Output from executables (or scripts) can be used as input for performance monitoring to monitor numerical data not available through a Windows performance counter or SNMP.
Executable
Specify the path to the file from which the output should be interpreted. In its most simple form the executable or script will return a single number, multiple values are supported as instances as well. Floating point numbers are supported when the "Treat data as floating point values" check box is checked.
Embedded scripts can be referenced using the @ symbol.
Output from executables and scripts is only evaluated if the %ERRORLEVEL% returned by the process is 0 (zero). Output is discarded if the executable encountered an error and the resulting %ERRORLEVEL% is 1 or higher. |
Instances
If the output contains multiple values separated by a common delimiter than the various data values can be processed as instances, similar to instances with Windows Performance Counters. Clicking the Instances button will bring up the Instances dialog that allows the configuration of the separator along with the field names. Field names are required in order to distinguish the various data values.
Dynamic Instances
Dynamic instances are also supported for when the number and/or names of instances are not known ahead of time, for example when enumerating docker containers. To use dynamic instances:
1. Specify an asterisk * for the instance name
2. Make sure the executable returns the instance names in CSV format (regardless of what the separator is set to) as the first line
3. The remaining data is interpreted as if static instances were used
Important Notes
Processes launched by the EventSentry agent within the context of performance monitoring cannot run for more than 120 seconds.
Executable-based performance counters that are assigned to Non-Windows hosts will be executed by the EventSentry Heartbeat Monitor service (for each host they are assigned to), where either the $HOSTNAME or $IPADDRESS variable can be passed to the executable. It is not recommended to use embedded scripts for Non-Windows hosts, since the Heartbeat Service may not have access to them.
Since the EventSentry Agent usually runs under a privileged account like the LocalSystem account, it's important to ensure that all scripts that will be utilized by this feature are properly secured by NTFS permissions to prevent non-privileged users from injecting code.
Processes launched by the EventSentry agent within the context of performance monitoring cannot run for more than 120 seconds. |