Sysedge allows process monitoring in 2 methods, process watcher 'watch process' and process group 'watch procgroup'
It can be difficult to determine why a process watcher may not be working and when a process group watcher is needed instead of a process watcher.
SystemEDGE treats processes independently from arguments. This is the first key in making a valid process watcher.
SystemEDGE and its Mib contains details on;
processArgs: -server -Xmx128m 123 -XX:+UseParallelGC -XX:ParallelGCThreads=4
You can logically separate the processname from the processargs by the first space in a process list,
ps -ef | grep java
/usr/java/bin/java -server -Xmx128m 123 -XX:+UseParallelGC -XX:ParallelGCThreads=4
So if you separate this based on the first space, the process name precedes the first space, and all arguments are after the first space.
This is important because a process watcher by default is just monitoring the processName the documented flag 0x800 must be used to evaluate process name and arguments.
# Flags valid for process monitors (and Windows Service monitors):
000 008 00 - match process name and arguments
So if you want to match the above process you would need a monitor entry similar to below.
watch process procAlive 'java -server -Xmx128m 123 -XX:+UseParallelGC' 14 0x800 60 absolute = 4 'Samba daemon running' '' 'Process' 'java' 'Alive' warning
* Note Since a process watcher is a regular expression you can use a sub-string of the actual entire process name like java -server -Xmx128m 123 -XX:+UseParallelGC.
If there is a problem with your regular expression this will result in no match and an initial state of NOT_ready until a match is found.
A process watcher is considered singular, Meaning the watcher criteria 'java -server -Xmx128m -XX:+UseParallelGC' should uniquely match only 1 process. If multiple matches exist then you cannot watch this process because we need to be able to uniquely monitor 1 process.
Similar to above process group monitors watching both name and arguments need an additional flag,
# Flags valid for process group monitors:
000 001 00 - match process name and arguments
In cases where you must monitor a process that has more than 1 match,
ps -ef | grep java
noaccess 1279 1 0 Jun 06 ? 906:02 /usr/java/bin/java -server -Xmx128m -XX:+UseParallelGC -XX:ParallelGCThreads=4
noaccess 2671 1 0 Jun 06 ? 930:32 /usr/java/bin/java -server -Xmx128m -XX:+UseParallelGC -XX:ParallelGCThreads=4
noaccess 2668 1 0 Jun 06 ? 930:33 /usr/java/bin/java -server -Xmx128m -XX:+UseParallelGC -XX:ParallelGCThreads=4
You MUST use a procgroup to watch this because there is nothing to uniquely identify each of these processes.
You will need to create a watcher similar to,
watch procgroup 'java -server -Xmx128m -XX:+UseParallelGC' 11 0x100 60 'JAVA process group' '' warning
Recap of requirements.
1) Process watchers must have only 1 process that matches, AND will only monitor the process name by default unless you specify to monitor Args as well.
2) Process Group watchers are intended to monitor cases with more then 1 process exists with the same name, AND will only monitor the process name by default unless you specify to monitor Args as well.
Unix, Solaris, Linux, AIX, HP-UX
If you are ever unsure and wish to see how sysedge has stored the processName and processArgs you are trying to match or determine if there is more then 1 via systemedge data you can do the following.
1) putty / telnet to the agent box.
a) cd /opt/CA/SystemEDGE/bin (or other install directory <installdir>/SystemEDGE/bin
b) ./walktree -c <your-read-community> -p <your-port-typically-161|1691> -o 18.104.22.168.4.1.522.214.171.124.1
*Note walktree can be run remotely by adding the -h <hostname|ip> from another systemedge agent, which will walk the mib remotely.
The oids starting with,
126.96.36.199.4.1.5188.8.131.52.1.2.<pid> will be the processName attributes
184.108.40.206.4.1.5220.127.116.11.1.25.<pid> will be the processArgs attributes
For additional data you can also review on the ISO install media,
Sub-directory in the zip file,
Or the se_user_enu.pdf online,
Chapter 9: Process and Service Monitoring
For greater details.