[Xymon] Windows server loads reported high by PowerShell client

Colin Coe colin.coe at gmail.com
Thu Apr 23 06:05:54 CEST 2015


Hi Martin

Many thanks, you're right.  Wrong syntax...

On a related note, I see in the PS client a [netstat] test but this
test has gone purple on th server I've changed from BBwin.

Have you seen this?

Thanks

CC

On Thu, Apr 23, 2015 at 11:54 AM,  <martin.wojak at delwp.vic.gov.au> wrote:
> Hi Colin,
>
> Yes, I had the same problem.  I believe the issue is related to the
> PowerShell client not using the CLASS=Win32 in analysis.cfg.   I think a
> recent update to the PS client has addressed that issue, but I haven't look
> into it yet.
>
> Hence I just state the LOAD 80 90 in each PS client server in analysis.cfg.
> Eg.
>
> HOST=PRDxxxx01
>         LOAD 80 90
>
>
>
>
> From:        Colin Coe <colin.coe at gmail.com>
> To:        "xymon at xymon.com" <xymon at xymon.com>,
> Date:        23/04/2015 01:42 PM
> Subject:        [Xymon] Windows server loads reported high by PowerShell
> client
> Sent by:        "Xymon" <xymon-bounces at xymon.com>
> ________________________________
>
>
>
> Hi all
>
> I'm testing the new PowerShell client.
>
> I'm seeing Windows nodes with loads of above 5% being reported as high
> use such as the below.
>
> ---
> Thu 23 Apr 11:32:18 2015 up: 0 days, 1 users, 63 procs, load=6.2%
>
> Load is HIGH
>
> CPU states:
> total 6.2%
> cores: 1
>
> CPU     PID   Image Name                      Pri  Time     MemUsage
> 2.3%    1676  SVC:MSSQL$MICROSOFT##WID        8    00:04:17 101200k
> 0.8%    796   SVC:Appinfo/BITS/CertPropSvc/D  8    00:01:13 44244k
> 0.7%    748   SVC:Dhcp/EventLog/lmhosts/Wcms  8    00:00:51 16184k
> 0.6%    2176  WmiPrvSE                        8    00:00:24 32676k
> 0.6%    1648  powershell                      8    00:01:07 86344k
> 0.3%    1540  WmiPrvSE                        8    00:00:24 23288k
> 0.2%    1768  SVC:RHEV-Agent                  8    00:00:34 21496k
> 0.2%    1088  RMClient                        8    00:00:29 191220k
> 0.2%    3792  ServerManager                   8    00:00:13 106148k
> 0.1%    2952  WmiPrvSE                        8    00:00:10 8656k
> 0.1%    504   services                        9    00:00:07 7640k
> 0.0%    4     System                          8    00:00:09 264k
> 0.0%    3116  SVC:gupdate                     8    00:00:00 9412k
> 0.0%    2812  WmiPrvSE                        8    00:00:00 10208k
> 0.0%    1388  SVC:TermService                 8    00:00:04 65560k
> 0.0%    600   SVC:RpcEptMapper/RpcSs          8    00:00:01 6800k
> 0.0%    3560  WmiPrvSE                        8    00:00:00 5196k
> 0.0%    512   SVC:KeyIso/Netlogon/SamSs       9    00:00:04 13348k
> 0.0%    1692  SVC:wmiApSrv                    8    00:00:00 5020k
> 0.0%    1628  conhost                         8    00:00:00 2720k
> 0.0%    2072  SVC:RDMS/TScPubRPC              8    00:00:00 10748k
> 0.0%    3308  SVC:RPCHTTPLBS                  8    00:00:00 3024k
> 0.0%    552   SVC:BFE/DPS/MpsSvc              8    00:00:00 9892k
> 0.0%    3832  GoogleUpdate                    4    00:00:00 2440k
> 0.0%    352   csrss                           13   00:00:01 3732k
> 0.0%    3096  rdpclip                         8    00:00:00 6376k
> 0.0%    4064  GoogleUpdate                    4    00:00:00 8780k
> 0.0%    3720  iashost                         8    00:00:00 11352k
> 0.0%    3776  SVC:TSGateway                   8    00:00:00 13508k
> 0.0%    2092  SVC:Tssdis                      8    00:00:00 11016k
> 0.0%    4068  VCDDaemon                       8    00:00:00 5572k
> 0.0%    2800  dwm                             13   00:00:01 39200k
> 0.0%    2688  SVC:MSDTC                       8    00:00:00 6616k
> 0.0%    3088  taskhostex                      8    00:00:00 6400k
> 0.0%    3292  explorer                        8    00:00:07 89732k
> 0.0%    2324  SVC:COMSysApp                   8    00:00:00 9872k
> 0.0%    3464  ClassicStartMenu                8    00:00:00 8028k
> 0.0%    2432  taskeng                         6    00:00:00 4372k
> 0.0%    2376  SVC:PolicyAgent                 8    00:00:00 4284k
> 0.0%    1820  vdagent                         13   00:00:00 3768k
> 0.0%    712   dwm                             13   00:00:00 29124k
> 0.0%    696   LogonUI                         13   00:00:00 26172k
> 0.0%    724   SVC:vdservice                   10   00:00:00 2712k
> 0.0%    928   SVC:CryptSvc/Dnscache/LanmanWo  8    00:00:00 16628k
> 0.0%    828   SVC:EventSystem/FontCache/netp  8    00:00:00 11656k
> 0.0%    568   SVC:BrokerInfrastructure/DcomL  8    00:00:00 10220k
> 0.0%    208   smss                            11   00:00:00 992k
> 0.0%    0     Idle                            0             4k
> 0.0%    404   csrss                           13   00:00:00 3272k
> 0.0%    440   winlogon                        13   00:00:00 5268k
> 0.0%    412   wininit                         13   00:00:00 3496k
> 0.0%    1072  SVC:Spooler                     8    00:00:00 10496k
> 0.0%    1440  SVC:WIDWriter                   8    00:00:00 5492k
> 0.0%    1424  SVC:W3SVC/WAS                   8    00:00:00 8352k
> 0.0%    1576  SVC:XymonPSClient               8    00:00:00 3888k
> 0.0%    1736  winlogon                        13   00:00:00 5196k
> 0.0%    1732  csrss                           13   00:00:00 19372k
> 0.0%    1368  SVC:ScDeviceEnum/SysMain/TrkWk  8    00:00:04 11180k
> 0.0%    1124  SVC:IISADMIN                    8    00:00:00 15408k
> 0.0%    1100  SVC:AppHostSvc                  8    00:00:00 7252k
> 0.0%    1164  SVC:KPSSVC                      8    00:00:00 3020k
> 0.0%    1280  SVC:QEMU-GA                     8    00:00:00 5060k
> 0.0%    1208  SVC:QEMU Guest Agent VSS Provi  8    00:00:00 5292k
> ---
>
> I've got the following in /etc/xymon/analysis.cfg
> ---
> CLASS=powershell
>    LOAD=80 90
> ---
>
> and in /etc/xymon/client-local.cfg
> ---
> [powershell]
> eventlog:security
> ignore success
> ignore Success
> ignore "The local computer may not have the necessary registry
> information or message DLL files to display messages from a remote
> computer"
> eventlog:system
> ignore "Contact the administrator to install the driver before you log in
> again"
> adreplicationcheck
> terminalservicessessions:10:15
> ---
>
> Any ideas how I can get the thresholds in the analysis file to be honored?
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>



More information about the Xymon mailing list