If you don’t want to install external monitoring application to your Windows, the easiest way to monitor it is to use WMI (Windows Managament Instrumentation).
This is an infrastructure for management data and operations on Windows-based operating systems and it is available by default from Windows 2000 through Windows 7 to Windows 2008 R2.
For more details about WMI see the following pages:
Windows Managament Instrumentation on WIKI
Windows Managament Instrumentation on MSDN
For example, using WMI you can query the running processes or services from your remote server running Windows-based operating system or get a lot of important information about this host.
It sounds good, doesn’t it? But there is a problem on Linux, you need a WMI client if you want to monitor your Windows but this is not available on the most distributions by default.
On Ubuntu, you can download it from ubuntu packages, but only for Hardy: http://packages.ubuntu.com/hardy/wmi-client
Unfortunately, this version does not work with Windows Vista or above.
If you try to to run a query to Vista or Windows 7, you will receive the following error message:
ERROR: WMI query execute.
NTSTATUS: NT code 0xc002001b – NT code 0xc002001b
Also, this package is not available above Hardy because it has been removed because of licensing problem: link
So, if you want to use this useful wmi client (it’s free under GPLv2), you need to dowload it from Zenoss website and compile it for yourself.
It is very easy:
Download wmi client from zenoss repository or just use this link (perhaps it will be changed if newer version will be available):
wmi-client 1.3.13
Compiling:
tar xvf wmi-1.3.13.tar.bz2
cd wmi-1.3.13
export ZENHOME=<yourpath>/wmi-zenoss/wmi-1.3.13
make
After compiling has finished, you can find wmi client(wmic) in wmi-1.3.13/Samba/source/bin directory. I tried it on my Ubuntu Lucid and worked very well.
Now, let’s see a few examples:
To query processes that are running on my remote Windows 7 (Note: you should give the correct domainname,username and password of your system):
./wmic -U <domainname>/<username>%<password> //10.100.32.1 “SELECT CommandLine,Name,ProcessId FROM Win32_Process”
CLASS: Win32_Process
CommandLine|Handle|Name|ProcessId
“C:Windowssystem32cmd.exe” |3512|cmd.exe|3512
C:WindowsExplorer.EXE|2740|explorer.exe|2740
C:Windowssystem32lsass.exe|436|lsass.exe|436
…
To query running services:
./wmic -U <domainname>/<username>%<password> //10.100.32.1 “SELECT Caption,CreationClassName,DisplayName,Name,PathName,ProcessId,State,ServiceType FROM Win32_Service WHERE State=’Running’”
CLASS: Win32_Service
Caption|CreationClassName|DisplayName|Name|PathName|ProcessId|ServiceType|State
Security Accounts Manager|Win32_Service|Security Accounts Manager|SamSs|C:Windowssystem32lsass.exe|436|Share Process|Running
RPC Endpoint Mapper|Win32_Service|RPC Endpoint Mapper|RpcEptMapper|C:Windowssystem32svchost.exe -k RPCSS|628|Share Process|Running
…
Or just to query disk capacity of “C:”:
./wmic -U <domainname>/<username>%<password> //10.100.32.1 “SELECT DriveLetter,Capacity,FileSystem,FreeSpace FROM Win32_Volume WHERE DriveLetter=’C:’”
CLASS: Win32_Volume
Capacity|DeviceID|DriveLetter|FileSystem|FreeSpace
21367877632|\?Volume{aa579964-997d-11df-a2d4-806e6f6e6963}|C:|NTFS|12676456448
…
As you can see, these are just simple queries like SQL, but WMI uses WQL (WMI Query Language) and you can also use “*” wildcard to query all fields.
For more details about WQL: Link
Also, you should know the available WMI classess (like Win32_Volume or Win32_Service in my examples):WMI classes
Now, you are able to monitor your Windows-based servers with WMI from Linux, too. Have fun!
출처 : pzolee.blogs.balabit.com
댓글