Discovery lets you completely control how processes get classified. This may not have the romance of classifying a rock twirling around our local star, but at least it's something you can control!
The answer to her question is that it depends — the values are different for each operating system, with minor variations between versions of operating systems. Here's a table with all the details:
| Field Value | OS | Description |
| pid | All | The process ID |
| name | Windows | The image name of the process (like "crsst.exe") |
| output | Windows | The entire command line used to start the process |
| output | Linux, Solaris, AIX | The entire result of the ps command (or the equivalent) for the process |
| parameters | Windows | The entire command line used to start the process |
| command | All | The fully qualified path to the process' executable (like "D:\Program Files\Rocks\MyRock.exe") |
| user | Linux, OS/X | The user that started the process (note that the name may be truncated) |
| name | Netware | The NLM name |
For some operating systems there are actually a few more values, but these are particularly useful for process classification. For example, under OS/X you can also use "vsz", which is the size (in kilobytes) of the process' virtual memory size.
By far the most useful values for process classification are "name" and "command". The latter is especially useful when you need to distinguish between multiple instances of a particualr executable running on the same box. In such a case, you can look for a value in the parameters, which certainly will be different for the different instances...
1 Comment
