Getting Data In

Powershell Script to Poll for IIS AppPool consuming large amount of memory

JHannan
Explorer

Our application developers were looking to poll the service states of their IIS Application Pools.  This would be just like the Windows Service States (Start/Stopped/Disabled).

He wrote a powershell script to check if the Windows Host has IIS installed and if so, checks the service state of all Application Pools.  This was tested in a test environment without any issues.  However, it is now consuming up to 7GB of memory.

My question is, for custom powershell scripts.  I'm not completely versed on Powershell, so can't say for sure if this code is the most optimal method for achieving the results.  Is there a better way?  For such a small task, why would it consume so much memory?

 

 

#### SysInternals Process Info #####
Command Line: powershell.exe -command "& {get-content "C:\Windows\TEMP\\inputffdc149fdcf785fb.tmp" | "C:\Program Files\SplunkUniversalFowarder\bin\splunk-powershell.ps1" "C:\Program Files\SplunkUniversalForwarder" ffdc1449fdcf785fb}"

 

 

 

The powershell.log file only has two lines when it runs:

 

 

07-09-2021 11:11:58.8862744-5 INFO start splunk-powershell.ps1
07-09-2021 11:12:00.5243172-5 INFO launched disposer

 

 

The temp file contains info about the app-pool.ps1 stanza

 

 

SplunkServerUri:https://127.0.0.1:8089
SplunkSessionKey:<redacted>
stanzas
stanza:App-Pool-State
event_group:-1,1
index:appdevadmin_servers
script:. "$SplunkHome\etc\apps\loves_ta_windows_appdev\bin\powershell\app-pool.ps1"
source:powershell://App-Pool-State
sourcetype:Windows:AppPool

 

 

 

Inputs.conf

 

 

###### Inputs.conf ######
[powershell://App-Pool-State]
script = . "$SplunkHome\etc\apps\loves_ta_windows_appdev\bin\powershell\app-pool.ps1"
schedule = */5 * * * *
disabled = 0
sourcetype = Windows:AppPool
index = appdevadmin_servers

 

 

 

Powershell Script

 

 

###### app-pool.ps1 #####
If (Get-WmiObject -Class Win32_ServerFeature -ComputerName $env:computername | Where-Object {$_.name -like "Web Server (IIS)"}){
    Import-Module WebAdministration
    $ApplicationPools = Get-ChildItem IIS:\AppPools;
    Foreach ($ApplicationPool in $ApplicationPools){
      $ApplicationPoolName = $ApplicationPool.Name;
      $ApplicationPoolState = $ApplicationPool.State;
      If ($ApplicationPool.processModel.identityType -eq 'SpecificUser'){
        $UserIdentity = $ApplicationPool.processModel.UserName;
      }
      else {
        $UserIdentity = $ApplicationPool.processModel.identityType;
      }
      Write-Output "
      ApplicationPoolName=`"$ApplicationPoolName`"
      ApplicationPoolState=`"$ApplicationPoolState`"
      UserIdentity=`"$UserIdentity`"
      ";
    }
}

 

 

 

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!