9. Checking for hidden/fake/required processes

9. Checking for hidden/fake/required processes
Prev	Appendix C. Configuration file syntax and options	Next

9. Checking for hidden/fake/required processes

Section heading:

[ProcessCheck]

Entries:

ProcessCheckActive= boolean — 'true' to switch on, 'false' to switch off.

SeverityProcessCheck= severity — Severity for events (default is crit).

ProcessCheckMinPID= integer — Minimum PID (default is 0).

ProcessCheckMaxPID= integer — Maximum PID (default is 32767).

ProcessCheckInterval= seconds — Interval between checks.

ProcessCheckExists= POSIX regular expression — A process that is required to run. Must match a substring in a line of the 'ps' output.

ProcessCheckPSPath= path — The path to ps (default: autodetected at compile time).

ProcessCheckPSArg= path — The argument to ps (default: autodetected at compile time). Note that the first column must be the PID, except on Linux, where the format 'PID SPID ...' is expected (spid = thread id), as shown by 'ps -eT'.

Prev	Up	Next
8. Checking for user files	Home	10. Checking for open ports