I've hacked together a solution that allows me to commit changes to my Go language application to Azure Websites, compile into a Go binary, and then update the Web.Config to have the httpPlatformHandler use the newly created binary. This allows me to easily deploy changes to my Go app and have them (almost) instantly available on my Azure website. It's a neat prototype, and you can check it out here: https://github.com/wadewegner/azure-website-go-builder/
If you look at the last line of the deploy.cmd you'll see that I use Powershell to kill a w3wp.exe process. This forces it to restart and use the updated Web.Config.
powershell "stop-process (Get-Process w3wp | Sort-Object ws | Select -first 1).Id"
This is a hack and not ideal. In a default scenario there are two w3wp.exe processes running - one for our website and one for the SCM website (which is a management website). It will not work if we have more than one instance of our Azure website running. It also assumes that the right process to kill is the one with the smaller memory footprint - this is a bad assumption to make.
In Azure Websites we don't have a lot of facilities at our disposal for finding and killing processes.
When I run Get-Process w3wp ... I get this kind of output today:
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
364 40 7196 16032 85 0.55 5516 w3wp
667 77 61972 77372 350 5.72 3448 w3wp
However, with two instances of my website, it could be:
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
364 40 7196 16032 85 0.55 5516 w3wp
364 40 7196 16032 85 0.55 5517 w3wp
667 77 61972 77372 350 5.72 3448 w3wp
(Manually updated to make my point.)
So, the question is, what's the right way to choose the two processes I want to kill? I don't want to kill 3448.
Additionally, how do I find a better heuristic to choose the right processes?
I uploaded tlist.exe to run tlist -t and get this output:
D:\home\site\wwwroot>tlist -t
AdjustTokenPrivileges failed with 1300
w3wp.exe (5516)
20150107_070323.exe (4936)
w3wp.exe (3448)
cmd.exe (1976)
tlist.exe (5868)
This makes it clear that 5516 is the PID I want to kill.
Is there a way in Powershell to run Get-Process but if it somehow inspect child processes and filter out the w3wp.exe PID with the cmd.exe process?
Thank you!
Related
I can get all event log messages via WMI in powershell like
Get-WmiObject -query "SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Security'"
To enumerate all event logs I use
Get-WmiObject win32_nteventlogfile
FileSize LogfileName Name NumberOfRecords
-------- ----------- ---- ---------------
26218496 Application C:\WINDOWS\System32\Winevt\Logs\Application.evtx 75510
69632 HardwareEvents C:\WINDOWS\System32\Winevt\Logs\HardwareEvents.evtx 0
69632 Internet Explorer C:\WINDOWS\System32\Winevt\Logs\Internet Explorer.evtx 0
69632 Key Management Service C:\WINDOWS\System32\Winevt\Logs\Key Management Service.evtx 0
69632 OAlerts C:\WINDOWS\System32\Winevt\Logs\OAlerts.evtx 39
69632 Parameters C:\WINDOWS\System32\Winevt\Logs\Parameters.evtx 0
12652544 Security C:\WINDOWS\System32\Winevt\Logs\Security.evtx 18840
69632 State C:\WINDOWS\System32\Winevt\Logs\State.evtx 0
8458240 System C:\WINDOWS\System32\Winevt\Logs\System.evtx 15108
69632 Windows Azure C:\WINDOWS\System32\Winevt\Logs\Windows Azure.evtx 0
2166784 Windows PowerShell C:\WINDOWS\System32\Winevt\Logs\Windows PowerShell.evtx 1656
So far found not a way to parse all other logs showing up under Applications and Service Logs
With Powershell I can get the log files via
Get-WinEvent -ListLog *
LogMode MaximumSizeInBytes RecordCount LogName
------- ------------------ ----------- -------
Circular 15728640 1656 Windows PowerShell
Circular 1052672 0 Windows Azure
Circular 20971520 15123 System
Circular 20971520 19404 Security
Circular 1052672 39 OAlerts
Circular 20971520 0 Key Management Service
Circular 1052672 0 Internet Explorer
Circular 20971520 0 HardwareEvents
Circular 26214400 75525 Application
Circular 1052672 0 WitnessClientAdmin
Circular 1052672 Windows Networking Vpn Plugin Platform/OperationalVerbose
Circular 1052672 Windows Networking Vpn Plugin Platform/Operational
Circular 1052672 0 SMSApi
Circular 1052672 66 Setup
Circular 1052672 0 OpenSSH/Operational
Circular 1052672 0 OpenSSH/Admin
Circular 1052672 Network Isolation Operational
Circular 1052672 0 Microsoft-WS-Licensing/Admin
Circular 1052672 0 Microsoft-WindowsPhone-Connectivity-WiFiConnSvc-Channel
Circular 1052672 0 Microsoft-Windows-WWAN-SVC-Events/Operational
But when I try to read other log files then I get nothing. When I try to read e.g. the Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant file I get nothing back:
Get-WmiObject -query "SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant'"
The log file has a different name
Directory of C:\Windows\System32\winevt\Logs
12/26/2019 07:55 PM 69,632 Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
In the event viewer the name is displayed as
What would be the correct log file name I need to enter to the WMI query to read the events?
Better late than never I guess.
Create the following key in registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Microsoft-Windows-Program-Compatibility-Assistant/Analytic
No values required, just the key.
You should then be able to run a query like this
select * from Win32_NTLogEvent where logfile = 'Microsoft-Windows-Program-Compatibility-Assistant/Analytic'
I have run the script below
iex "& { $(irm https://aka.ms/install-powershell.ps1) } -UseMSI"
The msi below gets downloaded and I run it, the wizard finishes without any remarks
https://github.com/PowerShell/PowerShell/releases/download/v6.2.0/PowerShell-6.2.0-win-x64.msi
The only problem is that when I run
"$PSVersionTable.PSVersion"
It still says
Major Minor Build Revision
----- ----- ----- --------
5 1 17763 316
and a require-statement in another script also says that I have v5.1...
(yes, I have restarted my machine:))
Any ideas?
I'm using check_mk as monitoring solution and I disabled WMI service cause it create timeout when check_mk query for information.
Get-WmiObject / Get-Disk / Get-PSDrive use WMI service to get information and I would like to get disk information like total space, used space etc without using WMI beacause I can't.
Do you know any workaround do to that?
TL;DR -
(echo select disk=0 & echo list partition & (for /l %A in (1,1,10) do #echo select disk=next &#echo list partition)) | diskpart | findstr /i /v /r "^$ > microsoft ^reached ^select ^there ^the\ start"
Details -
The 'diskpart.exe' command can get you what you want. It requires admin rights, but since you mentioned disabling services, that didn't sound like an issue.
Rather than interacting with DISKPART's unique menu system, this example will blindly request the list of partitions on the first 11 disks (and filter away unnecessary lines..). Should be enough.
:-)
Cmd:
(echo select disk=0 & echo list partition & (for /l %A in (1,1,10) do #echo select disk=next &#echo list partition)) | diskpart | findstr /i /v /r "^$ > microsoft ^reached ^select ^there ^the\ start"
Output From My Live System:
Disk 0 is now the selected disk.
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB
Disk 1 is now the selected disk.
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 350 MB 1024 KB
Partition 2 Primary 270 GB 351 MB
Partition 3 Recovery 845 MB 271 GB
Partition 4 Primary 204 GB 272 GB
Disk 2 is now the selected disk.
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB
I use ipptool to get the status of the current print job.
C:\Users\Administrator>ipptool http://localhost/ipp/printers get-completed-jobs.test
job-id job-state job-name job-originating-user-name job-media-sheets-completed
------ --------- -------- ------------------------- --------------------------
14 canceled RedHat 1
13 completed RedHat 1
12 completed RedHat 1
11 completed RedHat 1
How do I get the specified job-id and job-state?
What method does Powershell use to intercept strings?
Question 1:
Get the following stringļ¼
14 canceled
Question 2 :
Get the following string:
13 completed
12 completed
Question 3 :
How do I get the most recent job-id and job-state?
The cmdlet ConvertFrom-SourceTable available for download from the PowerShell gallery (GitHub: iRon7/ConvertFrom-SourceTable) is capable of reading this type of data tables:
$Jobs = ConvertFrom-SourceTable '
job-id job-state job-name job-originating-user-name job-media-sheets-completed
------ --------- -------- ------------------------- --------------------------
14 canceled RedHat 1
13 completed RedHat 1
12 completed RedHat 1
11 completed RedHat 1
'
In your case, it is probably something like:
$Jobs = $(.\ipptool http://localhost/ipp/printers get-completed-jobs.test) | ConvertFrom-SourceTable
The rest of your questions are actually a matter of basic PowerShell commands.
As in this example, the Jobs object will give you access to e.g. the status of job 14:
$Jobs | ?{$_."job-id" -eq 14} | Select -Expand "job-state"
canceled
And "How do I get the most recent job-id and job-state?":
(presuming that the most recent job is always on top)
$Jobs | Select "job-id", "job-state" -First 1
job-id job-state
------ ---------
14 canceled
(For other ConvertFrom-SourceTable examples see: https://stackoverflow.com/search?q=ConvertFrom-SourceTable)
Is there a command which can tell me whats in the Solaris run queue?
I can get a count using vmstat, but I need to know what processes/threads are in there.
The run-queue is always changing, so it's almost impossible to get the set of processes in the current run-queue.
That said, you can get an approximation by looking at the STAT (state) field of the process list from ps. When running the command below:
$ ps aux
...the if the STAT field begins with R, then the process is marked RUNNABLE by the kernel, which on most operating systems means that it is in the run-queue. Here's what a runnable process looks like on my machine:
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 78179 0.0 0.0 599828 480 s003 R+ 7:51AM 0:00.00 ps aux
On solaris, you can also use the prstat command and look at the STATE column. The value run indicates that the process is on the run-queue. (Also note that the value cpuN indicates that the process is currently running on processor N.
For example:
$ prstat -s cpu -n 5
PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP
13974 kincaid 888K 432K run 40 0 36:14.51 67% cpuhog/1
27354 kincaid 2216K 1928K run 31 0 314:48.51 27% server/5
14690 root 136M 46M sleep 59 0 0:00.59 2.3% Xsun/1
14797 kincaid 9192K 7496K sleep 59 0 0:00.10 0.9% dtwm/8
14851 kincaid 24M 14M sleep 48 0 0:00.03 0.3% netscape/1
Total: 97 processes, 190 lwps, load averages: 2.18, 2.15, 2.11
I was about to correct 0xfe answer when I saw you already did it. The run queue is containing theads not processes so the -L option is mandatory with the prstat command if you want to have the number of "state run" lines more or less matching the run queue. Beware that sampling artifacts will probably prevent to get accurate matches.
In any case, if you want to precisely know what processes/threads are sitting in the run queue you'd rather go the dtrace way assuming you are running Solaris 10 or newer.
The whoqueue.d script which might already been in /usr/demo/dtrace directory on your machine will be a good start:
# dtrace -s /usr/demo/dtrace/whoqueue.d
Run queue of length 1:
24349/1 (dtrace)
Run queue of length 3:
0/0 (sched)
0/0 (sched)
0/0 (sched)
Run queue of length 4:
22468/30 (java)
22468/17 (java)
22468/23 (java)
22468/10 (java)
Have a look at this page for details.