I need some help with a VBScript that will find out the machine name or IP address of the pc that kicked off a process on our server. I can find the PID of the process, but I don't know how to get the machine name that started the process. The process owner is not what I need because that only tells me the system ID that is running the process. I am guessing that several select statements may be needed to accomplish this.
What I am trying to do is write a script that will page me if there is a possible runaway process on the server. I'd like to know who started the process, so that I can give them a call to find out what they were trying to do.
Any help on this would be greatly appreciated.

Thanks,
Scott

It is not always possible to find out how some running process is started. For example you can connect to some server using telnet, start process and logout. Your process could be still running, but there is no more any trace how that process was started. Another example: You have virus infection and someone is using your server remotely using virus application and he starts regedit.exe. You cannot see any direct connection between running regedit process and that remote hacker. You would have to monitor active tcp/ip connections and then detect that there is suspicious connection between virus program and remote user. Then you can check that parent process id of that regedit process refers to that virus program process.

So it could be better to monitor remote connections and file usage. For example if that process is always using program file foobar.exe form folder c:\zigzag, configure windows file auditing for that file. So whenever someone is accessing that file, windows generates a security log entry.

I'm sorry, but I probably should have been more specific in my question. I am monitoring a specific process that gets kicked off when you access this particular application. I can go into Process Explorer, find the process, click on the TCP/IP tab, and find the machine name or IP address.
That works just fine if I am at work and sitting at my desk. What I need is a script that will page me with the information that Process Explorer can give me. I already have the logic to find the PID if it hits 75% CPU. Now I just need to associate it with the culprit PC Name that kicked it off. I know that this is possible, but I'm very new to VBScript, and don't know how to get this info.

Thanks,
Scott

Maybe you could call netstat from vbscript and capture it's output. Netstat gives this kind of output:

c:\>netstat -b -n
Active Connections
Proto Local Address Foreign Address State PID
TCP 127.0.0.1:2252 crl.microsoft.com:http ESTABLISHED 1376 [procexp.exe]
TCP 127.0.0.1:2229 localhost:2230 ESTABLISHED 3172 [firefox.exe]
TCP 127.0.0.1:2230 localhost:2229 ESTABLISHED 3172 [firefox.exe]

Use "netstat /?" to get syntax help.

I was really hoping that I wouldn't have to shell out and run something from a command prompt, but it looks like I may have to. The netstat -b looks to be the best answer so far. If someone figures this out by using purely vbscript, please let me know.
Thanks for your help, motoflop.

Scott