Wmi type

The wmi type is used to obtain data using Windows Management Instrumentation. It is available for Windows Agents.

Available settings:

• Basic settings tab:
  • Name (required)—a unique name for this type of resource. Must contain from 1 to 128 Unicode characters.
  • Tenant (required)—name of the tenant that owns the resource.
  • Type (required)—connector type.
  • URL (required)—URL of the collector being created, for example: kuma-collector.example.com:7221.

    The creation of a collector for receiving data using Windows Management Instrumentation results in the automatic creation of an agent that will receive the necessary data on the remote machine and forward that data to the collector service. In the URL, you must specify the address of this collector. The URL is known in advance if you already know on which server you plan to install the service. However, this field can also be filled after the Installation Wizard is finished by copying the URL data from the Resources → Active services section.

  • Default credentials is a drop-down list for selecting the secret resource that stores account credentials for connecting to remote Windows assets. The login in the secret resource must be specified without the domain. The domain value for accessing the host is taken from the Domain column of the Remote hosts table.

    If required, a secret can be created in the connector creation window using the button. The selected secret can be changed by clicking on the button.

  • The Remote hosts table lists the remote Windows assets that you can connect to. Available columns:
    • Server is the user-friendly name of the asset from which you need to receive data. For example, "src.test.local".
    • Host (required) is the IP address or domain name of the asset from which you want to receive data.
    • Windows logs (required)—a drop-down list to select the name of the Windows logs to retrieve. By default, only preconfigured logs are displayed in the list, but you can add custom logs to the list by typing their name in the Windows logs field and then pressing ENTER. KUMA service and resource configurations may require additional changes in order to process custom logs correctly.

      Preconfigured logs:

      • Application
      • ForwardedEvents
      • Security
      • System
      • HardwareEvents
    • Secret—account credentials for accessing a remote Windows asset with permissions to read the logs. The login in the secret resource must be specified without the domain. The domain value for accessing the host is taken from the Domain column of the Remote hosts table. If you leave this field blank, the credentials from the secret selected in the Default credentials drop-down list will be used.

      You can select the secret resource from the drop-down list or create one using the button. The selected secret can be changed by clicking on the button.

• Advanced settings tab:
  • Character encoding setting specifies character encoding. The default value is UTF-8.
  • Compression—you can use Snappy compression. By default, compression is disabled.
  • Debug—a drop-down list where you can specify whether resource logging should be enabled. By default it is Disabled.

Change settings on the remote machine

Conditions for receiving events from a remote Windows machine hosting a KUMA agent:

• To start the KUMA agent on the remote machine, you must use an account with the Log on as a service permissions.
• To receive events from the KUMA agent, you must use an account with Event Log Readers permissions. For domain servers, one such user account can be created so that a group policy can be used to distribute its rights to read logs to all servers and workstations in the domain.
• TCP ports 135, 445, and 49152-65535 must be opened on the remote Windows machines.
• You need to launch the following services on the remote machines:
  • Remote Procedure Call (RPC)
  • RPC Endpoint Mapper

Page top