Process Monitors for Windows
As described in Work with component monitors, SAM includes several "component monitor types" that use various methods to focus on elements such as services, logs, or processes. Process Monitors for Windows test if a specified Windows process is running, and reports the CPU, virtual memory, and physical memory used by all instances of the process.
These Process Monitors support Windows operating systems. For the Linux version, see Process Monitor (SNMP).
One example of a Process Monitor for Windows is the Worker Process Statistics Monitor in the AppInsight for IIS template that collects and provides data and status of the worker process activation service for an application pool.
For an example about tracking multiple processes across different servers for an application, see this THWACK post: Monitoring processes using SAM.
Note the following details that apply to most Process Monitors for Windows:
- They support WinRM, WMI, Orion Agent for Windows, ICMP, and External Node polling methods.
- They do not compute a statistic.
- Five seconds after a sample is retrieved from the Win32_PerfRawData_PerfProc_Process class (PercentProcessorTime and TimeStamp_Sys100NS properties), a second sample is retrieved; the monitor uses both sample to calculate CPU usage.
If you create a Process Monitor for Windows in the Component Monitor Wizard, you'll be prompted to provide several values, as described next.
A default description of the monitor, which you can add to or replace. The variable to access this field is
Determines if the component is enabled. Disabling the component leaves it in the application in a deactivated state that does not influence SolarWinds SAM application availability or status.
Credential for Monitoring
Select a Windows credential with WMI rights on the target node. This is typically a Windows administrator-level credential.
Click a credential in the list, or use the <Inherit credential from node> option. If the credential you need is not in the credentials list, add it in the Credentials Library. See Understand the Credentials Library for details.
Configure how SAM gathers data for WMI Monitors:
- WinRM/DCOM - Use WinRM, with DCOM as a fallback method. See Use WinRM for application monitor polling in SAM.
- RPC (Remote Procedure Call) - Use RPC communication.
WinRM Authentication Mechanism
If the SAM WinRM toggle is enabled for application polling on the Orion server and target nodes, select an authentication method for the connection. The default setting is Negotiate.
- Default: Specifies the transport to use for WS-Management protocol requests and responses: HTTP or HTTPS. The default is HTTP.
- Digest: User name and password are required. The client sends a request with authentication data to an authenticating server, usually a domain controller. If the client is authenticated, then the server receives a Digest session key to authenticate subsequent requests from the client.
- Negotiate: The client sends a request to the server to determine the protocol to use for Simple and Protected Negotiation (SPNEGO) authentication, which can be either:
- Kerberos for domain accounts, or
- NTLM for local computer accounts
- Basic: User name and password are required, as sent via HTTP or HTTPS in a domain or workgroup.
- Kerberos: User name and password are required for mutual authentication between the client and server, using encrypted keys. The client account must be a domain account in the same domain as the server. When a client uses default credentials, Kerberos is the authentication method if the connection string is not one of the following: localhost, 127.0.0.1, or [::1].
- NtlmDomain: User name and password are required for NTLM authentication. The client proves its identity by sending a user name, password, and domain name.
- CredSssp: User name and password are optional. The Credential Security Support Provider (CredSSP) lets an application delegate the user credentials from the client to the target server for remote authentication. The client is authenticated over the encrypted channel by using the SPNEGO protocol with either Kerberos or NTLM.
Command Line Filter
Use this optional field to select which instances of a process you want to monitor, based on the command line arguments of the process. This is a text match and partial matches are also valid.
For example, to monitor only instances launched with
–myOption=NorthAmerica. To monitor any instances launched with
America in any argument, use
For another example, see Monitor an application process launched from a specific path in the SolarWinds Success Center.
Specify the process name to monitor. If you do not know the process name, SAM can help you find processes to monitor.
Set thresholds based on the percentage of CPU resources used by the monitored process. When the CPU usage polls within the thresholds, the monitor switches to a Warning or Critical state.
To learn about setting thresholds, see Application Monitor Thresholds.
Physical Memory Threshold
Set thresholds based on the amount of physical memory in use by the monitored process. When the physical memory usage polls within the thresholds, the monitor switches to a Warning or Critical state.
Virtual Memory Threshold
Set thresholds based on the amount of virtual memory in use by the monitored process. When the virtual memory usage polls within the thresholds, the monitor switches to a Warning or Critical state.
IO Read Operations/Sec Threshold
Set thresholds based on the amount of I/O read operations performed per second in use by the monitored process. When the read operations poll within the thresholds, the monitor switches to a Warning or Critical state.
IO Write Operations/Sec Threshold
Set thresholds based on the amount of I/O write operations performed per second in use by the monitored process. When the write operations poll within the thresholds, the monitor switches to a Warning or Critical state.
IO Total Operations/Sec Threshold
Set thresholds based on the amount of total I/O operations performed per second in use by the monitored process. When the total operations poll within the thresholds, the monitor switches to a Warning or Critical state.
Add notes for easy reference. You can access this field by using the variable,