OpsMgr 2007: How to identify what scripts are running on the agents, including frequency and parameters

Here's another interesting one for you.  What I wanted was a way to track what scripts are executed by the Operations Manager Agent on a box as this would help in fine tuning some of the rules/monitors which were configured to run very frequently.  In MOM 2005 we had a ScriptDebugging option which logged all script activity in the AgentResponse.log, so I had to find answers for the below questions

1. What script is running on the agent?
2. How frequently does it run?
3. For how long does the script run?
4. Started with what parameters?
5. What is the script exit code?

The answer lied in a utility which we all have been using for quite some time now: Process Monitor

We can use Process Monitor to know which script is being fired and continue investigation.

We start by setting up a filter:

Start ProcMon

Set a filter

1. Select "Process Name" is "Cscript.exe" and click Add:

2. "Operation" is "Process Start":

3. Then right click on the columns where it says

Sequence | Time | Process Name ...

choose select Column

4. Choose CommandLine and ParentPID

Click OK

5. Now you will see all of the cscript.exe processes along with the command line and the time they were started:

6. To differentiate between Opsmgr and other Cscript Process, check the process ID of MonitoringHost.exe and compare with the Parent PID.

7. For little more advanced debugging you can also include this additional filter:

"Operation" is "Process Exit" 

This will give us some Information on resources used by the thread/script.  OpsMgr 2007 also uses PowerShell scripts and by modifying the filter above you can use the same basic process to capture those as well.

Jeevan Bisht | Support Escalation Engineer