
  • Added credentials variables in the script but the only way that made it working is running the probe service as a local administrator

I reached this conclusion cause testing it from powershell cli it was working smoothly but not from PRTG interface

Let me know if you think that something is not correct or can be done more properly

Regards

Created on Feb 19, 2018 3:44:00 PM by  marcopalumbo (0)



Votes:

0

Your Vote:

Up

Down

Hi there,

You were right, the last brace was missing. Could you try the script again with a Domain Administrator in the Device Settings?

Best regards.

Created on Feb 22, 2018 2:02:41 PM by  Dariusz Gorka [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.