Documentation forServer & Application Monitor

Process Monitors for Windows

As described in Work with component monitors, SAM includes several "component monitor types" that use various methods to focus on elements such as services, logs, or processes. Process Monitors for Windows test if a specified Windows process is running, and reports the CPU, virtual memory, and physical memory used by all instances of the process.

These Process Monitors support Windows operating systems. To learn about the Linux version, see Process Monitor (SNMP).

One example of a Process Monitor for Windows is the Worker Process Statistics Monitor in the AppInsight for IIS template that Collects and provides data and status of the worker process activation service for an application pool.

Note the following details that apply to most Process Monitors for Windows:

  • They support WinRM, WMI, Orion Agent for Windows, ICMP, and External Node polling methods.
  • They do not compute a statistic.
  • Five seconds after a sample is retrieved from the Win32_PerfRawData_PerfProc_Process class (PercentProcessorTime and TimeStamp_Sys100NS properties), a second sample is retrieved; the monitor uses both sample to calculate CPU usage.

If you create a Process Monitor for Windows in the Component Monitor Wizard, you'll be prompted to provide several values, as described next.

Field descriptions

Description

A default description of the monitor, which you can add to or replace. The variable to access this field is ${UserDescription}.

Enable Component

Determines if the component is enabled. Disabling the component leaves it in the application in a deactivated state that does not influence SolarWinds SAM application availability or status.

Credential for Monitoring

Select a Windows credential with WMI rights on the target node. This is typically a Windows administrator-level credential.

Click a credential in the list, or use the <Inherit credential from node> option. If the credential you need is not in the credentials list, add it in the Credentials Library. See Understand the Credentials Library for details.

Fetching Method

Configure how SAM gathers data for WMI Monitors:

WinRM Authentication Mechanism

If the SAM WinRM toggle is enabled for application polling on the Orion server and target nodes, select an authentication method for the connection. The default setting is Negotiate.

  • Default: Specifies the transport to use for WS-Management protocol requests and responses: HTTP or HTTPS. The default is HTTP.
  • Digest: User name and password are required. The client sends a request with authentication data to an authenticating server, usually a domain controller. If the client is authenticated, then the server receives a Digest session key to authenticate subsequent requests from the client.
  • Negotiate: The client sends a request to the server to determine the protocol to use for Simple and Protected Negotiation (SPNEGO) authentication, which can be either:
    • Kerberos for domain accounts, or
    • NTLM for local computer accounts
  • Basic: User name and password are required, as sent via HTTP or HTTPS in a domain or workgroup.
  • Kerberos: User name and password are required for mutual authentication between the client and server, using encrypted keys. The client account must be a domain account in the same domain as the server. When a client uses default credentials, Kerberos is the authentication method if the connection string is not one of the following: localhost, 127.0.0.1, or [::1].
  • NtlmDomain: User name and password are required for NTLM authentication. The client proves its identity by sending a user name, password, and domain name.
  • CredSssp: User name and password are optional. The Credential Security Support Provider (CredSSP) lets an application delegate the user credentials from the client to the target server for remote authentication. The client is authenticated over the encrypted channel by using the SPNEGO protocol with either Kerberos or NTLM.

    Portions excerpted from the WinRM Glossary (© 2020, Microsoft Corp., available at docs.microsoft.com, obtained on March 13, 2020).

Command Line Filter

Use this optional field to select which instances of a process you want to monitor, based on the command line arguments of the process. This is a text match and partial matches are also valid.

Example to monitor only instances launched with –myOption=NorthAmerica
Command Line Filter:–myOption=NorthAmerica

Example to monitor any instances launched with America in any argument
Command Line Filter:America

Process Name

Specify the process name to monitor. If you do not know the process name, SAM can help you find processes to monitor.

CPU Threshold

Use these fields to set warning and critical threshold conditions based on the percentage of CPU resources used by the monitored process. When the CPU usage polls within the thresholds, the monitor switches to a Warning or Critical state. See Application Monitor Thresholds.

Physical Memory Threshold

Use these fields to set warning and critical threshold conditions based on the amount of physical memory in use by the monitored process. When the physical memory usage polls within the thresholds, the monitor switches to a Warning or Critical state. See Application Monitor Thresholds.

Virtual Memory Threshold

Use these fields too set warning and critical threshold conditions based on the amount of virtual memory in use by the monitored process. When the virtual memory usage polls within the thresholds, the monitor switches to a Warning or Critical state. See Application Monitor Thresholds.

IO Read Operations/Sec Threshold

Use these fields to set warning and critical threshold conditions based on the amount of I/O read operations performed per second in use by the monitored process. When the read operations poll within the thresholds, the monitor switches to a Warning or Critical state. See Application Monitor Thresholds.

IO Write Operations/Sec Threshold

Use these fields to set warning and critical threshold conditions based on the amount of I/O write operations performed per second in use by the monitored process. When the write operations poll within the thresholds, the monitor switches to a Warning or Critical state. See Application Monitor Thresholds.

IO Total Operations/Sec Threshold

Use these fields to set warning and critical threshold conditions based on the amount of total I/O operations performed per second in use by the monitored process. When the total operations poll within the thresholds, the monitor switches to a Warning or Critical state. See Application Monitor Thresholds.

User Notes

Use this field to add notes for easy reference. You can access this field by using the variable, ${UserNotes}.