WMI Poller
To get advanced statistics from devices with Windows you need to install WMI console application.
Deprecated Feature
WMI is a contributed feature that has been abandoned by its original author. Due to the similar abandoned status of the wmic binary, it's now considered deprecated and unsupported.
Optional Feature
WMI isn't required to poll Windows devices, but will facilitate collection of some additional data about Exchange and MSSQL.
Installing WMIC
Before using the WMI poller you need to install WMIC onto your Observium host.
The WMI source code is quite old and many packages cause problems with Python dependencies, so it's easiest to use a precompiled static binary. Download the following file, untar it and put the wmic binary in /usr/bin
wget https://www.observium.org/files/wmic_1.3.16_static_64bit.tar.gz
tar zxvf wmic_1.3.16_static_64bit.tar.gz
mv wmic winexe /usr/bin
You can test this can execute on your system by rtunning wmic --version
:
root@dev:~# ./wmic --version
Version 4.0.0tp4-SVN-build-UNKNOWN
root@dev:~#
Configuring WMI Security to Allow a User to Poll WMI
There are a few ways to go about this:
- Create a domain user and put them in the Administrator group for all of the servers you wish to poll with WMI
- Use a Domain Administrator account
- Create a dedicated domain user with Read permissions for WMI
Choice (1) or (2) is preferred for testing WMI since it's the fastest. By default, WMI security allows control by any Administrator of the system. If you're a Domain Administrator you can test to make sure WMIC is working properly immediately after you install (instructions below).
Choice (3), on the other hand, is the more secure but more complex option. It's recommended you take this route to reduce security risks.
Set WMI user access permissions
- Select Start > Run.
- On the Run dialog, type wmimgmt.msc in the Open field.
- Click OK to display the Windows Management Infrastructure (WMI) Control Panel.
- In the left pane of the WMI Control Panel, highlight the WMI Control (local) entry, right-click, and select the Properties menu option. This displays the WMI Control (Local) Properties dialog box.
- Select the Security tab in the WMI Control (Local) Properties dialog box.
- In the namespace tree within the Security tab, expand the Root folder. This action lists the available WMI name spaces.
- Click the CIMV2 namespace to highlight it.
- Click Security to display the Security for ROOT\CIMV2 dialog box.
- Click Add in the Security for ROOT\CIMV2 dialog box to display the Select Users or Groups dialog box.
- Add the domain user account that will be used as your proxy data collection user account. This should be a domain account (not a local computer account), but it does not need to be an account with administrative access.
- Click OK to close the Select Users or Groups dialog box and return to the Security for ROOT\CIMV2 dialog box. The user account you selected should now be listed in the Name list at the top of the dialog box.
- Select the newly added user (if it is not already selected) and enable the following permissions:
- Enable Account
-
Remote Enable.
Enable the permissions by clicking the Allow box, if it is not already checked for that permission. The Enable Account permission should already be selected, but the Remote Enable permission will need to be selected. 13. Click OK to close the Security for ROOT\CIMV2 dialog box.
The permissions should now be properly set for the proxy data collection user account.
Try a query on one of your servers
wmic --domain=DOMAIN --user=USER --password=PASSWORD //SERVER.DOMAIN.COM "SELECT * FROM Win32_ComputerSystem"
Bob!1000
you need to enter Bob\!1000
).
Example of output
When WMIC correctly installed and WMI user have correct permissions, you should see valid output like this:
$ /usr/bin/wmic --user='user' --password='password' --workgroup='OBSERVIUM' --delimiter=## --namespace='root\CIMV2' //win.server "SELECT Name FROM Win32_ComputerSystem"
CLASS: Win32_ComputerSystem
Name
WIN
Access denied
In case when WMI user not have permissions to read WMI monitoring params, you will see error like this:
$ /usr/bin/wmic --user='user' --password='password' --workgroup='OBSERVIUM' --delimiter=## --namespace='root\CIMV2' //win.server "SELECT Name FROM Win32_ComputerSystem"
[librpc/rpc/dcerpc_util.c:1290:dcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
Configure Observium
Global configuration
nano /opt/observium/config.php
// Enable default WMI Paramaters
$config['wmi']['domain'] = "domainname"; // NetBIOS Name Shorthand Domain/Workgroup (ie. notdomain.local.com)
$config['wmi']['user'] = "username";
$config['wmi']['pass'] = "passw0rd";
$config['poller_modules']['wmi'] = 1;
Device configuration
In case when you need select specific WMI modules for polling or pass specific user/passord for device, you can change it on device edit page.