Monitoring Windows Services for Free
Network analysts cannot simply rely on existing solutions when troubleshooting problems. Get creative and build your own Windows services monitoring tool.
November 30, 2018
A network analyst needs to be inventive, adaptive, creative, and should be able to “get the job done, with whatever you have at hand.”
I’ve seen analysts get spoiled in some work environments where there have a variety of tools at their disposal. I encourage analysts in every field to learn a bit about complementing technologies, like those for the server, Linux, Windows, and PCs.
(Image: Pixabay)
Along those lines, I was working on an issue where we suspected that a Windows service/task was failing. This was a smaller company, so punting the problem to another department wasn’t an option. We reviewed the Windows logs and did not find anything obvious or helpful.
I then suggested that we set up some monitoring that would simply email us when (or if) the failure occurs again.
We started with a Google search, which presented many options, but all were either too limited until you paid, or were a function of a more extensive management system. After about 30 minutes of searching, I suggested we build our own. The network technician was open to learning how I would do it, which is all I ask for when mentoring.
I explained that all we need is a Windows command to display all the running tasks and a free email client. The methodology is simple:
get a list of tasks
check for our task
if the task is not there, send an email.
Let me start by saying that programming, in general, is highly subjective and everyone will have his or her own spin on the same code. But this worked for us. Feel free to share your ideas as well.
The client’s operating system is Windows 8.1, so we used Microsoft’s built-in tasklist command and directed the output to a file using the > operand. The single greater than sign would create or overwrite the file specified. To create a file called mytasklist.txt the command would look like this: tasklist > mytasklist.txt . A double greater than sign >> would append to the file.
Then we check the file using the Microsoft findstr command. If the task is not listed, we send an email. I chose sendEmail.exe from http://caspian.dotconf.net/menu/Software/SendEmail/ since it runs from the command line and was pretty straightforward to use. The resulting batch file was put into the scheduler and executed every 30 minutes.
The accompanying video covers these details in a bit more detail, so check it out.
Here is the Windows batch file I created. You can simply copy and paste the following:
findstr /m "chrome.exe" tasklist.txt
if %errorlevel%==0 (
echo command line is up !
)
findstr /m "chrome.exe" tasklist.txt
if %errorlevel%==1 (
echo command line is down!
sendemail -f [email protected] -t [email protected] -u "Chrome is down" -m "Chrome is down" -s smtp.server.com:587 -xu [email protected] -xp password2010 -a tasklist.txt
)
Hope that helps you with your day-to-day troubleshooting.
See the entire process in this video:
About the Author
You May Also Like