How to configure SystemEDGE to identify and monitor one process if there are many processes with the same name

Document ID : KB000029520
Last Modified Date : 14/02/2018
Show Technical Document Details

Root Cause:
When a system has more than one process with the same name, SystemEDGE will set a process monitor to an (NOT READY) inactive status. The monitor is set to inactive because the process monitor can monitor one process and cannot identify the process it is configured it to monitor. The process group monitor is using to monitor more than one process.

Below contains the steps necessary to identify and configure the agent to monitor the process.
*Note: The below notes assumes you have prior experience using regular expressions. By default the agent uses BRE (Basic Regular Expression). To utilize PCRE (PERL Compliant Regular Expressions) with extended regular expression support, enable PCRE in the policy as you will see below.  If you do not have prior experience working with regular expressions, please review for documentation. Use online regular expression tester for syntax. 

See Policy -> Control Settings Tab -> Controls -> Miscellaneous to 

 How to enable PCRE in the Policy


1) First, find a unique string in the process argument that will help systemEDGE identify the process. For the below example, I enabled the Command Line column in Task Manager to get the process argument and chose "-Dactivemq"

Task Manager with Command Line Column selected

2) Create a Process monitor with the below options and select Match process name and arguments in the Option Settings tab.
(This setting instructs the agent to look at the process argument to identify the specific java process you want to monitor)

     Process/Service Name: -Dactivemq

Create Process Monitor w/ Match process name selected


The monitor directive will look like the below if it is manually configured without using the VAIM UI


watch process procAlive -Dactivemq 11 0x800 60 absolute >= 0 '' '' processEntry -Dactivemq processAlive none

3) Save then deploy the policy. You should notice the monitor Status change to ActiveSystemEDGE agent monitors java process

Solution did not fix the problem:
If the monitor directive does not turn Active, please test the regular expression matches the process argument and it is unique to the process. Use an online regular expression tester to validate the string.

If the regular expression is valid, then please open a support ticket and attach the below to further investigate:
1) A zip of the port1691/port161 folder

2) The process name and argument that is not being monitored

3) Screenshot of Sting matching process argument.