Process monitor

Gadapa_Vasundhara · January 29, 2024, 5:59pm

Hi Team,

I need some help on process monitor
ex: datamonitor.exe process from logstash which plugin i need to use.
wmi plugin is not working.
and more over we are getting the status of process.state as running only.whenever if stops how can i monitor from elk.
please help on this

carly.richmond · January 31, 2024, 9:49am

Hi @Gadapa_Vasundhara,

Welcome! By WMI plugin, which plugin do you mean? Is there are particular error you are seeing in the logs?

Gadapa_Vasundhara · January 31, 2024, 12:13pm

Hi Yes
Logstash stopped processing because of an error: (LoadError) load error: win32ole/win32ole -- java.lang.UnsatisfiedLinkError: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jruby-win32ole-0.8.5/lib/racob-x64.dll:
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jruby-win32ole-0.8.5/lib/racob-x64.dll: invalid ELF header. Am getting this error how to enable process monitor in elk.logstash is stopping automatically if am using wmi plugin

Gadapa_Vasundhara · January 31, 2024, 12:14pm

please help me with the solution

strawgate · January 31, 2024, 4:27pm

I believe the WMI plugin only works with Logstash running on Windows see: Logstash-input-wmi win32ole invalid ELF header · Issue #15 · logstash-plugins/logstash-input-wmi · GitHub

Gadapa_Vasundhara · January 31, 2024, 4:41pm

Ok Thanks @strawgate but how can i monitor from linux server for process from elk

strawgate · January 31, 2024, 8:59pm

You could look at deploying elastic agent or one of the beats like metricbeat into the device that has the process running

Rios · January 31, 2024, 9:25pm

I would say the same, EA or MB, however if you need something specific to monitor you can use a pearl script and run it with the exec input plugin. I'm pretty sure MB will be enough with the system module.

Gadapa_Vasundhara · February 1, 2024, 3:25am

Hi Rios can you send me the pearscript with exec plugin .
From elastic agent we enabled the from system integration process but we are facing whenever the process is stopped in server we are not getting any stopped state and showing as running .Kindly help me on this

Rios · February 1, 2024, 10:22am

I don't have the script, you can write it, or run: ps aux | grep datamonitor.exe

Gadapa_Vasundhara · February 2, 2024, 3:51pm

ok thanks

Gadapa_Vasundhara · February 5, 2024, 9:41am

Can we someone help me one adding condition inside system -> process integration for to get correct state to monitor process of .exe

Gadapa_Vasundhara · February 8, 2024, 3:37pm

From linux server how can we enable this process?

strawgate · February 8, 2024, 3:59pm

For Elastic Agent?

Have you tried including your process in the processes list?

system · March 7, 2024, 4:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.