Introduction: 

Sysedge allows process monitoring in 2 methods, process watcher 'watch process' and process group 'watch procgroup'

It can be difficult to determine why a process watcher may not be working and when a process group watcher is needed instead of a process watcher.

Background:  

Firstly;

SystemEDGE treats processes independently from arguments. This is the first key in making a valid process watcher.

SystemEDGE and its Mib contains details on;

processName: /usr/java/bin/java

processArgs: -server -Xmx128m 123 -XX:+UseParallelGC -XX:ParallelGCThreads=4

You can logically separate the processname from the processargs by the first space in a process list,

For example

ps -ef | grep java

/usr/java/bin/java -server -Xmx128m 123 -XX:+UseParallelGC -XX:ParallelGCThreads=4

So if you separate this based on the first space, the process name precedes the first space, and all arguments are after the first space.

This is important because a process watcher by default is just monitoring the processName the documented flag 0x800 must be used to evaluate process name and arguments.

# Flags valid for process monitors (and Windows Service monitors):
        000 008 00 - match process name and arguments

So if you want to match the above process you would need a monitor entry similar to below.

watch process procAlive 'java -server -Xmx128m 123 -XX:+UseParallelGC'   14 0x800 60 absolute = 4 'Samba daemon running' ''                        'Process' 'java' 'Alive' warning

* Note Since a process watcher is a regular expression you can use a sub-string of the actual entire process name like java -server -Xmx128m 123 -XX:+UseParallelGC.

If there is a problem with your regular expression this will result in no match and an initial state of NOT_ready until a match is found.

Secondly;

A process watcher is considered singular, Meaning the watcher criteria 'java -server -Xmx128m -XX:+UseParallelGC' should uniquely match only 1 process. If multiple matches exist then you cannot watch this process because we need to be able to uniquely monitor 1 process.

Similar to above process group monitors watching both name and arguments need an additional flag,

# Flags valid for process group monitors:
   000 001 00 - match process name and arguments

In cases where you must monitor a process that has more than 1 match,

For example,

ps -ef | grep java 

returns;

noaccess  1279     1   0   Jun 06 ?         906:02 /usr/java/bin/java -server -Xmx128m -XX:+UseParallelGC -XX:ParallelGCThreads=4
noaccess  2671     1   0   Jun 06 ?         930:32 /usr/java/bin/java -server -Xmx128m -XX:+UseParallelGC -XX:ParallelGCThreads=4
noaccess  2668     1   0   Jun 06 ?         930:33 /usr/java/bin/java -server -Xmx128m -XX:+UseParallelGC -XX:ParallelGCThreads=4

You MUST use a procgroup to watch this because there is nothing to uniquely identify each of these processes.

You will need to create a watcher similar to,

watch procgroup 'java -server -Xmx128m -XX:+UseParallelGC' 11 0x100 60 'JAVA process group' '' warning

Recap of requirements.

1) Process watchers must have only 1 process that matches, AND will only monitor the process name by default unless you specify to monitor Args as well.

2) Process Group watchers are intended to monitor cases with more then 1 process exists with the same name, AND will only monitor the process name by default unless you specify to monitor Args as well.

Environment:  

Unix, Solaris, Linux, AIX, HP-UX

Instructions: 

If you are ever unsure and wish to see how sysedge has stored the processName and processArgs you are trying to match or determine if there is more then 1 via systemedge data you can do the following.

1)  putty / telnet to the agent box.

a) cd /opt/CA/SystemEDGE/bin (or other install directory <installdir>/SystemEDGE/bin

b) ./walktree -c <your-read-community> -p <your-port-typically-161|1691> -o 1.3.6.1.4.1.546.1.1.4.1

*Note walktree can be run remotely by adding the -h <hostname|ip> from another systemedge agent, which will walk the mib remotely.

The oids starting with,

1.3.6.1.4.1.546.1.1.4.1.2.<pid> will be the processName attributes

1.3.6.1.4.1.546.1.1.4.1.25.<pid> will be the processArgs attributes

Additional Information:

For additional data you can also review on the ISO install media,

<MGRISO>\Installers\Windows\Bookshelf

bookshelf-enu.zip

Sub-directory in the zip file,

\bookshelf_files\pdf \se_user_enu.pdf

Or the se_user_enu.pdf online,

Chapter 9: Process and Service Monitoring

For greater details.