DX NetOps

Hi Team,

Scenarion : My antivirus process (xyz process) uses more the 90% of the cpu utilization during full scan window on weekend. The utilization goes up and down.

I am asked to setup a scenario where if the cpu utilization alert comes because of the xyz process then either the alert should be suppressed or the message should be enrich with the process name to understand the root cause of alert.

I am trying to setting up xyz process under monitoring but i need some suggestion in the configuration to complete this task.

Kindly suggest.

Thanks & Regards,

IK

I am not seeing how to accomplish this using the standard host resources mib. The only thing I can think of is to try an agent like the SysEdge agent.

Try using the latest version of 'cdm' probe and configure the messages 'CpuErrorProcesses' and 'CpuWarningProcesses'

This will give you and alert for Average cpu utilisation threshold breach along with Top processes consuming the cpu.

cdm IM Configuration - CA Unified Infrastructure Management Probes - CA Technologies Documentation 

Refer Top CPU consuming processes in alarm

You may then need an LUA script to parse for the antivirus process in your new message so it can be ignored on the NAS as a Automatic Operator (AO).

Hi Johnny,

Thanks for suggestion, can you please help me with the script also?

Regards,
Imran

Hi Sinab,

Thanks for suggestion. I will try this option and get back to you.

Regards,
Imran

Hi Sinab,

I have configured those parameters however i want to do the configuration in a way to capture the process name in the alert which is utilizing the cpu.

Without the process name such alerting configuration is useless for me. For only cpu utilization we can use CDM probe.

Any suggestion will be highly appreciated.

Imran,

If you are using the new version of CDM probe and if you have configured the CDM probe as described above using the 'CpuErrorProcesses' and 'CpuWarningProcesses' messages for CPU, you should be able to see the top N process which are utilising the CPU in the alarm message as you are expecting to see 

Unfortunately there is no process name showing in the alert. Any suggestions?

Regards,

Imran

Here is a screen shot to help you with the exact config to look for 

Thanks Abhishek, Phani, Kathryn for your suggestions.

It is done now.

Regards,

Imran Khan

Imran -

From the cdm probe Release Notes:

The CpuErrorProcesses and CpuWarningProcesses messages are available only on fresh installation of the probe version 5.6. If you upgrade the probe from previous versions to 5.6, you must drag and drop these messages from the Message Pool list under the Setup > Message definitions tab.

If you are missing the processes from the alarm, then you need to change the messages configured to be raised for your CPU Error and Warning alarms.  You must also make sure that you are using version 5.60 or higher of the cdm probe.

Hi All,

I am able to capture the process details in the alert but there are many alerts for the same time with different process name.

By default it was 5 samples.

Alert 1 : Average (2 samples) total cpu is now 92.61%, which is above the error threshold (90%).Top Processes [svchost.exe[824]-(4.00%)];[ntevl.exe[3212]-(3.92%)]
Alert 2 : Average (2 samples) total cpu is now 92.61%, which is above the error threshold (90%).Top Processes [mcshield.exe[1944]-(72.92%)];[svchost.exe[824]-(4.00%)];[ntevl.exe[3212]-(3.92%)];[SCAN64.EXE[4668]-(3.42%)];[MonitoringHost.exe[3340]-(1.25%)]

I don't understand why i recieved two alerts from same server for same probe. Why all the processes name are not mentioned in the one alert?

Now I am looking for one of the below options.

1) Is there any way to generate alert (condition = If one particular process utilize the CPU?)

OR

2) Is there any way to generate only one alert for all the top processes.

Any suggestions?

Regards,

Imran Khan

Hi Imran,

Not really sure why its generating 2 different alerts for you , this is bit weird . May be something got messed up with the config file. If its acceptable just remove the cdm probe and install the new version from scratch. CDM is pretty straight forward and should not be causing such issues 

It should generate only one alert with the number of process you mention in the configuration - this should answer your second question

To answer your first question - This can also be achieved if you set the Top CPU consuming process value to 1 in CDM.

Alternatively you can try the "Process probe" to pickup one process which is eating up the CPU beyond a threshold level . This can be achieved by creating a profile to monitor all the process instead of a specific process in the "Process Probe"

When creating the profile , in the "Process Name" field just give a wildcard (*) character instead of a process name so that it looks for all the process instead of one specific process and in the same screen make sure you select the "Outside CPU Range".  In case you want to monitor memory consumption instead (or in addition) click on the "Outside Memory Usage Range" checkbox as well

Next select the "Process Usage" tab in the profile and select "Publish Alarms" check boxes. Below that you see the Min avg CPU and Max average CPU fields - set the values to 0 and 70 (or what ever is the threshold you want to set)

Save the config.

the next time if any of the process exceeds the threshold level, it would be picked up and send as an alarm.

Hope this helps