Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server 2003 - PID’s not recognized - Topbeat #1704

Closed
csuka opened this issue May 23, 2016 · 1 comment
Closed

Server 2003 - PID’s not recognized - Topbeat #1704

csuka opened this issue May 23, 2016 · 1 comment
Assignees
@andrewkroh
Labels
bug Metricbeat Metricbeat Topbeat

Comments

@csuka
Copy link

csuka commented May 23, 2016
edited
Loading

  • Version: TopBeat 1.2.3
  • Operating System: Windows Server 2003
  • Steps to Reproduce: Use the same input as configured in the topbeat.yml file
  • Error: PID's not recognized in Server 2003, therefor nothing is sent to Logstash

Attachment:
topbeatSettingsAndErrorlog.zip

Original thread:
https://discuss.elastic.co/t/server-2003-pids-not-recognized/50450
@andrewkroh
Copy link
Member

The Win32_Process WMI query is supported on Windows Vista and newer. So Topbeat should not attempt the query on those operating systems and just report the other available process metrics. We should also document that proc.cmdline is not supported on XP and 2003.

@andrewkroh andrewkroh self-assigned this Oct 26, 2016
@andrewkroh andrewkroh added the Metricbeat Metricbeat label Oct 26, 2016
andrewkroh added a commit to andrewkroh/gosigar that referenced this issue Oct 27, 2016
@andrewkroh
Update gosigar windows code to use gosigar/sys/windows package
daaef96 
- Fixes elastic#53 (ProcStatus.PPID value is wrong on Windows). The code was incorrectly using `CreateToolhelp32Snapshot` + `Process32First`. This could have been fixed, but it would have required iterating over each process until finding the PPID of process we were interested it. Instead the code has been changed to use `NtQueryInformationProcess` to get the PPID given a process token.
- Fixes elastic#6 (Get the cpu usage per core in Windows). I used `NtQuerySystemInformation` to collect the timing information on a per CPU basis.
- Adds OS version checks to the functions that make certain WMI calls. The `Win32_Process` data is only available on Vista and newer. On XP and Win2003, these methods will return `ErrNotImplemented`. This will help address elastic/beats#1704.
- Implements `Uptime.Get` for Windows.
- Implements `Swap.Get` for Windows based on page file metrics.
- Removes cgo usage for Windows.
andrewkroh added a commit to andrewkroh/gosigar that referenced this issue Oct 27, 2016
@andrewkroh
Update gosigar windows code to use gosigar/sys/windows package
5218e01 
- Fixes elastic#53 (ProcStatus.PPID value is wrong on Windows). The code was incorrectly using `CreateToolhelp32Snapshot` + `Process32First`. This could have been fixed, but it would have required iterating over each process until finding the PPID of process we were interested it. Instead the code has been changed to use `NtQueryInformationProcess` to get the PPID given a process token.
- Fixes elastic#6 (Get the cpu usage per core in Windows). I used `NtQuerySystemInformation` to collect the timing information on a per CPU basis.
- Adds OS version checks to the functions that make certain WMI calls. The `Win32_Process` data is only available on Vista and newer. On XP and Win2003, these methods will return `ErrNotImplemented`. This will help address elastic/beats#1704.
- Implements `Uptime.Get` for Windows.
- Implements `Swap.Get` for Windows based on page file metrics.
- Removes cgo usage for Windows.
- Adds support to `github.com/gosigar/sys/windows` for querying and enabling privileges in a process token. This will help in addressing elastic/beats#1897.
andrewkroh added a commit to andrewkroh/gosigar that referenced this issue Oct 27, 2016
@andrewkroh
Update gosigar windows code to use gosigar/sys/windows package
6838318 
- Fixes elastic#53 (ProcStatus.PPID value is wrong on Windows). The code was incorrectly using `CreateToolhelp32Snapshot` + `Process32First`. This could have been fixed, but it would have required iterating over each process until finding the PPID of process we were interested it. Instead the code has been changed to use `NtQueryInformationProcess` to get the PPID given a process token.
- Fixes elastic#6 (Get the cpu usage per core in Windows). I used `NtQuerySystemInformation` to collect the timing information on a per CPU basis.
- Adds OS version checks to the functions that make certain WMI calls. The `Win32_Process` data is only available on Vista and newer. On XP and Win2003, these methods will return `ErrNotImplemented`. This will help address elastic/beats#1704.
- Implements `Uptime.Get` for Windows.
- Implements `Swap.Get` for Windows based on page file metrics.
- Removes cgo usage for Windows.
- Adds support to `github.com/gosigar/sys/windows` for querying and enabling privileges in a process token. This will help in addressing elastic/beats#1897.
@andrewkroh andrewkroh mentioned this issue Oct 27, 2016
Merged
andrewkroh added a commit to andrewkroh/gosigar that referenced this issue Oct 27, 2016
@andrewkroh
Update gosigar windows code to use gosigar/sys/windows package
5c03d42 
- Fixes elastic#53 (ProcStatus.PPID value is wrong on Windows). The code was incorrectly using `CreateToolhelp32Snapshot` + `Process32First`. This could have been fixed, but it would have required iterating over each process until finding the PPID of process we were interested it. Instead the code has been changed to use `NtQueryInformationProcess` to get the PPID given a process token.
- Fixes elastic#6 (Get the cpu usage per core in Windows). I used `NtQuerySystemInformation` to collect the timing information on a per CPU basis.
- Adds OS version checks to the functions that make certain WMI calls. The `Win32_Process` data is only available on Vista and newer. On XP and Win2003, these methods will return `ErrNotImplemented`. This will help address elastic/beats#1704.
- Implements `Uptime.Get` for Windows.
- Implements `Swap.Get` for Windows based on page file metrics.
- Removes cgo usage for Windows.
- Adds support to `github.com/gosigar/sys/windows` for querying and enabling privileges in a process token. This will help in addressing elastic/beats#1897.
ruflin pushed a commit to elastic/gosigar that referenced this issue Oct 28, 2016
@andrewkroh @ruflin
Update gosigar windows code to use gosigar/sys/windows package (#55)
0ba14c2 
- Fixes #53 (ProcStatus.PPID value is wrong on Windows). The code was incorrectly using `CreateToolhelp32Snapshot` + `Process32First`. This could have been fixed, but it would have required iterating over each process until finding the PPID of process we were interested it. Instead the code has been changed to use `NtQueryInformationProcess` to get the PPID given a process token.
- Fixes #6 (Get the cpu usage per core in Windows). I used `NtQuerySystemInformation` to collect the timing information on a per CPU basis.
- Adds OS version checks to the functions that make certain WMI calls. The `Win32_Process` data is only available on Vista and newer. On XP and Win2003, these methods will return `ErrNotImplemented`. This will help address elastic/beats#1704.
- Implements `Uptime.Get` for Windows.
- Implements `Swap.Get` for Windows based on page file metrics.
- Removes cgo usage for Windows.
- Adds support to `github.com/gosigar/sys/windows` for querying and enabling privileges in a process token. This will help in addressing elastic/beats#1897.
@andrewkroh andrewkroh mentioned this issue Oct 29, 2016
Merged
andrewkroh added a commit to andrewkroh/beats that referenced this issue Oct 31, 2016
@andrewkroh
Metricbeat system module updates for Windows
eb88c2c 
- Added system core metricset for Windows. Per core metrics were implemented
  in elastic/gosigar.
- Added logging of process/system details on Windows to aid in debugging (user,
  arch, cores, sid, privs).
- Fixes elastic#2860 (PPID is zero on Windows).
- Fixes elastic#1704 (Server 2003 - PID’s not recognized). The command line arguments
  for the process will not be reported on XP and 2003.
- Fixes elastic#1897 (OpenProcess access denied on Windows). Added code to enable the
  SeDebugPrivilege when it is available.
- Fixes elastic#2885 (diskio metricset fails on XP and 2003).
- Enabled fsstats by default in Metricbeat config.
ruflin pushed a commit that referenced this issue Oct 31, 2016
@andrewkroh @ruflin
Metricbeat system module updates for Windows
b44bdd6 
- Added system core metricset for Windows. Per core metrics were implemented
  in elastic/gosigar.
- Added logging of process/system details on Windows to aid in debugging (user,
  arch, cores, sid, privs).
- Fixes #2860 (PPID is zero on Windows).
- Fixes #1704 (Server 2003 - PID’s not recognized). The command line arguments
  for the process will not be reported on XP and 2003.
- Fixes #1897 (OpenProcess access denied on Windows). Added code to enable the
  SeDebugPrivilege when it is available.
- Fixes #2885 (diskio metricset fails on XP and 2003).
- Enabled fsstats by default in Metricbeat config.
andrewkroh added a commit to andrewkroh/beats that referenced this issue Nov 1, 2016
@andrewkroh
Metricbeat system module updates for Windows
79e94f6 
- Added system core metricset for Windows. Per core metrics were implemented
  in elastic/gosigar.
- Added logging of process/system details on Windows to aid in debugging (user,
  arch, cores, sid, privs).
- Fixes elastic#2860 (PPID is zero on Windows).
- Fixes elastic#1704 (Server 2003 - PID’s not recognized). The command line arguments
  for the process will not be reported on XP and 2003.
- Fixes elastic#1897 (OpenProcess access denied on Windows). Added code to enable the
  SeDebugPrivilege when it is available.
- Fixes elastic#2885 (diskio metricset fails on XP and 2003).
- Enabled fsstats by default in Metricbeat config.

(cherry picked from commit eb88c2c)
@andrewkroh andrewkroh mentioned this issue Nov 1, 2016
Merged
ruflin pushed a commit that referenced this issue Nov 3, 2016
@andrewkroh @ruflin
Metricbeat system module updates for Windows
55f3855 
- Added system core metricset for Windows. Per core metrics were implemented
  in elastic/gosigar.
- Added logging of process/system details on Windows to aid in debugging (user,
  arch, cores, sid, privs).
- Fixes #2860 (PPID is zero on Windows).
- Fixes #1704 (Server 2003 - PID’s not recognized). The command line arguments
  for the process will not be reported on XP and 2003.
- Fixes #1897 (OpenProcess access denied on Windows). Added code to enable the
  SeDebugPrivilege when it is available.
- Fixes #2885 (diskio metricset fails on XP and 2003).
- Enabled fsstats by default in Metricbeat config.

(cherry picked from commit eb88c2c)
leweafan pushed a commit to leweafan/beats that referenced this issue Apr 28, 2023
@andrewkroh @ruflin
Metricbeat system module updates for Windows
a8600a2 
- Added system core metricset for Windows. Per core metrics were implemented
  in elastic/gosigar.
- Added logging of process/system details on Windows to aid in debugging (user,
  arch, cores, sid, privs).
- Fixes elastic#2860 (PPID is zero on Windows).
- Fixes elastic#1704 (Server 2003 - PID’s not recognized). The command line arguments
  for the process will not be reported on XP and 2003.
- Fixes elastic#1897 (OpenProcess access denied on Windows). Added code to enable the
  SeDebugPrivilege when it is available.
- Fixes elastic#2885 (diskio metricset fails on XP and 2003).
- Enabled fsstats by default in Metricbeat config.

(cherry picked from commit eb88c2c)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewkroh andrewkroh

Labels
bug Metricbeat Metricbeat Topbeat
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewkroh @csuka