I can get a list of processes running on a host, but I don't get a signal when the process stops. Do I need to set something up to track number of records over a given time? Is there an easier way?
Hi @derek.olds ,
I think what you want may be achieved using Osquery, in particular with the processes table. Filebeat has an osquery module that would allow to collect log results.
You could then use Kibana Alerting to react based on number of running processes.
1 Like
Hi @derek.olds Welcome to the community.
In addition to @Edoardo_Tenani excellent suggestion based on the new OSQuery capabilities. (I need to learn more about this too!)
You could also use Metricbeat System Module Process metricset ...
Collect on the processes you are interested in and then use the Kibana Alerting framework with a metric threshold alert.
Thanks for the responses. I will look into those solutions and see what I come up with.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.