DX Unified Infrastructure Management

HI guys. Someone already set the zombie process momitoring via CA UIM ?

Thank you.

Clecimar

Depending on the particular circumstances, you could run a script using the nexec probe, to find and kill the zombie processes.

Via the web, you can find some commands/ideas you can use to help develop a script to remove the entries. Here are two links but there are others.

https://www.servernoobs.com/how-to-find-and-kill-all-zombie-processes/

bash - Zombie process (kill both child and parent process) - Ask Ubuntu 

Steve

Hi Steve.

Let me know if I get: you saying I should create a script to find a zombie process and use nexec probe to run it on each server where I wish to monitor, right ?

But, I´m not figured out how to rise an alarm for this. Do you have some idea ?

Thank you.

Clecimar

You can also use logmon or the nas to run a script but what exactly do you want to do, monitor for zombie processes and remove the entries? Or just monitor and report? Are you receiving some alarm that indicated a zombie process? If so, you could use that alarm to kick off the script. Or you could run the script based on an interval/schedule.

Hi Stephen,

We have processes on a certain App that just stall and sit there until someone discovers it. Not all servers, just a specific App. How do you set up   logmon to detect this occurrence?

Hi @Clecimar Fernandes did Steve answer your question? 

I would recommend using logmon for this purpose.

Unhappily, the processes probe does not pick up the fact that a process is a zombie other than that there is no CPU usage any more (which makes sense because the process actually exited). 

There does not seem to be a way to configure the probe to look for a CPU-usage of "null" so to speak hence the processes probe is not the right way.

For me, setting up a logmon profile that just ran "/bin/ps aux" with one watcher looking for "defunct" did the trick.

I do get alarms for every zombie process that exists. Unhappily, the alarms don't clear afterwards.

The best solution I came up with was to "extract" the PID from the log message and use it as the suppression key for the alarm. That way, alarms are properly deduplicated.

I then set up an AO profile in nas to auto-close alarms those alarms after 10 minutes. With a logmon interval set to 5 minutes, the alarms effectively auto-close when the zombies have disappeared for at least 5 minutes. 

I read your above solution but still being new at this, I am confused.  When using the logmon probe what log are you monitoring to see this? Also the /bin/ps aux  sounds like a unix command , is there a similiar solution for Windows?  The problem we are having is on windows 2012 servers.