What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

How can I monitor a dynamic Windows Process?

Votes:

0

I know it is possible to monitor certain processes via WMI and the "WMI Process" sensor, but I want to monitor a process with a dynamic name. For example the process "MyProgram123.exe" changes every week its name to "MyProgram1234.exe" and PRTG always reports an error because he can't find the process.

Is there a solution for that particular scenario?

custom-sensor powershell process process-monitoring prtg

Created on Aug 22, 2016 8:44:59 AM by Dariusz Gorka [Paessler Support]

Last change on Aug 22, 2016 8:46:46 AM by Dariusz Gorka [Paessler Support]



7 Replies

Accepted Answer

Votes:

0

This article applies to PRTG Network Monitor 16 or later

How to Monitor a Dynamic Windows Process

To monitor a dynamic Windows process, use the following PowerShell (.ps1) script.

  • The script basically checks if the desired process runs on the remote host or not.
  • The script looks for a process that is like the given process name.
  • For example, consider the process "FTPServer100.exe" that increases the number at the end every day. The script can look for a process that is named like "FTPServer" and will find the process "FTPServer" also with changing numbers.

How to Use the Script

Save the script as .ps1 file in this subfolder of the PRTG program directory on the probe system from where you want to check the process: \Custom Sensors\EXE\

#    ____  ____  ____________
#   / __ \/ __ \/_  __/ ____/
#  / /_/ / /_/ / / / / / __  
# / ____/ _, _/ / / / /_/ /  
#/_/   /_/ |_| /_/  \____/                         
#    NETWORK MONITOR
#-------------------
#(c) 2016 Stephan Linke, Paessler AG
#
#This script checks if a certain dynamic process is running on a remote machine.
#

# Parameter "-computername" for the remote hosts address and "-proc" for the dynamic process name
param(
    $computername = "localhost",
    $proc = "proc"
    )

# Get processes of the remote machine that are like the provided dynamic process name
$Processes = (Get-WmiObject -ComputerName $computername -Query "SELECT * FROM Win32_Process WHERE NAME LIKE '%$($proc)%'")

# Check if the process is found or not, report it back to PRTG.
if([string]::IsNullOrEmpty($Processes)) {
    Write-Host ([string]::Format("{0}:{0} Process not found {1}.",0,$proc));
} else {
    Write-Host ([string]::Format("{0}:{0} Process found {1}.",1,$proc));
}

The next step is to add an EXE/Script sensor. In the sensor settings, choose the created script from the list and provide the following Parameters:

-computername <remoteaddress> -proc <processname>

Please adjust the <remoteaddress> and <processname> parameters like in the examples below, depending on your scenario:

  • <remoteaddress>: WindowsHost123
  • <processname>: FTPServer

You can leave the other default settings unchanged.

Created on Aug 22, 2016 9:10:32 AM by Dariusz Gorka [Paessler Support]

Last change on Feb 22, 2018 7:58:44 AM by Dariusz Gorka [Paessler Support]



Votes:

0

Actually this script used as is gives back an error

Response not well-formed: "(In C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXE\Dynamic Windows Process.ps1:25 car:8 + } else { + ~ '}' di chiusura mancante nel blocco di istruzioni. + CategoryInfo : ParserError: (:) [], ParseException + FullyQualifiedErrorId : MissingEndCurlyBrace )" (code: PE132)

Created on Feb 19, 2018 9:28:41 AM



Votes:

0

Hi there,

We tested the script several times. Please make sure that you have copied the script properly and didn't missed any characters.

Additionally, please activate the "Write EXE result to disk" option in the sensor's settings and post the log files (Result of Sensor XXX.Data.txt and Result of Sensor XXX.txt) located on the corresponding probe under "C:\ProgramData\Paessler\PRTG Network Monitor\Logs (Sensors)".

Best regards.

Created on Feb 19, 2018 11:53:10 AM by Dariusz Gorka [Paessler Support]



Votes:

0

Hi Dariusz

I was able to make this script work making some little changes, this is the new code used 

# Parameter "-computername" for the remote hosts address and "-proc" for the dynamic process name
param(
    $computername = "localhost",
    $proc = "proc"
    )

# Get processes of the remote machine that are like the provided dynamic process name
$Processes = (Get-WmiObject -ComputerName $computername -Query "SELECT * FROM Win32_Process WHERE NAME LIKE '%$($proc)%'").count

# Check if the process is found or not, report it back to PRTG.
  if([string]::IsNullOrEmpty($Processes)) {
    Write-Host ([string]::Format("{0}:{0} Process not found {1}.",0,$proc));
} else {
    Write-Host ([string]::Format("{0}:{0} Process found {1}.",$Processes,$proc))
};

Here described the changes made:

  • It was missing the last parenthesis } and this prevented the script from running
  • Added .count at the end of the creation of variable $Processes so to have it counted
  • Changed from ("{0}:{0} Process found {1}.",1,$proc) to ("{0}:{0} Process found {1}.",$Processes,$proc) the last Format to have the result of processes count included in the output

So far the script works perfectly when used in a sensor on a local probe but it gives back no results nor error when used on a remote machine so I guessed it's an authentication problem. Checking the logs in fact I see Access denied

Get-WmiObject : Accesso negato. (Eccezione da HRESULT: 0x80070005 
(E_ACCESSDENIED))
In C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXE\Dynamic 
Windows Process.ps1:20 car:15
+ $Processes = (Get-WmiObject -ComputerName $computername -Query "SELECT * 
FROM Wi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedA 
   ccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow 
   erShell.Commands.GetWmiObjectCommand

I've tried different other ways to get it

  • Changed setting in sensor from "Use security context of probe service" to "Use Windows credentials of parent device" and got PE095 error
  • Added credentials variables in the script but the only way that made it working is running the probe service as a local administrator

I reached this conclusion cause testing it from powershell cli it was working smoothly but not from PRTG interface

Let me know if you think that something is not correct or can be done more properly

Regards

Created on Feb 19, 2018 3:44:00 PM



Votes:

0

Hi there,

You were right, the last brace was missing. Could you try the script again with a Domain Administrator in the Device Settings?

Best regards.

Created on Feb 22, 2018 2:02:41 PM by Dariusz Gorka [Paessler Support]



Votes:

0

Hi

I have found this script and is trying to use it. But I can't get it to work.
I have copied the first script and paste it into notepad and saved it as CheckProc.ps1
If I run the script at the remote probe, where the file is saved, it works.

PS C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE> .\CheckProcess.ps1 -computername dbnode01 -proc dbservice

1:1 Process found dbservice.

If I create a exe/script sensor in PRTG on a device, which is handled by this remote probe, I can chose the script name. If I don't add any parameters the sensor reports: 1 Process found proc. so the script is running.

BUT... if I use parameter: -computername dbnode01
the sensor reports: 0 Process not found proc.
if I use parameter: -proc dbservice
the sensor reports: 0 Process not found dbservice.
if I use parameters: -computername dbnode01 -proc dbservice
the sensor reports: 0 Process not found dbservice.

Any suggestions why it doesn't work?

Kind regards Jens

Created on Feb 15, 2021 7:55:50 AM

Last change on Feb 15, 2021 8:45:24 AM by Felix Wiesneth [Paessler Support]



Votes:

0

Hey,

It may be that the sensor is actually erroring out for a reason. To see this reason, enable the "Write Result to Disk" option in the sensor and check the logs under "C:\ProgramData\Paessler\PRTG Network Monitor\Logs\sensors\" - especially the "Result of Sensor XXXX.txt"-file.

Do you see anything?

Best regards.

Created on Feb 15, 2021 10:21:25 AM by Dariusz Gorka [Paessler Support]

Last change on Feb 15, 2021 10:21:48 AM by Dariusz Gorka [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.