Custom monitoring script pattern for process detection¶

This pattern describes a method for monitoring specific Java Virtual Machine (JVM) processes on Windows environments using [[Zabbix]] and PowerShell.^[600-developer__operation-maintenance__zabbix__zabbix-key.md]

Overview¶

The goal of this approach is to verify whether specific Java applications (identified by unique main methods or arguments) are active.^[600-developer__operation-maintenance__zabbix__zabbix-key.md] It involves creating a PowerShell script that scans running Java processes and checking their system properties or command-line arguments for a target string.^[600-developer__operation-maintenance__zabbix__zabbix-key.md]

Detection Logic¶

The core logic relies on iterating through locally running Java processes and inspecting their attributes:

Process Enumeration: The script identifies all running Java processes using Get-Process -Name java.^[600-developer__operation-maintenance__zabbix__zabbix-key.md]
Attribute Inspection: For each process ID (PID), the script retrieves detailed JVM information or system properties.^[600-developer__operation-maintenance__zabbix__zabbix-key.md]
- Using jinfo <PID> allows access to system properties and command-line arguments (e.g., preload.project.path).^[600-developer__operation-maintenance__zabbix__zabbix-key.md]
Pattern Matching: The script checks if the retrieved information contains a specific marker string (e.g., a project path or a specific robot identifier like robot1047).^[600-developer__operation-maintenance__zabbix__zabbix-key.md]
Output: If a match is found, the script outputs a value (typically "1" or "0") to indicate the presence of the process.^[600-developer__operation-maintenance__zabbix__zabbix-key.md]

Alternatively, a simpler method uses jps -lm combined with Select-String to find the main class or arguments directly.^[600-developer__operation-maintenance__zabbix__zabbix-key.md]

Script Example (PowerShell)¶

The following script demonstrates the iterative detection pattern using jinfo to find a specific string passed as an argument:^[600-developer__operation-maintenance__zabbix__zabbix-key.md]

$arr = $args[0]
$mark = 0
Get-Process -Name java | select -expand id | ForEach {
    $queryCondition = jinfo $_
    $isExist = $queryCondition.split(' ') | Select-String -include string $arr -CaseSensitive 
    if ($isExist.length -gt 0) {
        $mark += 1
    }
}
echo $mark

Configuration¶

Zabbix Agent¶

To execute the custom script from the Zabbix server, the Zabbix agent configuration (zabbix_agentd.conf) on the Windows machine must be updated:

UnsafeUserParameters: Must be set to 1 to allow special characters in arguments.^[600-developer__operation-maintenance__zabbix__zabbix-key.md]
UserParameter: Defines the key and the command to execute.^[600-developer__operation-maintenance__zabbix-key.md]

Example configuration:^[600-developer__operation-maintenance__zabbix__zabbix-key.md]

EnableRemoteCommands=1
UnsafeUserParameters=1
UserParameter=mypay.robot[*],C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File C:\Zabbix\robot.ps1 $1 $2 $3 $4 $5 $6 $7 $8 $9

Execution Policy¶

Windows systems may block script execution by default. The execution policy must be set to allow scripts, typically RemoteSigned, via an elevated PowerShell prompt:^[600-developer__operation-maintenance__zabbix__zabbix-key.md]

Set-ExecutionPolicy RemoteSigned

Debugging¶

Zabbix Get: Use the zabbix_get utility on the server to test the key and argument manually before adding it to the template.^[600-developer__operation-maintenance__zabbix__zabbix-key.md]
Timeouts: If the script takes too long to execute, Zabbix may return a ZBX_NOTSUPPORTED: Timeout while executing a shell script error.^[600-developer__operation-maintenance__zabbix__zabbix-key.md] This can be mitigated by increasing the Timeout parameter in the Zabbix agent configuration.^[600-developer__operation-maintenance__zabbix__zabbix-key.md]

[[Zabbix]]
[[UserParameter]]
[[jinfo]]
[[jcmd]]

Sources¶

^[600-developer__operation-maintenance__zabbix__zabbix-key.md]