On Tue, Mar 18, 2003 at 01:11:15PM -0500, Winters, Jason wrote: > I'm trying to setup Mon to monitor NT services running on Windows 2000 > boxes. Unfortunately, I have little experience with Mon or with network > management/monitoring. Has anyone found a way to monitor NT services > reliably? I've considered using SNMP; however, I haven't found any way to > use SNMP to check the status of a running service. I've considered using > SNMP traps; however, this doesn't seem terribly reliable since the UDP > packet could never make it to the server running Mon. Using traps tells me > something bad happened but it doesn't give me the sense of security that > actually checking the services periodically would give me.
I use Mon for all our NT monitoring. To get the host MIB to work on win2k you need the printer service running when snmp starts, you can shut printing off again after that (our NT guy uses some kind of task sheduler to stop printing 10 minutes after boot - this solves the problem). When I walk the tree on a win2k box I get all the running services: host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1 = "System Idle Process" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.8 = "System" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.168 = "SMSS.EXE" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.192 = "WINLOGON.EXE" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.196 = "CSRSS.EXE" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.248 = "SERVICES.EXE" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.260 = "LSASS.EXE" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.372 = "termsrv.exe" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.472 = "svchost.exe" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.500 = "spoolsv.exe" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.568 = "msdtc.exe" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.716 = "svchost.exe" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.736 = "LLSSRV.EXE" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.784 = "regsvc.exe" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.812 = "mstask.exe" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.836 = "DLLHOST.EXE" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.896 = "SNMP.EXE" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.996 = "tlntsvr.exe" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1036 = "WinMgmt.exe" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1060 = "svchost.exe" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1476 = "svchost.exe" host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.20668 = "inetinfo.exe" ...seems you could pretty easily write a monitor to look for a specific process. -- Nate Campi http://www.campin.net _______________________________________________ mon mailing list [EMAIL PROTECTED] http://linux.kernel.org/mailman/listinfo/mon
