Use this Knowledge Script to detect runaway processes on the specified computer by repeatedly sampling CPU usage for processes. This script raises an event if a process exceeds the CPU usage threshold in the number of consecutive samples taken (one at each interval).
For example, if this script detects that the process cmd has exceeded the CPU usage threshold for five consecutive monitoring periods, it might indicate that the process is trapped in an infinite loop or has encountered other problems. In addition to raising an event to notify you of the problem, you can stop any detected runaway processes. The detail message shows the list of processes being sampled.
Windows 2003 Server or later
The default schedule for this script is Every 30 minutes.
Set the following parameters as needed:
|
Description |
How to Set It |
|---|---|
|
Raise event? |
Set to y to raise an event if a process exceeds the CPU usage threshold in the number of consecutive samples taken (one at each interval). The default is y. |
|
Collect data? |
Set to y to collect data for charts and reports. When enabled, data collection returns the CPU usage for runaway processes. The default is n. |
|
Maximum CPU usage threshold for runaway processes |
Specify the maximum percentage of CPU time any process can be using when sampled before an event is raised. The default is 90%. |
|
Number of consecutive samples |
Specify the number of consecutive samples to take before raising an event. The default is 3. |
|
Number of runaway processes |
Specify the number of processes to display in a detail event or data message. Type 0 for all processes. The default is 5. |
|
Ignore these processes (comma separated, without spaces) |
Specify the names of any processes to exclude from sampling. Separate the names with commas (,) and no space. The default is SQLSERVR. |
|
Never kill these processes (comma separated, without spaces) |
Specify the names of any processes that should never be stopped. Separate the names with commas (,) and no spaces. The default is EXPLORER,NetIQmc,NetIQccm,NetIQms,SERVICES,LSASS,WINLOGON,svchost. If you stop these processes, your computer restarts. |
|
Kill runaway process when detected? |
Set to y to automatically stop a process. AppManager does not stop any process you specify in the Never kill these processes parameter. The default is n. |
|
Event severity level for runaway processes detected |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which a runaway process is detected. The default is 5 (red event indicator). |
|
Event severity level for killed runaway process |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which a runaway process is stopped. The default is 10 (red event indicator). |
|
Event severity level for failed to kill runaway process |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which a runaway process cannot be stopped. The default is 10 (red event indicator). |