The previous article “Remote Monitoring System with Minimum Coding” presents an example how to monitor processes on Linux systems using simple bash script and upload result to the remote HTTP server. Linux cron service should schedule script execution on a repetitive basis. The bash script plays role of monitoring agent which collects required information and sends results in html format to web server.
The similar process monitoring is possible to do without installation/creation some sort of agent most commonly using SNMP or WMI for Windows. However these services must be running and properly configured on remote devices.
This example below shows how to get information about running processes on remote device using SNMP. For simplicity remote device running v2c version of SNMP daemon with minimal setting in snmpd.conf file:
|
agentAddress udp:161,udp6:161 view all included .1 rocommunity public default rocommunity6 public default rouser authOnlyUser |
To collect data about processes on remote device we may use snmpget and/or snmpwalk utilities::
|
# snmpwalk -v 2c -c public 192.168.2.59 .1.3.6.1.2.1.25.4.2.1.4 | grep STRING: | head -n 15 HOST-RESOURCES-MIB::hrSWRunPath.1 = STRING: “/sbin/init” HOST-RESOURCES-MIB::hrSWRunPath.503 = STRING: “/lib/systemd/systemd-journald” HOST-RESOURCES-MIB::hrSWRunPath.520 = STRING: “/sbin/lvmetad” HOST-RESOURCES-MIB::hrSWRunPath.546 = STRING: “/lib/systemd/systemd-udevd” HOST-RESOURCES-MIB::hrSWRunPath.764 = STRING: “/usr/bin/vmtoolsd” HOST-RESOURCES-MIB::hrSWRunPath.788 = STRING: “/lib/systemd/systemd-timesyncd” HOST-RESOURCES-MIB::hrSWRunPath.937 = STRING: “/usr/bin/lxcfs” HOST-RESOURCES-MIB::hrSWRunPath.938 = STRING: “/usr/sbin/atd” HOST-RESOURCES-MIB::hrSWRunPath.939 = STRING: “/usr/lib/accountsservice/accounts-daemon” HOST-RESOURCES-MIB::hrSWRunPath.940 = STRING: “/lib/systemd/systemd-logind” HOST-RESOURCES-MIB::hrSWRunPath.943 = STRING: “/usr/sbin/cron” HOST-RESOURCES-MIB::hrSWRunPath.950 = STRING: “/usr/sbin/acpid” HOST-RESOURCES-MIB::hrSWRunPath.951 = STRING: “/usr/bin/VGAuthService” HOST-RESOURCES-MIB::hrSWRunPath.952 = STRING: “/usr/sbin/rsyslogd” HOST-RESOURCES-MIB::hrSWRunPath.953 = STRING: “/usr/bin/dbus-daemon” |
The same for IPv6:
|
# snmpwalk -v 2c -c public [fe80::250:56ff:fe87:1581] hrSWRunPath | grep STRING: | head -n 15 HOST-RESOURCES-MIB::hrSWRunPath.1 = STRING: “/sbin/init” HOST-RESOURCES-MIB::hrSWRunPath.503 = STRING: “/lib/systemd/systemd-journald” HOST-RESOURCES-MIB::hrSWRunPath.520 = STRING: “/sbin/lvmetad” HOST-RESOURCES-MIB::hrSWRunPath.546 = STRING: “/lib/systemd/systemd-udevd” HOST-RESOURCES-MIB::hrSWRunPath.764 = STRING: “/usr/bin/vmtoolsd” HOST-RESOURCES-MIB::hrSWRunPath.788 = STRING: “/lib/systemd/systemd-timesyncd” HOST-RESOURCES-MIB::hrSWRunPath.937 = STRING: “/usr/bin/lxcfs” HOST-RESOURCES-MIB::hrSWRunPath.938 = STRING: “/usr/sbin/atd” HOST-RESOURCES-MIB::hrSWRunPath.939 = STRING: “/usr/lib/accountsservice/accounts-daemon” HOST-RESOURCES-MIB::hrSWRunPath.940 = STRING: “/lib/systemd/systemd-logind” HOST-RESOURCES-MIB::hrSWRunPath.943 = STRING: “/usr/sbin/cron” HOST-RESOURCES-MIB::hrSWRunPath.950 = STRING: “/usr/sbin/acpid” HOST-RESOURCES-MIB::hrSWRunPath.951 = STRING: “/usr/bin/VGAuthService” HOST-RESOURCES-MIB::hrSWRunPath.952 = STRING: “/usr/sbin/rsyslogd” HOST-RESOURCES-MIB::hrSWRunPath.953 = STRING: “/usr/bin/dbus-daemon” |
The index after hrSWRunPath object means PID of the remote process, for example /usr/bin/dbus-daemon has PID = 953.
The similar information is possible to get from Windows remote device by means of WMI:
|
D:\>wmic /NODE:192.168.2.77 /USER:”\admin1″ /PASSWORD:P@$$1 path win32_process get name,processID Name ProcessId System Idle Process 0 System 4 smss.exe 288 csrss.exe 380 wininit.exe 480 csrss.exe 488 winlogon.exe 556 services.exe 616 lsass.exe 624 svchost.exe 804 svchost.ex 860 dwm.exe 1008 svchost.exe 272 svchost.exe 376 svchost.exe 492 svchost.exe 824 svchost.exe 720 svchost.exe 1112 svchost.exe 1256 svchost.exe 1360 svchost.exe 1504 svchost.exe 2084 spoolsv.exe 2228 svchost.exe 2268 dns.exe 2280 ismserv.exe 2300 |