check_winprocess - NRPE check plugin for Windows processes




check_winprocess - Nagios NRPE plugin for checking processes



check_winprocess [--filter filter spec[,filter spec] ... ] ... ] [--warning threshold] [--critical threshold] [--compare operator] [--first number] [--kill] [--verbose] [--help]



check_winprocess is a Nagios NRPE plugin for checking processes by using criteria like status, name, cpu and memory usage and many more. You can also specify if the processes meeting the criteria will be killed. check_process uses Windows tools tasklist and taskkill (available in XP and later).




--filter filter spec[,filter spec] ... ] ... ]

Specify filters to select processes. A filter spec consists of three fields: filter name, operator and value. You can specify several comma separated filters for one --filter option, as well as several --filter options. NB! Please be aware of that AND operation is used for multiple filters. Defaults to all processes if no filter is defined. List of filters available (see tasklist documentation for more help):

 Filter Name     Valid Operators           Valid Value(s)
 -----------     ---------------           --------------
 STATUS          eq, ne                    RUNNING | NOT RESPONDING
 IMAGENAME       eq, ne                    Image name
 PID             eq, ne, gt, lt, ge, le    PID value
 SESSION         eq, ne, gt, lt, ge, le    Session number
 SESSIONNAME     eq, ne                    Session name
 CPUTIME         eq, ne, gt, lt, ge, le    CPU time in the format
                                           of hh:mm:ss.
                                           hh - hours,
                                           mm - minutes, ss - seconds
 MEMUSAGE        eq, ne, gt, lt, ge, le    Memory usage in KB
 USERNAME        eq, ne                    User name in [domain\]user
 SERVICES        eq, ne                    Service name
 WINDOWTITLE     eq, ne                    Window title
 MODULES         eq, ne                    DLL name
--warning threshold

Return WARNING if the number of processes matching the criteria is more than threshold. Optional.

--critical threshold

Return CRITICAL if the number of processes matching the criteria is more than threshold. Optional.

--compare operator

Specify the type of comparison operator for threshold checks. Optional. Available values are:

 'eq'  equal to
 'ne'  not equal
 'gt'  greater than (default!)
 'ge'  greater or equal
 'lt'  less than
 'le'  less or equal
--first number

List process names as a part of plugin output. The first specified number of processes will be selected. Optional.


Kill the processes matching the filtering criteria. Useful as an action handler. Works only if at least one filter is defined. Optional.


Increase output verbosity for debugging.


Produce a help message.




 check_winprocess.exe --warn 100 --critical 300


Checks the total number of processes in memory and returns WARNING for more than 100 processes or CRITICAL for more than 300 processes.


 check_winprocess.exe --filter "imagename eq runaway.exe","cputime gt 01:00:00" --critical 1


Checks if there exists runaway.exe processes with CPU time longer than one hour, returns CRITICAL if there was at least one process.


 check_winprocess.exe --filter "memusage gt 102400" --filter "status eq NOT RESPONDING" --kill --critical 1


Checks if there exists processes with memory consumption more than 100 MB and in NOT RESPONDING state, kills them and returns CRITICAL if there was at least one process.





 0 OK





Tevfik Karagulle /





Nagios web site
Nagios NRPE documentation
TASKLIST documentation
TASKKILL documentation





This program is distributed under the Artistic License.





Version 1.6, October 2012





changes from 1.5
 Introduce option --first allowing to list first number of process names as a part of the plugin output.
 List process names as comma separated list in verbose output (newline creates some problems)
changes from 1.4
 produce performance data according to guidelines
changes from 1.3
 Proper treatment of 0 as threshold
changes from 1.2
 renamed as 'check_winprocess'
 use csv output from tasklist
changes from 1.1
 Drop the language specific -no output- check
Changes from 1.0
 Add option I<--compare> to specify the type of comparison for threshold checks.
 Treat information about no tasks properly.