In the case of RHEL 10. When an SSH session is opened against the RHEL 10 system, one or more processes with name starting with 'sshd-session: <username>...' is started. In lab environment we found that this process remained active even when the SSHD service was stopped on the RHEL 10 server. The 'Executable Name' filter will look for any process containing the string 'sshd', and if other processes contains this string, the 'AVAILABILITY|Resource Availability' metric will not change, due to additional processes containing the string 'sshd'.

It was observed that the 'Tags:Processes|process_name' property on the process monitoring object changed from sshd to sshd-session. This is expected, as the 'Executable Name' filter type looks for any processes containing the string 'sshd', and returns a running process.

Instead of using 'Executable Name' filter type in cases where you may have multiple processes containing the search string, use 'PID File' or 'Regex Pattern' filter types.

The PID (Process ID) file is normally found under /var/run/<process_name>.pid for system processes. Consult documentation for your application or operating system if process/application/service use PID file.

As an example for SSHD service on RHEL 10, you can use the following filter value for PID File:

/var/run/sshd.pid

Regex pattern is another alternative. Please consult with Regex documentation for more advanced regex searches.

As an example for SSHD service on RHEL 10, you can use the following filter value for Regex Pattern:

/usr/sbin/sshd*