Process traffic monitoring...

Hello All,
I am writing an application for counting number of bytes sent/received by each process over the network. I have found the following tools doing the same task which are-
ProcessExplorer (Sysinternals) ---source code not available
TCPView (Sysinternals) ---source code not available
I tried to search the technique that these functions are using and I found that these are using Event Tracing but I could not write my own program using it.
I would really appreciate if you'd answer the following questions in a way I could understand.
1) How to write program like TCPView for getting traffic information for each process
Language - C/C++
platform- Windows

Thanks Paul for your reply,
Using Win API I have written a program that counts number of bytes sent and received by a process.
To calculate Total number of bytes sent/received bytes by a particular process I have taken a counter which is incremented by transfer size(bytes) each time an event occur and finally I get total bytes sent/received.
I am doing the above calculation in the event callback function which is called each time an event is generated.
But I am facing a problem,I tried to send a big file (approx 100MB) through ftp (file transfer protocol) using winscp utility. At the same time I started TCPVew (Sysinternals) and tried to match the result with my application but I found that bytes
sent and received in TCPView is far more than shown by my application.
I think lots of events got lost in my case.
Please tell me what should I do to equip my application so that even a single event is not lost.
Eagerly waiting for your reply..
Thanks
Raghav

Similar Messages

L4 Traffic Monitor question

In the IronPort web security appliance documentation, it indicates that the L4 traffic monitor ports (T1 and/or T2) should be connected to either a network tap or switch span.
I'm a little confused as to how this is supposed to be set up.
Does it mean that you take 2 ports on a switch, one on the same subnet/vlan as the P1 interface (data) on the IronPort, and the other that is on the subnet/vlan as the firwall (outbound Internet traffic) and create 2 monitor sessions (spans)? If so, where are these sessions pointed to?
Isn't the IronPort supposed to be doing the tapping/inspection?
The whole external tap thing has me confused.

Colin,
One way to think of it is that the WSA has 2 inspection engines that don't actually talk to one another...
1. the web proxy, where you're using WCCP to send specific traffic to
2. the L4TM engine that you send a spanned port to to catch all of the other weird stuff.
The web proxy does all of the user tracking/policy stuff, etc. Watching a specific set of ports.
The L4TM is intended for malware that might be running on your net... sort of like the Botnet Traffic filter that's available on ASA.
That said, you'll use 1 port for P1 on whatever vlan, redirection to that happens via WCCP or explicit proxy.
For the L4TM tap you can use 1 or 2 ports on the swtich, or none if you use an external tap. In the Network/Interfaces page, you set whether you want L4TM to use simplex or Duplex. If you use Duplex, just do a span session off the port the firewall is plugged into to the port that you connect T1 into...
If you use Simplex, you do 2 span sessions off of the port the firewall is connected to... ingress traffic on the port (eg. out of the firewall) to the port T1 is connected to, egress traffic on the port (eg. going to the firewall) spanned to the port T2 is hooked up to.
If you use an external tap, put it inline between the firewall and the switch, set the WSA for duplex and connect the "monitor" port to T1...
Hope that helps!
Ken

Difference between Integration Process and Monitoring Process

Hi Experts,
What is the difference between Integration Process and Monitoring Process available in PI7.1?
SAP says that Monitoring process is a special kind of integration process that receives the event messages.
My doubt is even integration process can receive the event messages.
Why these two different type of entities are created for the same purpose?
And what is the technical difference between the two in terms of PI perspective?
Regards,
Sami.

My question is now answered.
[https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/70a25d3a-e4fa-2a10-43b5-b4169ba3eb17]
On page 17 of this pdf following sentence is mentioned :-
From technical perspective, there is no difference between monitoring process and integration process.
Though logically those are two deifferent things.
Monitoring porcesses are used to receive only event messages that is comprises of event data only.
Like Purchase order creation is a event and its event message will have the event data like Order Id, Created on, Created by, Quantity etc., instead of whole purchase order.
Where as Integration Process is a way to provide solution in some specific circummtances like where we have to automate our process or where we need something in between for the course of communication.
Guys thanks for your precious time.
Regards,
Sami.

Process Instance Monitoring

During the Process Instance Monitoring mechanism, the data generated as process instances execute is initially stored in the runtime database. How can I configure the monitoring information to go into a database or a local file?

Namrata,
The run time bean information is also stored in the default database pointbase of weblogic.You can point this database to any other database like Oracle ,db2 etc.You need to run the databse scripts which you can find in the installed directory.
You need to create a connectionPool,JNDI and need to use this JNDI name in the weblogic server Admin console.
Or you can change the default database setting during the domain creation.
Hope this helps you.
Regards
Bishnu

Need help in generating L4 Traffic monitor logs

Hi,
As a part of my project I need to study different types of logs produced by Cisco IronPort. I could generate some access and authentication logs however not sure about generating the L4 Traffic Monitor logs. Can anyone point me to right documentation that will help me generate those logs?
Thanks,
Harshad Kashikar

Harshad,
L4 Traffic Monitoring needs to be configured within the IronPort - first question is do you have a SPAN/TAP port set up on your switch to capture L4 traffic?
Second, I only use this feature to capture information on malware/spyware - I have seen P2P, IRC, and 'phone-home' traffic amongst other things. Do you have an infected host you can monitor?
BF

L4 traffic monitor - blocking traffic ?

Hello
How does L4 traffic monitor is blocking traffic if T1/T2 ports are "tap/sniffed ports" ?
For SPAN we might have "ingress vlan feature" which would allow us to send TCP RST (like IPS does),
but for hardware TAP we do not have such a feature.
So - maybe L4 traffic monitor can not block any traffic, just make a decision what to block and execution is on WebProxy and P1/2 ports ?
Thanks

Michael,
Yes, the reset is sent via P1
Ken
Sent from Cisco Technical Support iPad App

Can an Ironport work in both WCCPv2 and L4 Traffic monitoring modes at the same time?

Hello Ciscoers,
We have an ironport installed and we use WCCPv2 to redirect the traffic. And as it occurs, I have a need to forward the traffic for another network, that uses another path to the Internet.
So I was thinking using the L4 Traffic Monitoring.
To the best of your knowledge, is there a way to have the appliance use both WCCPv2 and L4 Traffic monitoring at the same time? From the configuration, it's one or the other.
Thanks,
J.

Ok. I'll try.
As a matter of fact, I plan to use policy-based routing to forward all the "interesting" traffic to the appliance.
For your TCP-Resets not seen, do you allow ingress on the span session?
J.

Traffic monitoring for Coherence 3.1

The objective of our small project is to monitor the traffic on our coherence clusters. We also were trying to put the cache traffic as a object in the same cache name. The problem we encountered was during performance tests something happened to the coherence clusters and there appears to be some kind of lock not being released for others which made all the weblogic cluster go down. Weblogic went down with "too many open files". We have thread dumps which I can send if you guys need it nevertheless I have attached a part which I suspect is the reason.
Heres the Code that was trying to do the monitoring. The doPut Servlet method does the put , after the put it calls a method RegisterTraffic which has a small logic to increment the count & put back into the cache. It has a Lock for the particular "Traffic" key.
* The Servlets doPut method - Handles the Cache Put Requests
* @param HttpServletRequest request, HttpServletResponse response
* @return void
* @throws CacheException
public void doPut(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException {
     ServletOutputStream out = response.getOutputStream();
     String value = "";
     try {
          String id = request.getPathInfo();
          String expires = request.getHeader("Expires");
          String contentType = request.getContentType();
          String app_name = request.getHeader("App-Name");
          int contentLength = request.getContentLength();
          if (contentLength > 0) {
               byte valueArray[] = new byte[contentLength];
               ServletInputStream in = request.getInputStream();
               int bytesRead = 0;
               int offset = 0;
               while (bytesRead > -1) {
                    bytesRead =
                         in.read(valueArray, offset, valueArray.length - offset);
                    offset += bytesRead;
                    if (offset == contentLength) {
                    break;
               DataObject myValue = new DataObject();
               myValue.setByte(valueArray);
               myValue.setExpirationTime((Long.parseLong(expires))*1000);
               Cache_Manager.put(id, myValue);
               response.setContentType("application/octet-stream");
               value = "ID "+id+" Stored";
               out.write(value.getBytes());
               out.flush();
               RegisterTraffic(app_name,"PUT");
     } catch (Exception ex) {
          response.setContentType("application/octet-stream");
          value = "CACHE_ERROR:"+ErrorCode.INTERNAL_PROBLEM_CODE+":"+"doPut:"+ErrorCode.INTERNAL_PROBLEM_MSG;
          response.setContentLength(value.length());
          out.write(value.getBytes());
          throw new ServletException(value+"\n"+ex.getMessage());
* The Servlets Traffic Monitor method - Handles the Traffic monitoring
* @param appname, get or put or clear
* @return void
* @throws CacheException
public void RegisterTraffic(String appName, String action) {
     String trafficKey = "Traffic";
     try {
          HashMap hmTotal = new HashMap();
          HashMap hmToday = new HashMap();
          Object obj = null;
          HIDataObject dObj = null;
          String today = (new java.util.Date().toString()).substring(0,3);
          //String today = "SAT";
          Long totalTrafficCount = new Long(1);
          Long todayTrafficCount = new Long(1);
          long totalCnt = 0;
          long todayCnt = 0;
          // Lock the Object.
          Cache_Manager.lock(trafficKey,-1);
          try{
               dObj = (HIDataObject)Cache_Manager.get(trafficKey);
          } catch(java.lang.NullPointerException nex) {
               // If this Exception then we are doing it for the first time.
               // Ignore this exception
          } catch(Exception exe) {
               CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
          if (dObj != null) {
               hmTotal = dObj.getTotalTrafficHashMap();
               hmToday = dObj.getTodayTrafficHashMap();
          // HashMap.get will throw error for the first time , so initialize to 1.
          try{
               totalTrafficCount = (Long)hmTotal.get(appName+"-"+action);
          } catch(java.lang.NullPointerException nex) {
               CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
          try{
               todayTrafficCount = (Long)hmToday.get(today+"-"+appName+"-"+action);
          } catch(java.lang.NullPointerException nex) {
               CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
          try{
               totalCnt = totalTrafficCount.longValue();
               todayCnt = todayTrafficCount.longValue();
          } catch (Exception e) {
          // Increase the counn here
          totalCnt++;todayCnt++;
          hmTotal.put(appName+"-"+action,new Long(totalCnt));
          hmToday.put(today+"-"+appName+"-"+action,new Long(todayCnt));
          try{
               HIDataObject myValue = new HIDataObject();
               myValue.setTotalTrafficHashMap(hmTotal);
               myValue.setTodayTrafficHashMap(hmToday);
               myValue.setExpirationTime(86400000);
               Cache_Manager.put(trafficKey, myValue);
          } catch (Exception exe){
               CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
     } catch (Exception ex) {
          CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+ex.getMessage());
     } finally {
          Cache_Manager.unlock(trafficKey);
Weblogic Thread Dumps
"TcpRingListener" id=76 idx=0x96 tid=19164 prio=6 alive, in native, daemon
at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
^-- Holding lock: java/net/PlainSocketImpl@0xc5f4238[thin lock]
at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
"DistributedCache" id=78 idx=0x98 tid=19165 prio=5 alive, in native, waiting, daemon
-- Waiting for notification on: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
at java/lang/Object.wait(J)V(Native Method)[optimized]
at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)[optimized]
^-- Lock released while waiting: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
"ListenThread.Default" id=79 idx=0x9a tid=19166 prio=5 alive, in native
at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
^-- Holding lock: java/net/PlainSocketImpl@0x1729efc8[thin lock]
at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
at weblogic/socket/WeblogicServerSocket.accept()Ljava/net/Socket;(WeblogicServerSocket.java:26)
at weblogic/t3/srvr/ListenThread.accept()Ljava/net/Socket;(ListenThread.java:735)
at weblogic/t3/srvr/ListenThread.run()V(ListenThread.java:301)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
Blocked lock chains
===================
Chain 2:
"ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'" id=53 idx=0x70 tid=18903 waiting for java/lang/String@0x102fb4d8 held by:
"ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'" id=52 idx=0x6e tid=18902 in chain 1
Coherence Thread Dumps
"PacketPublisher" id=21 idx=0x32 tid=20248 prio=6 alive, in native, waiting, daemon
at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
at java/lang/Object.wait(J)V(Native Method)
at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$PacketPublisher$Queue@0xcb36648[fat lock]
at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
"Cluster" id=22 idx=0x34 tid=20249 prio=5 alive, in native, waiting, daemon
-- Waiting for notification on: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
at java/lang/Object.wait(J)V(Native Method)
at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
"PO Async Executor" id=27 idx=0x36 tid=20436 prio=5 alive, in native, waiting, daemon
-- Waiting for notification on: java/lang/Object@0xa7573d8[fat lock]
at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
at jrockit/vm/Locks.wait(Ljava/lang/Object;J)V(Unknown Source)
at java/lang/Object.wait()V(Native Method)
at com/wily/EDU/oswego/cs/dl/util/concurrent/BoundedLinkedQueue.take()Ljava/lang/Object;(BoundedLinkedQueue.java:225)
^-- Lock released while waiting: java/lang/Object@0xa7573d8[fat lock]
at com/wily/EDU/oswego/cs/dl/util/concurrent/QueuedExecutor$RunLoop.run()V(QueuedExecutor.java:82)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)
-- end of trace
"TcpRingListener" id=24 idx=0x38 tid=20252 prio=6 alive, in native, daemon
at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
^-- Holding lock: java/net/PlainSocketImpl@0xd441530[thin lock]
at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
at java/lang/Thread.run()V(Unknown Source)
at jrockit/vm/RNI.c2java(IIII)V(Native Method)

Hi user638596.
Frankly, there is not enough information to go by. The code you pointed to is definitely not "bullet proof". First, after the lock has been acquired, it only catches Exceptions, so any Errors (e.g. OutOfMemoryError) would "leak" a lock. In general, the locking-protected code should look like (in pseudo-code):
lock();
try
operations();
finally
unlock();
}However, without seeing the log files and entire thread dump, it's impossible to figure out a real reason. I'd suggest you to submit those to our support at Oracle Metalink.
Regards,
Gene

Disabling Process Instance Monitoring

I am using Weblogic 8.1 service Pack 5. I have a stand alone class to deploy my application on Weblogic. The Process Instance Monitoring should be disabled during this. We can control this through the WLIConsole.
Is there any way to disable the Process Instance Monitoring using Weblogic API?

Namrata,
The run time bean information is also stored in the default database pointbase of weblogic.You can point this database to any other database like Oracle ,db2 etc.You need to run the databse scripts which you can find in the installed directory.
You need to create a connectionPool,JNDI and need to use this JNDI name in the weblogic server Admin console.
Or you can change the default database setting during the domain creation.
Hope this helps you.
Regards
Bishnu

How to perform process chain monitoring

Hi All,
can u send me the steps how to perform process chain monitoring and what to do if we get any error in any process in the process chain. if possible if any one have the screen shots how to do kindly send me that link.
Thanks & Regards,
Naveen

Transactions used to monitor the Process chains
RSPCM
SE38 >/SSA/BWT or ST13>BW-TOOLS
--> clic on execute --> select the process chains radio button --> execute
--> click on process chains -->if you want to monitor the specific process chain enter the process chain id or if you want to monitor the process chains that are running in a particular date and time interval simply enter the values and click on execute...
it will display the process chains status and time of the runs etc...

BI Process chain monitoring from SOLMAN

Hi,
We have configured CEN in our landscape and successfuly managed to get data from satellite systems and getting alerts according to our requirement.
But for BI Process chain Monitor we are getting alerts of yellow MTE with text "Entire chain now has status 'A'", which is flooding our mailbox. We cant find any way to stop this and to receive mails only for failed process chains i.e. for red MTE.
Can you please help us in this?
Thank you,
Lena

Hello Marco,
the problem is that the Process Chain monitor is not yet available with ST-A/PI 01L*. Unfortunately the empty hull that you see during the setup was shipped without the proper content. The Process Chain monitor will be properly shipped with the next ST-PI and ST-A/PI combination in Q2/2010.
Sorry for any inconvenience caused.
If you want to have this monitor earlier on it could be implemented via Customer Exit in case that you have some MaxAttention or Safeguarding engagement.
Best Regards
Volker

[Request] NTM - Network Traffic Monitor

Hi to everyone:
Could anyone package this?: NTM - Network Traffic Monitor
NTM is a monitor of the network and internet traffic for GNU/Linux. Some characteristics:
* Choice of the interface to monitoring.
* Period to monitoring: Day, Week, Month, Year or Custom Days. With autoupdate.
* Threshold: Autodisconnection if a limit is reached (by NetworkManager).
* Traffic Monitoring: Inbound, outbount and total traffic; Show the traffic speed.
* Time Monitoring: Total time of connections in the period.
* Time Slot Monitoring: Number of sessions used.
* Reports: Show of average values and daily traffic of a configurable period.
* Online checking with NetworkManager or by "Ping Mode".
* The traffic is attributed to the day when the session began.
* Not need root privilege.
* Not invasive, use a system try icon.
NTM is useful for the people that have a internet plan with a limit, and moreover the exceed traffic is expensive.
NTM is write in python and is a open source software, the license is the GNU GPL v2.
A lot of thanks.

#Maintairner: Brieuc Roblin <brieuc.roblin at gmail dot com>
pkgname='ntm'
pkgver='1.2.2'
pkgrel='1'
pkgdesc="Monitor of the network and internet traffic"
arch=('i686' 'x86_64')
license=('GPL')
depends=('pywebkitgtk' 'lsb-release' 'networkmanager')
makedepends=('dpkg')
url=('http://netramon.sourceforge.net/eng/index.html')
source=('http://freefr.dl.sourceforge.net/project/netramon/NTM/ntm-1.x/ntm-1.2.2.deb')
md5sums=('ec438b8c952ac866ffdaa57538d189b7')
build() {
cd "$srcdir"
# Extracting deb
msg2 "Extracting .deb ..."
dpkg-deb -x ntm-*.deb deb
cd "deb"
# Installing
msg2 "Installing..."
cp -r . "$pkgdir"/
I can't really test the program as I'm not using NetworkManager.
Last edited by PyrO_70 (2010-08-20 19:18:24)

Cisco WSA : no data found in L4 traffic monitor summary

Hello !
Does L4 traffic monitor only display rogue traffic ? Because, I made a packet capture on the T1 interface and i saw that there was a lot of traffic but in the overview, no data was found in the field "L4 Traffic Monitor Summary". Is it normal ? There is a screenshot in enclosed files.
Thank you,
Stephane Walker

UDP ports will not be blocked.
The L4TM will use the T1 interface to detect traffic to destinations that are on its blacklist. Once detected, the the data interface on the WSA will send a packet with the TCP reset flag to the client to prevent a TCP connection.
I have not tested this so someone correct me if I am wrong. I am answering this based on my understanding of the L4TM feature, and how it works. Since UDP is connectionless, there is no connection for it to kill.
Now this makes me wonder about the Monitor feature though. But I am almost certain it will not block if the action is set to block.
I'll check this out when I'm in the office and will get back to you.
-Vance

UDP traffic analyzed in L4 traffic monitor?

Dear all,
I just wonder if anyone knows whether UDP traffic is analyzed by the WSA's L4 traffic monitor?
It just tells "all ports" in the settings and reports also only reflect port numbers but no details like
which protocol (tcp/udp).
Anyone?
Best,
Hascha

UDP ports will not be blocked.
The L4TM will use the T1 interface to detect traffic to destinations that are on its blacklist. Once detected, the the data interface on the WSA will send a packet with the TCP reset flag to the client to prevent a TCP connection.
I have not tested this so someone correct me if I am wrong. I am answering this based on my understanding of the L4TM feature, and how it works. Since UDP is connectionless, there is no connection for it to kill.
Now this makes me wonder about the Monitor feature though. But I am almost certain it will not block if the action is set to block.
I'll check this out when I'm in the office and will get back to you.
-Vance

Monitoring a process that monitors

Folks,
We have implemented an architecture, where there is a Master-Process that monitors few Slave-processes. This Master-process keeps an eye on the Slave Process, and keep restarting them, when ever one of these Slave Processes die (or) get killed.
The way we designed, this Master process; is that it can restart any particular slave-process only ( N number of times ), after which it dies.
Question : If I want to implement a Manifest, such that SMF only monitors the Master-Process and not the Slave-processes. And when the Master process dies, the SMF should start the Master-process and the Slave-Processes.
How do I implement a manifest such that, only the Master-Process is monitored by the SMF, and not the Slave-Processes
_D

1) check data volume is increased so it will litter slow.
2) check index fragmentation and reorganize or rebuild index
3) updates statics.
4) check blocking and locking
5) check deadlock
6) check no user login in sql server
7) check memory and cpu utilazation
8) Make sure DB compatibility
level is latest one.
9)Find missing indexes and unused indexes.
10) Find existing indexes are using effectively.
check and confirm.

Process traffic monitoring...

Similar Messages

Maybe you are looking for