OIS - Ad-Hoc Process Monitor with PowerShell

  • Article

Another “tip/trick” for you today.

Have you ever needed to quickly monitor a running Process to see when it ends? Maybe you do not yet have a Monitoring tool, but you have OIS? Even if you do have a Monitoring tool, the following may be a quick and easy way to create and run an Ad-Hoc Process Monitor with PowerShell and OIS.

The best part is, this same logic can be used to get or monitor any bit of information from the OS, just change up the PowerShell script and decision logic and you are all set.

SCENARIO:

You have long running processes and you want to know when they are no longer running. In this example, the long running processes are OIS policies (Process = PolicyModule.exe *32) where you have not configured in-policy notifications. You just want to throw something together that will notify you when these processes have ended.

USAGE:

I recently created and used this solution in a real-world scenario. I had a long running OIS policy where I did not include notifications, and since it was running, I didn’t want to stop it to make the necessary modifications to add notifications. I also didn’t want to sit around and wait for it to end, so I quickly created an OIS policy (just like the one in the following example solution) to monitor the PID of the PolicyModule.exe *32 process of the long running policy.

SOLUTION:

Create a policy that will monitor the status of processes (by PID) and report when they have ended.

Step 1: Choose the Process (by PID) that you would like to monitor

image
For any running policy, you can open the running Log information and inspect the Object Process ID. This will be the PID you can look for in the Task Manager.

image
If you wanted to query the OIS datastore for this same information you could do so with the following query:

SELECT
pin.[ProcessID]
FROM
POLICYINSTANCES pin
JOIN
POLICIES p
ON pin.[PolicyID] = p.[UniqueID]
AND p.[Name] = 'Test 1'
AND pin.[TimeEnded] IS NULL

DISCLAIMER: The above script is currently compatible with OIS 5.4 AND above. The commands within this script have been coded directly against the existing OIS database schema created for OIS 5.4 AND above. If the schema changes in a future version of OIS, this script will need to be updated to accommodate. It is not supported and you should use it at your own risk. The SQL does a simple SELECT query of your existing Policy and Policy Instance data. It does not delete or modify your OIS data in any way.

image
You can confirm the PID, once you have the information from OIS or the OIS datastore.  

 

Step 2: Get Process Status (using PowerShell and the “Run .Net Script” object)

PowerShell Script:

$oisPIDLookup = 3032
$oisPID = get-process | where {$_.id -eq $oisPIDLookup} | Select-Object -ExpandProperty ID
if($oisPID){$running = 1}
else {$running = 0}
$running
$oisPIDLookup

“Run .Net Script” object configuration:

image

image

“Run .Net Script” object execution results:

image

 

Step 3: Configure the “Run .Net Script” object to Loop (creating the Monitor).

image
To see this configuration dialog, simply right-click on the object and choose “Looping…”.

image
This configuration will allow the object to loop until Process Running = 0 (until the process being monitored ends).

image
Adding another Exit criteria like “Loop: Number of attempts” from the “Show common Published Data” selection option will ensure that the object does not run indefinitely. You can control the duration of the Loop (with number of attempts or total duration).

image
This configuration will allow the object to loop until Process Running = 0 OR until 100 loops have been attempted (in this example: 60 seconds per loop x 100 loops = 6000 seconds of loop time).

image
Once you complete the “Looping…” configuration, you will see that the object looks like above image.

 

Step 4: Configure the rest of the policy (add “Custom Start” and “Send Email” objects, update “Run .Net Script” object)

image

image
This is the “Custom Start” object configuration.

image
This is the “Run .Net Script” object configuration.

image
This is the “Send Email” object configuration.

 

Step 5: Rename objects (optional)

image

 

Step 6: Run the policy

image
The resulting policy logs from the monitoring of the above example process. There were three loops of the “Monitor Process” object before the example process ended and a notification was sent.

image
The resulting email once the process in the above example ended.

 

WHY NOT USE THE AVAILABLE FOUNDATION OBJECTS?

Neither of these objects (“Get Process Status” / “Monitor Process” provide a way to get specific PID information about the processes you are trying to monitor. During configuration of these objects, you are presented with a Processes chooser, but selection is by name:

image

It is impossible to figure out the PID from this interface, especially if you have multiple processes with the same name to choose from. The above method gives you the opportunity to enter and monitor any PID for any process on the fly.

I know this will not be widely used, but I hope it was useful. If nothing else you can see the possibilities of setting up object-level looping based on specific decision criteria. As you have seen, with objects like the “Run .Net Script” object, your configuration options are limitless.

For more information on the “Run .Net Script” object, refer to the following:

enJOY!