Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Progress indication for scripts on Windows - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Progress indication for scripts on Windows

I regularly have long-running scripts or programs on Windows that crunch through log files.

Often, the disadvantage with these programs, especially home-brew scripts, is that you have no idea how much progress they have made, or when they will finish.

I use a simple trick to get an idea: I use Microsoft Sysinternals' Process Explorer to check how much bytes have been read/written by a process.

First I select the appropriate columns for the main view:

And then I can get an idea of the progress of each process:

Do you know a better/different trick? Or for another OS? Please post a comment.

In my next diary entry, I'll give an example for dd.

Didier Stevens
Senior Handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

270 Posts
ISC Handler
One of my pet peeves are important cron jobs that use email for notifications. Inevitably, they either email someone no longer around or they send "All is well" emails... so many that every recipient filters them to a separate folder and then nobody sees the "all is NOT well" email notifications. I spent several months tracking down a bunch of these and changing them to use send_nsca to notify a nagios notification to a passive service. That way nagios would quietly log all the "all is well" statuses and only send notifications for the all is not well sort of states.

But there's no reason you couldn't have a script send a bunch of different notifications stating how far along it was in it's execution. If the script ever exited with an error, if you catch error conditions properly, you could even report that to nagios and have nagios send you an email or a text or whatever on error conditions but just quietly log the state of progress as the script ran.
Brent

108 Posts
The only downside of using Process Explorer for that, is that the counter starts at the point you start Process Explorer. If your job has been running 10 minutes, you've no idea how far into it you are.

If you trace it with Process Monitor instead (set a Path filter to the name of the log file, and tell it to drop filtered events), then it will actually tell you the byte offset it is currently reading into the file at. You'll be able to work out exactly how far through it is at that point.

On Solaris, if memory serves, iosnoop does similar
lansalot

18 Posts
If it's a Powershell script that you watch in a window, you can use the Write-Progress commandlet to display a progress bar (either text or graphical) The script has to drive it by whatever metrics make sense (and it can measure)
dave

21 Posts
What version of PE & OS are you referring to lansalot?

It's not a problem with recent versions of PE.
DidierStevens

270 Posts
ISC Handler
In Windows I use a script with WMI Process to get the bytes read and written by wbengine (backup) and 7z this gets logged along with the start times of the processes (also from WMI Process) which gives eta etc.
tV

1 Posts

Sign Up for Free or Log In to start participating in the conversation!