Tag: task manager

Top Process PowerShell script

Task Manager output for 'Top Process PowerShell script management pack'
Task Manager output for ‘Top Process PowerShell script management pack’

 

Ever wish you had task manager output when you had a monitor go unhealthy?  Following Kevin Holman’s lead to ‘Monitor Processes‘, the idea landed to build out the ‘Top Process PowerShell script’.  This morphed into a management pack with Knowledge entries to better explain what is being done.  Integrating Top Process into Health Explorer output as a recovery task helped provide another step before alerting.    The idea started from the need to prove which Security tool(s) were causing the over-utilized compute spikes, causing non-responsive server(s).  Thinking back to my UNIX days, we simply used top, vmstat, iostat, and other commands to identify problematic processes.  Integrating PowerShell scripts into SCOM is part of the fun, then linking the obfuscated Security processes for the final output.  From there, extrapolate into Azure Functions or Azure Logic apps, for additional functionality for cloud native monitoring.

 

Quick Download: https://github.com/theKevinJustin/TopProcess

Tier1 separated monitoring (no AD) https://github.com/theKevinJustin/TopProcessTier1

Building out the ‘Top Process PowerShell script’

Kevin Holman built a ‘ Monitor.Performance.ConsecSamples.ThenScript.TwoState.mpx fragment, beginning the logical journey.   His fragment helped me start with a working model, taking processes and cores into consideration for true CPU usage on multi-core servers.

Kevin Holman Monitor performance then script fragment for PowerShell get-counter syntax
Kevin Holman Monitor performance then script fragment for PowerShell get-counter syntax

 

We need to see the processes, and their corresponding value, then build an output table (custom object).  After gathering the processes, feed the TopProcesses array, lastly sorting the array for CPUValue

Top Process memory usage snippet
Top Process memory usage snippet

Next, we’ll want to see what applications/tools might be involved, including Active Client, IIS, monitoring, and EndPoint Management tools (keep things honest!).

Added the Security Processes into the mix
Added the Security Processes into the mix

Then we build an output of the data so we can take the datasource (DS) or WriteAction (WA) into a scripted monitor/rule, or recovery tasks linked to various monitors.  Even built a forked version in case of SAW/Red Forest, separating Tier0 monitoring from Tier1 (snippet below is NOT that pack)

snippet of manual tasks and recoveries that link to multiple monitors
snippet of manual tasks and recoveries that link to multiple monitors

 

Useful links

Kevin Holman MP fragments blog and GitHub Fragment library/repository