Another interesting one, what I wanted was to track what scripts are executed by Operations Manager Agent on my box, apparently this would help in fine tuning some of the rules/monitors which were configured to run very frequently, apparently in MOM 2005 we had this ScriptDebugging option which log all script activity in the AgentResponse.log. So I had to find answers for the below questions
1. What script is running on the agent ?
2. How frequently does it run ?
3. For how long does the script run ?
4. Started with what parameters ?
So the answer lied in a utility which we all have been using for quite some time now, PROCMON
We can use the Process Monitor to know which script is being fired and continue investigation.
We start by setting up a filter
Start the Procmon
Set a filter
1. "Process Name" is Cscript.exe
2. "Operation" is "Process Start"
3. Then right click on the columns where it says
Sequence | Time | Process Name ...
choose select Column
4. Choose CommandLine and ParentPID
5. Now you would see all the cscript.exe process along with CommandLine and Time they were started.
6. To differentiate between Opsmgr and Other Cscript Process, check the process ID of MonitoringHost.exe and compare with the Parent PID
7. For little more advanced debugging you can also include additional filter
"Operation" is "Process Exit"
This will give Information about resources used by the thread.
Jeevan Bisht | Support Escalation Engineer
P.S. OpsMgr 2007 also used Powershell scripts,you would have to change the filter to capture those.