Last active
March 3, 2019 19:16
-
-
Save jftuga/21a21bd66d931c35781c2bee1b913487 to your computer and use it in GitHub Desktop.
PowerShell check systems for processes using over 1 GB of memory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
check_memory.ps1 | |
-John Taylor | |
Mar-3-2019 | |
Interrogate all Windows systems listed in $disk_space_servers array for processes using over 1 GB | |
of 'WorkingSet64' memory and save the results to the file listed in $output | |
You can exclude "known processes" that will use more than 1 GB of memory by editing lines 32-35: | |
$over_mem_limit += ... | |
(this could be greatly improved by using an array instead of a bunch of -and clauses) | |
Also, restart the RSyslogWindowsAgent when it starts using more than 1 GB of memory because it has a memory leak. | |
#> | |
write-host "" | |
write-host "Check systems for processes using over 1 GB of memory..." | |
write-host "" | |
# edit this. comma-separated list | |
$disk_space_servers = @(".") | |
#edit this. location of results. | |
$output = "c:\temp\check_servers_email_message.txt" | |
$file = New-Item -type file $output -force | |
$over_mem_limit = @() | |
$disk_servers_checked = 0 | |
foreach ( $svr in $disk_space_servers ) { | |
try { | |
write-host "Checking: $svr" | |
$over_mem_limit += Get-Process -ComputerName $svr | Where-Object {$_.WorkingSet64 -gt 1000000000 -and ` | |
$_.ProcessName -ne "sqlservr" -and $_.ProcessName -ne "MomServer" -and $_.ProcessName -ne "VmsDaemonService" -and ` | |
$_.ProcessName -ne "w3wp" -and $_.ProcessName -ne "java" -and $_.ProcessName -ne "PDQDeployService" -and ` | |
$_.ProcessName -ne "PDQInventoryService" -and $_.ProcessName -ne "javaw" -and $_.ProcessName -ne "ws_TomcatService" } | |
} catch { | |
write-warning "Could not connect to: $svr" | |
} | |
$disk_servers_checked += 1 | |
} | |
# this sucks, but it works... | |
$check_mem_results = $over_mem_limit | ft -AutoSize MachineName, @{Label="Working Set (GB)";Expression={"{0:N2}" -f ($_.WorkingSet64/1073741824)}}, ProcessName, Id | |
$over_mem_limit | ft -AutoSize MachineName, @{Label="Working Set (GB)";Expression={"{0:N2}" -f ($_.WorkingSet64/1073741824)}}, ProcessName, Id | out-file -Encoding "ascii" -Append $output | |
if( $check_mem_results.Length -gt 0 ) { | |
#$success = $false | |
Write-Host $output | |
} else { | |
Write-Host "" | |
Write-Host "No servers have processes using over 1 GB of memory. $disk_servers_checked systems were checked." | |
Write-Host "" | |
} | |
write-host "" | |
write-host "=====================================================================" | |
write-host "" | |
$rsyslog_count = 0 | |
foreach( $proc in $over_mem_limit ) { | |
if( $proc.ProcessName -eq "rsyslogcl" ) { | |
$rsyslog_count += 1 | |
write-host $proc.MachineName $proc.ProcessName | |
$attempts = 0 | |
while($attempts -le 2) { | |
$result = (gwmi -computername $proc.MachineName -class win32_service | Where-Object { $_.Name -eq "RSyslogWindowsAgent" }).stopservice() | |
$attempts +=1 | |
sleep $attempts | |
} | |
$restart = (gwmi -computername $proc.MachineName -class win32_service | Where-Object { $_.Name -eq "RSyslogWindowsAgent" }).startservice() | |
if ($restart -ne $null -and $restart.ReturnValue -eq 0 ) { | |
$line = "Successfully restarted Rsyslog service (rsyslogcl) on: " + $proc.MachineName | |
} else { | |
$line = "Could NOT restart Rsyslog service (rsyslogcl) on: " + $proc.MachineName | |
} | |
write-host $line | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment