Problem: A Windows computer, especially a Terminal Server (or similar XenApp server) will become slow because some user is running a program that hogs all the CPU or memory. It could even be caused by part of the operating system. It often comes and goes, so you have to be right there to use task manager to see what processes are doing the hogging.
Solution: The first step of the solution is to find out which process(es) are hogging CPU or memory. This script and datasource do just that.
Top-5 is a PowerShell script which is Microsoft’s scripting language built-in to Windows Server.
It can be set up to run every 1 minute or 2. LogicMonitor can do this in a “datasource”.
Top-5 checks CPU or memory usage on local or remote computer. If it's above the specified threshold, it gets the top 5 processes and optionally logs them in the event logs of target computer.
Parameters: <target_computer> <type_of_check> <threshold> <severity_of_log> target_computer: computername of local or remote computer type_of_check: CPU or memory threshold: percent of CPU or percent of memory (without the % sign) severity (optional): error or warning in event log (EventID is 888)
Example: Top-5.exe server1 CPU 95 error --------------------
- server1 is the target computer to check.
- CPU is the thing to check (or Memory)
- 95 is the threshold – meaning don’t bother checking for details on top processes unless the total is above this threshold.
- “error” is optional to create an event in System event log with a severity level of Error. The other option is “warning” severity. The message body will show details of the top 5 processes.
LogicMonitor by default collects the system event log and alerts on severity level of error and above.
The script also sets an ExitCode (aka resultCode) so LogicMonitor can track the % and graph it.
Compatibility: Designed to work on Windows server 2008 and newer. PowerShell 3 is required.
Requirements: You must run this as a user that’s a administrator on both the target computer and the collector computer. Usually this isn’t a problem because the LogicMonitor collector service is set to run with a “service account” that is a domain user with these permissions.
If you haven’t already, make sure Set-ExecutionPolicy unrestricted as you do with most scripts that are not signed.
OUTPUT SHOWING on COMMAND LINE:
Name CPU % ------- -------- cpustres 94 excel 3 svchost 1 wmiprvse 0 explorer 0
Name Memory (MB) ------- ------------- outlook 566 explorer 64 svchost 22 excel 11 myapp 8
The challenge I found in this project is that there are a few utilities, scripts and methods to do this but most showed the output as “CPU time” which means you have to take 2 samples a few seconds apart and subtract and calculate the percent. One utility I found PSLIST.exe by Microsoft SysInternals allowed you to do this but it displays a lot more information than I needed, it didn’t have a threshold capability, nor the write to event log capability, and for some reason, it wouldn’t exit automatically as documented when I used the /s parameter.