PRTG Manual: Windows Process Sensor

The Windows Process sensor monitors a Windows process via Windows Management Instrumentation (WMI) or Windows performance counters, as configured in the Windows Compatibility Options of the parent device.

Windows Process Sensor

Windows Process Sensor

i_square_cyanFor a detailed list and descriptions of the channels that this sensor can show, see section Channel List.

Sensor in Other Languages

  • Dutch: Windows Proces
  • French: Windows processus
  • German: Windows Prozess
  • Japanese: Windows プロセス
  • Portuguese: Processo Windows
  • Russian: Процесс Windows
  • Simplified Chinese: Windows 进程
  • Spanish: Proceso Windows

Remarks

Consider the following remarks and requirements for this sensor:

Remark

Description

Performance impact
  • This sensor has a high performance impact. We recommend that you use no more than 200 of this sensor on each probe.

Windows version
  • This sensor requires at least Windows Server 2008 R2 on the probe system (on every cluster node, if on a cluster probe).

i_round_redWoW64 must be installed on target systems that run Windows Server 2016. This allows 32-bit applications to be run on 64-bit systems. This is necessary because the PRTG probe service only runs with 32-bit support. Without it, WMI sensors do not work.

Remote Registry Windows service
  • This sensor requires that the Remote Registry Windows service runs on the target system.
  • If this service does not run, a connection via performance counters is not possible. However, WMI connections might still work.
  • To enable the service, log in to the respective system and open the services manager (for example, via services.msc). In the list, find the respective service and set its Start Type to Automatic.

WoW64
  • This sensor requires WoW64 (Windows 32-bit on Windows 64-bit) for target systems that run Windows Server 2016.

Credentials
  • This sensor requires credentials for Windows systems.
  • We recommend that you use Windows domain credentials.

i_round_redIf you use local credentials, make sure that the same Windows user accounts (with the same user name and password) exist on both the probe system and the target system.

  • Otherwise, a connection via performance counters is not possible. However, WMI connections might still work.

Performance counters
  • The sensor cannot show values above 4 GB for 64-bit processes if you use performance counters.

IPv6
  • This sensor supports IPv6.

Hosted probe

i_podYou cannot add this sensor to the hosted probe of a PRTG Hosted Monitor instance. If you want to use this sensor, add it to a remote probe device.

Hybrid Approach: Performance Counters and WMI

i_round_blueBy default, this sensor uses WMI to request monitoring data. You can change the default behavior to a hybrid approach in the Windows Compatibility Options of the parent device's settings on which you create this sensor: if you choose this option, the sensor first tries to query data via Windows performance counters and uses WMI as a fallback if performance counters are not available. When running in fallback mode, the sensor tries to connect via performance counters again after 24 hours.

i_round_redSensors that use the WMI protocol have a high impact on the system performance. Try to stay below 200 WMI sensors per probe. Above this number, consider using multiple remote probes for load balancing.

i_round_blueFor a general introduction to the technology behind WMI, see section Monitoring via WMI.

Basic Sensor Settings

Basic Sensor Settings

Basic Sensor Settings

The sensor has the following default tags that are automatically predefined in the sensor's settings when you add the sensor:

  • wmiprocesssensor

i_square_cyanFor more information about basic sensor settings, see section Sensor Settings.

Windows Process Monitor

Windows Process Monitor

Windows Process Monitor

Setting

Description

Executable

Enter the name of the process that you want to monitor. Provide the name of an executable file without the .exe extension (for example, enter firefox to monitor firefox.exe).

i_round_blueThe sensor shows the Down status if the process is not active on the target device.

Debug Options

Debug Options

Debug Options

Setting

Description

Result Handling

Define what PRTG does with the sensor result:

  • Discard result (default): Do not store the sensor result.
  • Store result: Store the last sensor result in the \Logs\sensors subfolder of the PRTG data directory on the probe system. The file name is Result of Sensor [ID].Data.txt. This setting is for debugging purposes. PRTG overwrites this file with each scanning interval.

i_round_blueIn a cluster, PRTG stores the result in the PRTG data directory of the master node.

Sensor Display

Sensor Display

Sensor Display

Setting

Description

Primary Channel

Select a channel from the list to define it as the primary channel. In the device tree, PRTG displays the last value of the primary channel below the sensor's name. The available options depend on what channels are available for this sensor.

i_round_blueYou can set a different primary channel later by clicking b_channel_primary below a channel gauge on the sensor's Overview tab.

Graph Type

Define how this sensor shows different channels:

  • Show channels independently (default): Show a graph for each channel.
  • Stack channels on top of each other: Stack channels on top of each other to create a multi-channel graph. This generates a graph that visualizes the different components of your total traffic.
    i_round_redYou cannot use this option in combination with manual Vertical Axis Scaling (available in the channel settings).

Stack Unit

This setting is only visible if you select Stack channels on top of each other above.

Select a unit from the list. PRTG stacks all channels with this unit on top of each other. By default, you cannot exclude single channels from stacking if they use the selected unit. However, there is an advanced procedure to do so.

Inherited Settings

By default, all of these settings are inherited from objects that are higher in the hierarchy. We recommend that you change them centrally in the root group settings if necessary. To change a setting for this object only, click b_inherited_enabled under the corresponding setting name to disable the inheritance and to display its options.

i_square_cyanFor more information, see section Inheritance of Settings.

Channel List

i_round_blueWhich channels the sensor actually shows might depend on the target device, the available components, and the sensor setup.

Channel

Description

CPU Usage (Average per Instance)

The average CPU usage (%) (if multiple instances are running)

i_round_blueFor this value, the summed up CPU usage value is divided by the number of all instances. It shows the average CPU usage of a single instance of the process on one CPU.

CPU Usage (Total)

The total CPU usage (%)

i_round_blueFor this value of a process, all CPU usage values are summed up. The total is divided by the number of all CPUs and the maximum value is 100%. This corresponds to the CPU usage of all instances of this specific process.

Downtime

In the channel table on the Overview tab, this channel never shows any values. PRTG uses this channel in graphs and reports to show the amount of time in which the sensor was in the Down status

Handles

The number of handles

Instances

The number of instances

Private Bytes

The private bytes

Threads

The number of threads

Working Set

The working set

i_round_blueThis channel is the primary channel by default.

More

i_square_blueKNOWLEDGE BASE

What security features does PRTG include?

My Windows sensors do not work when using direct performance counter access. What can I do?