Process Monitoring on Windows

[Chester...@gdc4s.com]

Hi. I’m trying to get process monitoring via Net-SNMP (running VERSION 5.6.1) to work on a Windows 2008 R2 host. I have no issues doing this on a Linux host but on Windows I use the proc command to monitor a few processes some real and others fake for testing. I have a monitor command stating the following:

monitor -r 15 -o prNames -o prErrMessage "procTable" prErrorFlag 0 1

However, when I start the Net-SNMP agent with the Windows SNMP agent running using a different port than the Net-SNMP agent and perform a snmpwalk of these OIDs I see:

C:\Users\Administrator>snmpwalk -v1 -c public localhost .1.3.6.1.4.1.2021.2.1

UCD-SNMP-MIB::prIndex.1 = INTEGER: 1

UCD-SNMP-MIB::prIndex.2 = INTEGER: 2

UCD-SNMP-MIB::prIndex.3 = INTEGER: 3

UCD-SNMP-MIB::prNames.1 = STRING: notepad.exe

UCD-SNMP-MIB::prNames.2 = STRING: someprocess.exe

UCD-SNMP-MIB::prNames.3 = STRING: wordpad.exe

UCD-SNMP-MIB::prMin.1 = INTEGER: 1

UCD-SNMP-MIB::prMin.2 = INTEGER: 1

UCD-SNMP-MIB::prMin.3 = INTEGER: 1

UCD-SNMP-MIB::prMax.1 = INTEGER: 0

UCD-SNMP-MIB::prMax.2 = INTEGER: 0

UCD-SNMP-MIB::prMax.3 = INTEGER: 0

UCD-SNMP-MIB::prCount.1 = INTEGER: -1

UCD-SNMP-MIB::prCount.2 = INTEGER: -1

UCD-SNMP-MIB::prCount.3 = INTEGER: -1

UCD-SNMP-MIB::prErrorFlag.1 = INTEGER: noError(0)

UCD-SNMP-MIB::prErrorFlag.2 = INTEGER: noError(0)

UCD-SNMP-MIB::prErrorFlag.3 = INTEGER: noError(0)

UCD-SNMP-MIB::prErrMessage.1 = STRING:

UCD-SNMP-MIB::prErrMessage.2 = STRING:

UCD-SNMP-MIB::prErrMessage.3 = STRING:

UCD-SNMP-MIB::prErrFix.1 = INTEGER: noError(0)

UCD-SNMP-MIB::prErrFix.2 = INTEGER: noError(0)

UCD-SNMP-MIB::prErrFix.3 = INTEGER: noError(0)

UCD-SNMP-MIB::prErrFixCmd.1 = STRING:

UCD-SNMP-MIB::prErrFixCmd.2 = STRING:

UCD-SNMP-MIB::prErrFixCmd.3 = STRING:

In which case, both prCount is indicating an ambiguous Integer value of -1 for these processes and prErrorFlag is indicating Integer 0 for no Error when these processes are not running. I know I can access the Windows Host Resources MIB since I can access the hrSWRunTable MIB Object and return all information in the Task Manager list of processes. Has anyone else experienced this issue? Does the “proc” command not work correctly on Windows?

CJ

[Bart Van Assche]

On 02/20/13 19:16, Chester...@gdc4s.com wrote:
> In which case, both prCount is indicating an ambiguous Integer value of
> -1 for these processes and prErrorFlag is indicating Integer 0 for no
> Error when these processes are not running. I know I can access the
> Windows Host Resources MIB since I can access the hrSWRunTable MIB
> Object and return all information in the Task Manager list of processes.
> Has anyone else experienced this issue? Does the “proc” command not work
> correctly on Windows?

Are you familiar with winExtDLL ?

Bart.


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Net-snmp-users mailing list
Net-snm...@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

[Chester...@gdc4s.com]

My plan wasn't to run Net-SNMP as a replacement to the Windows SNMP
service. Is this the only way anyone knows of to get Net-SNMP to return
proper information from the "proc" command? Shouldn't it also work
co-existing with Windows SNMP?

[Bart Van Assche]

On 02/20/13 19:57, Chester...@gdc4s.com wrote:
> My plan wasn't to run Net-SNMP as a replacement to the Windows SNMP
> service. Is this the only way anyone knows of to get Net-SNMP to return
> proper information from the "proc" command? Shouldn't it also work
> co-existing with Windows SNMP?

The goal of the Net-SNMP winExtDLL extension is to allow Net-SNMP to
replace the Windows SNMP agent entirely. That extension makes Net-SNMP
load and use the extension agents written for the Windows SNMP agent.
These extension agents contain all the useful functionality of the
Windows SNMP agent. However, you will have to download the latest
Net-SNMP version from the git repository in order to have the latest
fixes for the 64-bit build of Net-SNMP.

[Chester...@gdc4s.com]

Ok, I've installed the Net-SNMP 5.5 64-bit version onto the Windows 2008
R2 machine. However, when I try running Net-SNMP with debug turned on
for winExtDLL I receive the following:
C:\Users\Administrator>snmpd.exe
-I-udp,udpTable,tcp,tcpTable,icmp,ip,interfaces,system_mib,sysORTable
-DwinExtDLL
No log handling enabled - turning on stderr logging
registered debug token winExtDLL, 1
init_winExtDLL started.
winExtDLL: read_extension_dlls_from_registry called
registry key SOFTWARE\Microsoft\Wow64ProxyAgent\CurrentVersion: DLL
C:\Windows\System32\wow64mib.dll.
registry key SOFTWARE\Microsoft\SNMP_EVENTS\CurrentVersion: DLL
C:\Windows\System32\evntagnt.dll.
registry key SOFTWARE\Microsoft\SNMPMIB\CurrentVersion: DLL
C:\Windows\System32\snmpmib.dll.
registry key SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion: DLL
C:\Windows\System32\inetmib1.dll.
registry key SOFTWARE\Microsoft\HostMIB\CurrentVersion: DLL
C:\Windows\System32\hostmib.dll.
registry key SOFTWARE\Microsoft\LANManagerMIB2Agent\CurrentVersion: DLL
C:\Windows\System32\lmmib2.dll.
init_winExtDLL: found 6 extension DLLs in the registry.
loading DLL C:\Windows\System32\wow64mib.dll.
init_winExtDLL: initialization of DLL C:\Windows\System32\wow64mib.dll
failed.
loading DLL C:\Windows\System32\evntagnt.dll.
loading DLL C:\Windows\System32\snmpmib.dll.
loading DLL C:\Windows\System32\inetmib1.dll.
loading DLL C:\Windows\System32\hostmib.dll.
loading DLL C:\Windows\System32\lmmib2.dll.
registering handler for DLL C:\Windows\System32\evntagnt.dll and OID
prefix .2.0.
duplicate registration (mibII/snmp,
C:\Windows\System32\snmpmib.dll)handler registration failed.
registering handler for DLL C:\Windows\System32\inetmib1.dll and OID
prefix .1.3.6.1.2.1.1.
registering handler for DLL C:\Windows\System32\inetmib1.dll and OID
prefix .1.3.6.1.2.1.2.
registering handler for DLL C:\Windows\System32\inetmib1.dll and OID
prefix .1.3.6.1.2.1.4.
registering handler for DLL C:\Windows\System32\inetmib1.dll and OID
prefix .1.3.6.1.2.1.5.
registering handler for DLL C:\Windows\System32\inetmib1.dll and OID
prefix .1.3.6.1.2.1.6.
registering handler for DLL C:\Windows\System32\inetmib1.dll and OID
prefix .1.3.6.1.2.1.7.
registering handler for DLL C:\Windows\System32\inetmib1.dll and OID
prefix .1.3.6.1.2.1.31.1.
registering handler for DLL C:\Windows\System32\inetmib1.dll and OID
prefix .1.3.6.1.2.1.55.1.
registering handler for DLL C:\Windows\System32\hostmib.dll and OID
prefix .1.3.6.1.2.1.25.
registering handler for DLL C:\Windows\System32\lmmib2.dll and OID
prefix .1.3.6.1.4.1.77.1.
init_winExtDLL: registered 12 OID ranges.
init_winExtDLL finished.
Warning: no access control information configured.
It's unlikely this agent can serve any useful purpose in this state.
Run "snmpconf -g basic_setup" to help you configure the snmpd.conf
file for this agent.
NET-SNMP version 5.5

In which case running Process Explorer does not return any processes
utilizing snmpmib.dll or wow64mib.dll files. Windows SNMP service is
installed not running and Disabled. Whats wrong?

-----Original Message-----
From: Bart Van Assche [mailto:bvana...@acm.org]
Sent: Wednesday, February 20, 2013 12:06 PM
To: Bolton, Chester-P63175
Cc: net-snm...@lists.sourceforge.net
Subject: Re: Process Monitoring on Windows

[Bart Van Assche]

On 02/21/13 18:41, Chester...@gdc4s.com wrote:
> Ok, I've installed the Net-SNMP 5.5 64-bit version onto the Windows 2008
> R2 machine. However, when I try running Net-SNMP with debug turned on

> for winExtDLL I receive the following: [ ... ] Whats wrong?

There are no pre-built Net-SNMP binaries available yet with proper
64-bit winExtDLL support. You will have to obtain the latest version of
the source code from the Net-SNMP git repository and build that source
code yourself following the instructions in README.win32.

[Chester...@gdc4s.com]

Ok..I take it once that is complete then Net-SNMP has no problem
communicating with the Windows Host Resource MIB for process monitoring?
And I can configure Net-SNMP to either Co-exist with the Windows SNMP
agent or completely replace it on a 64-bit OS? Or am I limited to solely
replacing the Windows SNMP agent?

Thanks again for all your help on this.

-----Original Message-----
From: Bart Van Assche [mailto:bvana...@acm.org]
Sent: Friday, February 22, 2013 2:16 AM
To: Bolton, Chester-P63175
Cc: net-snm...@lists.sourceforge.net
Subject: Re: Process Monitoring on Windows

[Bart Van Assche]

On 02/22/13 17:13, Chester...@gdc4s.com wrote:
> Ok..I take it once that is complete then Net-SNMP has no problem
> communicating with the Windows Host Resource MIB for process monitoring?
> And I can configure Net-SNMP to either Co-exist with the Windows SNMP
> agent or completely replace it on a 64-bit OS? Or am I limited to solely
> replacing the Windows SNMP agent?

Walking the host resources MIB with Net-SNMP built as a 64-bit
executable works fine on the 64-bit Windows 7 system I use for Net-SNMP
testing. I haven't tried Windows 2008 R2 yet but feedback is welcome.

Configuring Net-SNMP to co-exist with the Windows SNMP agent is
possible, and using it as a replacement for the Windows SNMP agent is
also possible.

[Wes Hardaker]

<Chester...@gdc4s.com> writes:

> In which case, both prCount is indicating an ambiguous Integer value of
> -1 for these processes and prErrorFlag is indicating Integer 0 for no
> Error when these processes are not running. I know I can access the
> Windows Host Resources MIB since I can access the hrSWRunTable MIB
> Object and return all information in the Task Manager list of processes.
> Has anyone else experienced this issue? Does the "proc" command not work
> correctly on Windows?

I *think* it's supposed to work (I don't generally use windows, so...)
Walk the hrSWRunTable and make sure the strings match. Because the proc
table uses the same data lookup routines, so if they don't match then
the proc list won't work.
--
Wes Hardaker
SPARTA, Inc.