The Data on Demand Management Pack contains a number of useful System Center Operations Manager (SCOM) agent tasks, including the Netstat task required by Squared Up Visual Application Discovery & Analytics.
Kernel owned processes do not list pid information when running Netstat with process information (column is - or empty). This means the results cannot be parsed by VADA downstream.
Since other tools may or may not be able to correctly detect the owning component, and those tools are not standard on all supported distributions, it may make sense to simply use an intentionally invalid PID and report the proc name as "Unknown" (as done on Windows).
This would also mitigate some of the issues with permissions some folks are seeing - although the netstat input would be incomplete and/or missing proc information, you would not be forced to run as root when using the task in many cases if all you want is inbound/outbound connections.
The GetNetstatCsv Task provides valuable information on application dependencies (in particular, to VADA) but currently is only supported on windows platforms.
It would be great if this task were to be implemented supporting the same unix/linux platforms as SCOM itself (for reference, that list can be found here.
Ideally, the output format would be the same so that downstream tools can consume this data as they would with the existing windows version today.
Although the process description field is initialized to a string, if the FileProcessDescription property is null, later attempts to test the length or call methods on the process description will fail.
Currently the json format is not supported on any windows hosts that do not have PowerShell version 3.0 or later, as Convertto-json is not available.
Since most modern operating systems are now PS v3 or later, the task description will be updated to state the json format is only available in those cases, as several other formats are supported and work fine on those platforms.
If the connection state column has been localized, Get-Netstat.ps1 returns no results as the filtering is based on the string "established" rather than any enumeration.
I've created the needed files to allow a new on-demand task which, with it's default config, will list the 10 most recent Windows Updates that have been applied to the targeted Server. I'm not familiar with using GIT and I have no idea if I would even have rights to commit to the repo; so, i'm providing the files here so someone can include them into the MP.
The Get DNS Cache task depends on the Get-DNSClientCache PowerShell cmdlet, which itself depends upon WMI classes not available on Windows 2008 R2 and below.
This task could easily be replaced with an implementation that makes use of native windows commands (ipconfig /displaydns) which would allow for support across 2003/2008 systems.
The problem lies with the Microsoft.SystemCenter.WSManagement.Library!Microsoft.SystemCenter.WSManagement.Invoker ProbeAction type used in the workflow.
It doesn’t work in SCOM 2019!!
MicrosoftUnixShellCommandLibrary!Microsoft.Unix.Invoke.Script.ProbeAction must be used instead, with the GetNetstatCSV.sh script encoded Base64.
Also, there are problems with the script itself as netstat might return LOTS of ESTABLISHED TCP connections.
Some kind of limit or process filtering must be put in place at script level (via arguments), otherwise script will time out without returning anything.
Currently the netstat task on unix/linux includes the path to the binary if that was specified when the process was created.
This can often lead to a long string with superfluous information, which could probably be removed. If this information was specific in certain cases, it would probably be more appropriate to move this to the Name column, as the path is clearly forming part of the identifier.
The CPU Percent value returned by the task is based on a WMI perf counter that is capped at the value of 100. On multi-core systems where threads are being run across multiple cores, the time value will likely exceed 100. This can cause wildly inaccurate figures on systems that have a large number of cores.
To resolve this, we instead need to collect the CPU % for each thread in the process (via Win32_PerfFormattedData_PerfProc_Thread, ignoring any instances matching _Total) and sum them, dividing by the total number of logical cores.
In addition, many of the other properties are actually available on the System.Diagnostics.Process class - the only one that is not is the Creating process - this value could instead be queried from the WMI_Process class.