Wmi type

When creating this type of connector, you need to define values for the following settings:

• Basic settings tab:
  • Name (required)—a unique name for this type of resource. Must contain 1 to 128 Unicode characters.
  • Tenant (required)—name of the tenant that owns the resource.
  • Type (required)—connector type, wmi.
  • URL (required)—URL of the collector being created, for example: kuma-collector.example.com:7221.

    The creation of a collector for receiving data using Windows Management Instrumentation results in the automatic creation of an agent that receives the necessary data on the remote device and forwards that data to the collector service. In the URL, you must specify the address of this collector. The URL is known in advance if you already know on which server you plan to install the service. However, this field can also be filled after the Installation Wizard is finished by copying the URL data from the Resources → Active services section.

  • Description—resource description: up to 4,000 Unicode characters.
  • Default credentials—drop-down list that does not require any value to be selected. The account credentials used to connect to hosts must be provided in the Remote hosts table (see below).
  • The Remote hosts table lists the remote Windows assets that you can connect to. Available columns:
    • Host (required) is the IP address or name of the device from which you want to receive data. For example, "machine-1".
    • Domain (required)—name of the domain in which the remote device resides. For example, "example.com".
    • Log type—drop-down list to select the name of the Windows logs that you need to retrieve. By default, only preconfigured logs are displayed in the list, but you can add custom logs to the list by typing their name in the Windows logs field and then pressing ENTER. KUMA service and resource configurations may require additional changes in order to process custom logs correctly.

      Logs that are available by default:

      • Application
      • ForwardedEvents
      • Security
      • System
      • HardwareEvents

    If a WMI connection uses at least one log with an incorrect name, the agent that uses the connector does not receive events from all the logs within this connection, even if the names of other logs are specified correctly. The WMI agent connections for which all log names are specified correctly will work properly.

    • Secret—account credentials for accessing a remote Windows asset with permissions to read the logs. If you leave this field blank, the credentials from the secret selected in the Default credentials drop-down list are used. The login in the secret must be specified without the domain. The domain value for access to the host is taken from the Domain column of the Remote hosts table.

      You can select the secret resource from the drop-down list or create one using the button. The selected secret can be changed by clicking on the button.

• Advanced settings tab:
  • Character encoding setting specifies character encoding. The default value is UTF-8.
  • Debug—a toggle switch that lets you specify whether resource logging must be enabled. By default, this toggle switch is in the Disabled position.

Receiving events from a remote device

Conditions for receiving events from a remote Windows device hosting a KUMA agent:

• To start the KUMA agent on the remote device, you must use an account with the “Log on as a service” permissions.
• To receive events from the KUMA agent, you must use an account with Event Log Readers permissions. For domain servers, one such user account can be created so that a group policy can be used to distribute its rights to read logs to all servers and workstations in the domain.
• TCP ports 135, 445, and 49152–65535 must be opened on the remote Windows devices.
• You must run the following services on the remote machines:
  • Remote Procedure Call (RPC)
  • RPC Endpoint Mapper