Active Process Discovery
SAS Enterprise Session Monitor has two methods of process discovery that can be configured: active and passive. By default, only the passive method is enabled. During passive process discovery the SAS Enterprise Session Monitor agents watch a configured directory (the ESMEVENTS folder) for a new event trigger file. When active process discovery is enabled the SAS Enterprise Session Monitor agent actively scans the node's process table for processes that match a configured set of rules that are specified in a file called filterSpec.yaml which is found in the SAS Enterprise Session Monitor agent's bin folder. Any processes that match the configured rules are added to the list of processes that are monitored by the SAS Enterprise Session Monitor agent. Active and passive process discovery can run simultaneously.
Active vs Passive¶
The passive process discovery method guarantees that SAS Enterprise Session Monitor creates a record of a process having run on system, even if that session was so short-lived that no metrics were captured about the session. The way that the passive process monitoring works requires the process that is going to be monitored to be able to create the new event trigger file itself. Functions for SAS, shell scripts, and Python currently exist to provide this capability.
There are certain deployment scenarios where we might want to monitor processes that do not have the capability to create SAS Enterprise Session Monitor new event files, or we may not want to touch the configuration of the environment to include the capability to generate the new event trigger files. In this scenario, we would want to use the active process discovery mechanism to monitor processes.
Active process discovery is enabled by uncommenting and setting the value of the monitorAllSessions to True. The monitorAllSessions property enables the active process discovery mode. monitorAllSessions is used in conjunction with monitoringInterval which specifies, in seconds, the interval at which the SAS Enterprise Session Monitor agent scans the node's process table for processes and applies the rules specified in the filterSpec.yaml file.
filterSpec.yaml¶
The filterSpec.yaml file contains one or more process filter blocks. Each block contains a number of different properties that describe a set of rules that are applied to each process in the scanned node's process table. The blocks in the filterSpec file are parsed in sequential order and the first rule that matches a process is the rule that is applied.
filterSpec:
- processFilterRegex: ^\/(.+\/)*(?<prog>[^\s]+)
userFilterRegex: ''
ignoreMatching: False
esmPattern:
processName: ${prog}
processType: unk
processQueue:
filterSpec.yaml file.
| Property | Sub-property | Description | Accepts variables? | Example |
|---|---|---|---|---|
processFilterRegex |
A regular expression that is applied against each process. If the regular expression matches, the rule block is tried. If it doesn't, the next rule in the file is applied. | No | ^\/(.+\/)*(?<prog>[^\s]+) |
|
userFilterRegex |
A regular expression that is applied against the user of each process. You can specify '' to apply to all users. |
No | ^svc_.* |
|
processLogfile |
A regular expression that is applied against all of the file descriptors of a matched process. If a file is found, that file is passed as the associated log file of the process. Unix only. | No | .*WorkspaceServer_\w+.* |
|
ignoreMatching |
A binary (True or False) option that controls whether if a process matches the rule block, the process is added to SAS Enterprise Session Monitor. |
No | False |
|
esmPattern |
processName |
This is the name of the session as we want to see it in SAS Enterprise Session Monitor. This can be hardcoded or you can use the results of a named capture group from the processFilterRegex using the special variable format ${var}. |
Yes | ${prog} |
esmPattern |
processType |
This is the name of the "Category" as we want to see it in SAS Enterprise Session Monitor. This value can be hardcoded or you can use the results of a named capture group from the processFilterRegex using the special variable format ${var}. |
Yes | SAS1 |
esmPattern |
processQueue |
This is the name of the "Queue" as we want to see it in SAS Enterprise Session Monitor. This value can be hardcoded or you can use the results of a named capture group from the processFilterRegex using the special variable format ${var}. |
Yes | normal |
-
There are a number of keywords that have a special meaning within SAS Enterprise Session Monitor including: Batch, STP, WS, CS, GRID, Foundation, SPRE, viya, CMP. You should avoid using these for customer processes unless you are aware of the implications. Please contact technical support for more information: support@sas.com. ↩
Created: April 24, 2023