Check manual page of ps

May 21. 2012

ps

Author: Mathias Kettner

License: GPL

Distribution: official part of Check_MK

Supported Agents: Linux, Windows, AIX, Solaris, VMS

This check looks into the list of then current running processes for those matching a certain name or regular expression and optionally being owned by a certain user. The number of matching processes is matched against warning and critical levels.

Item

A user definable service description for Nagios. That description must be unique within each host. Changing the description will make Nagios think that it is another service.

Check parameters

Parameter	Type	Description
procname	string	Process specification. This can either be the name of a process as ouput by the agent. It must exactly match the first column of the agents output. Or - if the string is beginning with a tilde - it is interpreted as a regular expression that must match the beginning of the process line as output by the agent. For the Linux/UNIX agents this allows you to match specific command line arguments of the process. A third possibility is to set the process name to None. In that case all processes will match. This is probably only useful if you specify a user name.
user	string	Name of user that owns the process(es). This parameter is optional and can be left out completely.
warnmin	int	Minimum number of matched process for WARNING state
okmin	int	Minimum number for OK state
okmax	int	Maximum number for OK state
warnmax	int	Maximum number for WARNING state. Counts less than warnmin or greater than warnmax are CRITICAL

Performance data

None.

Inventory

As of version 1.1.1, ps supports inventory. Since Check_MK cannot know which processes are of relevance to you, some configuration is needed. The configuration is done via inventory_processes. The structure of that variable is a list of seven-tuples. It is similar but not completely the same as the configuration of manual checks. The seven components of each entry are: (1) a service description, (2) a pattern (just as the first parameter of the check), (3) a user specification and (4) - (7) the warning and critical levels for the number of processes.

During inventory Check_MK tries to match all entries on each process found on the target host. If an entry matches, a new check will be created according to the entry (if it's not already existing).

The service description may contain one or more occurances of %s. If you do this, then the pattern must be a regular expression and be prefixed with ~. For each %s in the description, the expression has to contain one "group". A group is a subexpression enclosed in brackets, for example (.*) or ([a-zA-Z]+) or (...). When the inventory finds a process matching the pattern, it will substitute all such groups with the actual values when creating the check. That way one rule can create several checks on a host.

If the pattern contains more groups then occurrances of %s in the service description then only the first matching subexpressions are used for the service descriptions. The matched substrings corresponding to the remaining groups are copied into the regular expression, nevertheless.

Wildcards not enclosed by brackets are simply copied verbatim to the created checks. Please refer to the examples for more details.

The user specification can either be a user name (string). The inventory will then trigger only if that user matches the user the process is running as and the resulting check will require that user. Alternatively you can specify ANY_USER or GRAB_USER. If you specify ANY_USER then the user field will simply be ignored. The created check will not check for a specific user.

Specifying GRAB_USER makes the created check expect the process to run as the same user as during inventory: the user name will be hardcoded into the check. In that case if you put %u into the service description, that will be replaced by the actual user name during inventory. You need that if your rule might match for more than one user - your would create duplicate services with the same description otherwise.

The warning and critical levels are simply copied to the created checks.

As of version 1.1.7i1 ps inventory allows optional host specification. You can prepend a list of host names or a list of tag names and ALL_HOSTS to some of all rules of the inventory specification. That way you can make the inventory apply some rules only to certain hosts.

Configuration variables

Variable	Type	Description
inventory_processes	list	A list of 7-tuples. See INVENTORY for details.

Examples

main.mk

# Examples for manually configured checks
checks += [
  # make sure exactly one ntpd is running
  ( "somehost", "ps", "NTP", ( "/usr/sbin/ntpd", 1, 1, 1, 1 ) ),

  # the same, but  for all hosts with the tag "lnx"
  ( ["lnx"], ALL_HOSTS, "ps", "NTPD", ( "/usr/sbin/ntpd", 1, 1, 1, 1 ) ),

  # command lines containing "prefork" should be in range 20 ... 30
  ( "somehost", "ps", "prefork", ( "~.*prefork", 15, 20, 30, 35 ) ),

  # no process containing "sshd" should exist
  ( "somehost", "ps", "SSHD", ( "~.*sshd", 0, 0, 0, 0 ) ),

  # check number of processes owned by user "www-data"
  ( "somehost", "ps", "count www", ( None, "www-data", 10, 15, 25, 30 ) ),

  # make sure no "sshd" processes owned by user "root" exists
  ( "somehost", "ps", "SSHD[root]", ( "~.*sshd", "root", 0, 0, 0, 0) ),

]

# Examples for automatic inventorization of processes
inventory_processes = [
  # if we find a /usr/sbin/ntpd on any host => monitor it
  ( "NTPD", "/usr/sbin/ntpd", ANY_USER, 1, 1, 1, 1),

  # alternative(1): do the same, but only on hosts tagged with "ntp":
  ( ['ntp'], ALL_HOSTS, "NTPD", "/usr/sbin/ntpd", ANY_USER, 1, 1, 1, 1),

  # alternative(2): do the same, but only on two specific hosts
  ( ['xsrv1', 'xsrv2'], "NTPD", "/usr/sbin/ntpd", ANY_USER, 1, 1, 1, 1),

  # alternative(3): do the same, but make sure, ntpd is always
  # running as the user under which we found it first:
  ( "NTPD2 %u", "/usr/sbin/ntpd", GRAB_USER, 1, 1, 1, 1),

  # if we find Apache2, monitor it and make sure it's running
  # as the user 'www-data'! Make also sure, that the number
  # of processes is between 5 and 10, (critical if not running
  # or if more than 30 processes):
  ( "Apache2", "~.*bin/apache2", "www-data", 1, 5, 10, 30 ),

  # now to something more complex: monitor dhclient processes.
  # For each NIC there might by one dhclient. We monitor the
  # processes separately for each NIC at which we find a dhclient
  # running.
  ( "DHCP-Client NIC %s", "~dhclient.* ([a-z]+[0-9]-*)$", ANY_USER, 1, 1, 1, 1) ,

  # SAP: Search for SAP processes, extract three components, add the
  # user name the process was running as to the service description
  ( "SCS %s/%s/%s %u", "~(..)\.sap(...)_SCS([0-9]+) pf=", GRAB_USER, 1, 1, 1, 1 ),
]


	Navigation: Check_MK Homepage Detailed Introduction Documentation Downloads Download with OMD (Subscription needed) FAQ Mailinglists Bugtracking & Feedback Public GIT repository Interview with Ethan Galstad Stories, Statements, Successes (NEW) Screenshots of Multsite Live-Demo of Multsite GUI Support Contracts (German) - NEW