Detecting whether a process is running for more than X seconds/minutes using performance monitoring
Article ID: 394
Category: Monitoring
Applies to: 4.0.1 and higher
Updated: 2019-09-04
Create a ‘System Health’ package labeled ‘Performance Processes’
Click this package and then in the toolbar, the click 'Add' down-down on the right and then "Performance / SNMP"
Click on ‘Performance / SNMP’, then click the (+) to add the performance counter:
Give it a name such as ‘Process Elapsed Time’
Add this counter: Process(*)\Elapsed Time
Change the ‘Exclusions’ to an ‘Inclusion’ and then add the process to be monitored. In this example, ‘notepad++.exe’ will be used.
Click the ‘Alert’ tab, and check the ‘Enable Event Log Alert with Severity….’
Alert if value is ‘more than’ X for 10 seconds. In this example, 120 (2 minutes) will be used.
Create an ‘Event Log’ package and give it a name such as ‘Long Running Processes’
Right-click on that package and select ‘Add Filter’ and give it a name such as ‘Long running Processes’
Log: Application
Severity: Warning
Source: EventSentry
Category: Performance Monitoring
ID: 12105
Under ‘Content Filter & Notes’, click the (+) and then select ‘Insertion string 6 matches’ and then add: Performance Processes\Process Elapsed Time
(NOTE: In Step 1 & 3a, whatever names are used will matter in this step. In our example, ‘Performance Processes’ was used for the package name and the counter name is ‘Process Elapsed Time’ which is why we used ‘Performance Processes\Process Elapsed Time’ for the content filter)
Under ‘Actions’, add the ‘Default Email’ action and an alert will be generated this process runs longer than X seconds
Both the 'Event log' and 'System Health' packages need to be assigned to the server this is to be implement this on. The package can be assigned by right-clicking and selecting ‘Assign’ or selecting ‘Global’ will apply it to all hosts