Wmi type

When creating this type of connector, you need to define values for the following settings:

Basic settings tab:
- Name (required)—a unique name for this type of resource. Must contain 1 to 128 Unicode characters.
- Tenant (required)—name of the tenant that owns the resource.
- Type (required)—connector type, wmi.
- URL (required)—URL of the collector being created, for example: kuma-collector.example.com:7221.
  The creation of a collector for receiving data using Windows Management Instrumentation results in the automatic creation of an agent that receives the necessary data on the remote device and forwards that data to the collector service. In the URL, you must specify the address of this collector. The URL is known in advance if you already know on which server you plan to install the service. However, this field can also be filled after the Installation Wizard is finished by copying the URL data from the Resources → Active services section.
- Description—resource description: up to 4,000 Unicode characters.
- In the Default credentials drop-down list, you you need to specify credentials for connecting to hosts that can be used by default in the Remote hosts table. This field is required if the secret for at least one host is not specified in the Remote hosts table.
- The Remote hosts table lists the remote Windows assets that you can connect to. Available columns:
  - Host (required) is the IP address or name of the device from which you want to receive data. For example, "machine-1".
  - Domain (required)—name of the domain in which the remote device resides. For example, "example.com".
  - Log type—drop-down list to select the name of the Windows logs that you need to retrieve. By default, only preconfigured logs are displayed in the list, but you can add custom logs to the list by typing their name in the Windows logs field and then pressing ENTER. KUMA service and resource configurations may require additional changes in order to process custom logs correctly. Required setting.
    Logs that are available by default:
    - Application
    - ForwardedEvents
    - Security
    - System
    - HardwareEvents
  If a WMI connection uses at least one log with an incorrect name, the agent that uses the connector does not receive events from all the logs within this connection, even if the names of other logs are specified correctly. The WMI agent connections for which all log names are specified correctly will work properly.
  - In the Secret field, specify account credentials for accessing a remote Windows device with permissions to read the logs.
    You can select an existing secret or create a new secret. To create a new secret, click the icon. When creating a secret, you do not need to specify the domain for accessing the host in the User field because the Domain value from the Remote hosts table is used.
    
    If you want to edit the settings of an existing secret, click the pencil icon .
    
    If you leave the default value in this field, the credentials specified in the Default credentials field are used when connecting to remote Windows devices.
Advanced settings tab:
- Character encoding setting specifies character encoding. The default value is UTF-8.
- Debug—a toggle switch that lets you specify whether resource logging must be enabled. By default, this toggle switch is in the Disabled position.

Receiving events from a remote device

Conditions for receiving events from a remote Windows device hosting a KUMA agent:

To start the KUMA agent on the remote device, you must use an account with the “Log on as a service” permissions.
To receive events from the KUMA agent, you must use an account with Event Log Readers permissions. For domain servers, one such user account can be created so that a group policy can be used to distribute its rights to read logs to all servers and workstations in the domain.
TCP ports 135, 445, and 49152–65535 must be opened on the remote Windows devices.
You must run the following services on the remote machines:
- Remote Procedure Call (RPC)
- RPC Endpoint Mapper

Page top