'WMI Query Language'에 해당되는 글 3건

  1. 2013.08.22 WQL (SQL for WMI)
  2. 2013.08.19 Windows Management Instrumentation (WMI) Client for Linux (3)
  3. 2009.11.16 WMI - Windows Management Instrumentation
2013. 8. 22. 10:59

WQL (SQL for WMI)

728x90

The WMI Query Language (WQL) is a subset of the American National Standards Institute Structured Query Language (ANSI SQL)—with minor semantic changes. The following table lists the WQL keywords.

WQL keywordMeaning
ANDCombines two Boolean expressions, and returns TRUE when both expressions are TRUE.
ASSOCIATORS OFRetrieves all instances that are associated with a source instance.

Use this statement with schema queries and data queries.

__CLASSReferences the class of the object in a query.
FROMSpecifies the class that contains the properties listed in a SELECT statement. Windows Management Instrumentation (WMI) supports data queries from only one class at a time.
GROUP ClauseCauses WMI to generate one notification to represent a group of events.

Use this clause with event queries.

HAVINGFilters the events that are received during the grouping interval that is specified in the WITHIN clause.
ISComparison operator used with NOT and NULL. The syntax for this statement is the following:

IS [NOT] NULL

(where NOT is optional)

ISAOperator that applies a query to the subclasses of a specified class. For more information, see ISA Operator for Event QueriesISA Operator for Data Queries, and ISA Operator for Schema Queries.
KEYSONLYUsed in REFERENCES OF and ASSOCIATORS OF queries to ensure that the resulting instances are only populated with the keys of the instances, which reduces the overhead of the call.
LIKEOperator that determines whether or not a given character string matches a specified pattern.
NOTComparison operator that use in a WQL SELECT query, for example:

SELECT * FROM meta_class WHERE NOT __class < "Win32" AND NOT __this ISA " Win32_Account"

NULLIndicates an object does not have an explicitly assigned value. NULL is not equivalent to zero (0) or blank.
ORCombines two conditions.

When more than one logical operator is used in a statement, the OR operators are evaluated after the AND operators.

REFERENCES OFRetrieves all association instances that refer to a specific source instance. Use this statement with schema and data queries. The REFERENCES OF statement is similar to the ASSOCIATORS OF statement. However, it does not retrieve endpoint instances; it retrieves the association instances.
SELECTSpecifies the properties that are used in a query.

For more information, see SELECT Statement for Data QueriesSELECT Statement for Event Queries, or SELECT Statement for Schema Queries.

TRUEBoolean operator that evaluates to -1 (minus one).
WHERENarrows the scope of a data, event, or schema query.
WITHINSpecifies a polling or grouping interval.

Use this clause with event queries.

FALSEBoolean operator that evaluates to 0 (zero).

 

Note  Using a WQL key word as an object name can result in a query that cannot be parsed—even when the query compiles without error.

Related topics

WQL Operators
WQL-Supported Date Formats
WQL-Supported Time Formats


출처 : http://msdn.microsoft.com/



Trackback 0 Comment 0
2013. 8. 19. 14:29

Windows Management Instrumentation (WMI) Client for Linux

728x90


If you don’t want to install external monitoring application to your Windows, the easiest way to monitor it is to use WMI (Windows Managament Instrumentation).
This is an infrastructure for management data and operations on Windows-based operating systems and it is available by default from Windows 2000 through Windows 7 to Windows 2008 R2.
For more details about WMI see the following pages:


Windows Managament Instrumentation on WIKI
Windows Managament Instrumentation on MSDN


For example, using WMI you can query the running processes or services from your remote server running Windows-based operating system or get a lot of important information about this host.


It sounds good, doesn’t it? But there is a problem on Linux, you need a WMI client if you want to monitor your Windows but this is not available on the most distributions by default.
On Ubuntu, you can download it from ubuntu packages, but only for Hardy: http://packages.ubuntu.com/hardy/wmi-client
Unfortunately, this version does not work with Windows Vista or above.
If you try to to run a query to Vista or Windows 7, you will receive the following error message:

ERROR: WMI query execute.
NTSTATUS: NT code 0xc002001b – NT code 0xc002001b

Also, this package is not available above Hardy because it has been removed because of licensing problem: link


So, if you want to use this useful wmi client (it’s free under GPLv2), you need to dowload it from Zenoss website and compile it for yourself.
It is very easy:
Download wmi client from zenoss repository or just use this link (perhaps it will be changed if newer version will be available):
wmi-client 1.3.13


Compiling:


tar xvf wmi-1.3.13.tar.bz2
cd wmi-1.3.13
export ZENHOME=<yourpath>/wmi-zenoss/wmi-1.3.13
make

After compiling has finished, you can find wmi client(wmic) in wmi-1.3.13/Samba/source/bin directory. I tried it on my Ubuntu Lucid and worked very well.


Now, let’s see a few examples:


To query processes that are running on my remote Windows 7 (Note: you should give the correct domainname,username and password of your system):

./wmic -U <domainname>/<username>%<password> //10.100.32.1 “SELECT CommandLine,Name,ProcessId FROM Win32_Process”


CLASS: Win32_Process
CommandLine|Handle|Name|ProcessId
“C:Windowssystem32cmd.exe” |3512|cmd.exe|3512
C:WindowsExplorer.EXE|2740|explorer.exe|2740
C:Windowssystem32lsass.exe|436|lsass.exe|436

To query running services:

./wmic -U  <domainname>/<username>%<password> //10.100.32.1 “SELECT Caption,CreationClassName,DisplayName,Name,PathName,ProcessId,State,ServiceType FROM Win32_Service WHERE State=’Running’”


CLASS: Win32_Service
Caption|CreationClassName|DisplayName|Name|PathName|ProcessId|ServiceType|State
Security Accounts Manager|Win32_Service|Security Accounts Manager|SamSs|C:Windowssystem32lsass.exe|436|Share Process|Running
RPC Endpoint Mapper|Win32_Service|RPC Endpoint Mapper|RpcEptMapper|C:Windowssystem32svchost.exe -k RPCSS|628|Share Process|Running

Or just to query disk capacity of “C:”:

./wmic -U <domainname>/<username>%<password> //10.100.32.1 “SELECT DriveLetter,Capacity,FileSystem,FreeSpace FROM Win32_Volume WHERE DriveLetter=’C:’”


CLASS: Win32_Volume
Capacity|DeviceID|DriveLetter|FileSystem|FreeSpace
21367877632|\?Volume{aa579964-997d-11df-a2d4-806e6f6e6963}|C:|NTFS|12676456448

As you can see, these are just  simple queries like SQL, but WMI uses WQL (WMI Query Language) and you can also use “*” wildcard to query all fields.
For more details about WQL: Link


Also, you should know the available WMI classess (like Win32_Volume or Win32_Service in my examples):WMI classes


Now, you are able to monitor your Windows-based servers with WMI from Linux, too. Have fun!



출처 : pzolee.blogs.balabit.com


Trackback 0 Comment 3
  1. Favicon of https://blog.pages.kr 날으는물고기 2013.08.19 14:53 신고 address edit & del reply

    use strict;
    use warnings;

    use Win32::OLE;
    use Win32::OLE::Variant;

    STDOUT->autoflush;

    my $wmi = Win32::OLE->GetObject('winmgmts:\\\\SYSTEM\root\cimv2') or die Win32::OLE->LastError;
    my $list = $wmi->ExecQuery('SELECT * FROM Win32_PerfFormattedData_Counters_ProcessorInformation');
    my $n = 0;
    for my $cpu (in $list) {
    printf "%s: %d%%\n", $n ? "CPU$n" : ' ALL', $cpu->PercentProcessorTime;
    $n++;
    }

  2. Favicon of https://blog.pages.kr 날으는물고기 2013.08.19 14:53 신고 address edit & del reply

    output

    ALL: 8%
    CPU1: 8%
    CPU2: 12%
    CPU3: 6%
    CPU4: 12%
    CPU5: 6%
    CPU6: 6%
    CPU7: 6%

  3. 2013.10.24 20:07 address edit & del reply

    비밀댓글입니다

2009. 11. 16. 14:29

WMI - Windows Management Instrumentation

728x90

WMI(Windows Management Instrumentation)

윈도우즈 2000 부터 WMI는 지원되어 왔다. 거의 모든 윈도우즈의 시스템은 표준에 따르는 단일 인터페이스를 사용해서 내부의 정보를 관리 하고 상호 작용하기 위한 방법으로 WMI를 사용한다. WMI를 사용하면 시스템 관리정보를 손쉽게 엑세스하고 조작할수 있다.
거의 모든 윈도우즈 시스템의 정보를 얻어오거나( OS정보, 하드웨어 정보, 네트워크 정보, 소프트웨어 정보, 서비스 정보 등등 ) 조작을 수행할수 있다.

WMI의 가장 큰 이점은 응용 프로그램 개발자가 다양한 정보를 공통의 아키텍처를 통해 엑세스 할수 있다는 것이다.
하드웨어 / OS / 소프트웨어에 대한 정보를 모두 엑세스 할수 있다.

WMI는 Windwos OS의 여러 컴포넌트의 핵심 아키텍쳐으로 특히 WBEM(Web-based Enterprise Management)과 DMTF(Desktop Management Task Force's)이 이 WMI로 구현되어 있다.


 - 공급자
   COM 인터페이스를 통해 WMI에 데이터를 제공한다.

 - 소비자
   응용 프로그램이나 스크립트이다. 정보를 수집하려는 클래스만 알면 정보를 얻어 올수 있다.
   ( C++이나 VB, C# 등을 사용해 쉽게 구현이 가능 하다 )

 - CIM 리포지토리 / CIMON (객체 관리자)
   객체들의 데이터베이스(클래스 정의 및 인스턴스)를 CIM 리포지토리라 하고 이는 CIMON으로 관리된다.
   이들은 WInMgmt라는 시스템 서비스로 나타나며 COM으로 접근이 가능하다.

 

WQL ( WMI Query Language )


WMI을 조작/엑세스 하는 ANSI-SQL 을 따르는 Query 언어

* WML에 공급자를 등록하거나 이벤트를 생성 처리하는 것들에 대한 정보는 MSDN 을 참고

 

* 할수 있는 작업들

1 . 메인보드 시리얼 구하기( VB )

Dim objs
Dim obj
Dim WMI

Set WMI = GetObject("WinMgmts:")
Set objs = WMI.InstancesOf("Win32_BaseBoard")
For Each obj In objs
 MsgBox (obj.SerialNumber)
Next

2 . WIndows계정 정보 변경

 

Win32_ComputerSystem.Rename

 

3 . 메소드를 이용한 프로세스 실행

 

4 . 메인보드 / CPU / VGA / RAM / HDD / CDROM 정보 구하기

 

5 . 서비스 상태/중지/시작 가능

 

6 . IIS 컨트롤 가능

 

7 . 설치된 소프트웨어 목록 보기

 

8 . 이 모든게 원격으로 컨트롤 가능

 

WMI를 c++에서 사용 코드... ( 코드는 첨부 )

 
         // 접속 처리
        Wmi wmi;
        if( wmi.connect() == false )
                return -1;
        Wmi::RowSet rs1;

        std::wcout << L"[CPU]" << std::endl;
        if( wmi.getClassProperties(  L"Win32_Processor", rs1 ) == false )
                return -1;
        std::wcout << L"" << rs1[0][L"Name"] << L" * " << rs1[0][L"NumberOfCores"] << L"\n" << rs1[0][L"Version"]  << std::endl;

        std::wcout << L"[Keyboard]" << std::endl;
        if( wmi.getClassProperties(  L"Win32_Keyboard", rs1 ) == false )
                return -1;
        std::wcout << L"" << rs1[0][L"Description"] << std::endl;

        std::wcout << L"[Mouse]" << std::endl;
        if( wmi.getClassProperties(  L"Win32_PointingDevice", rs1 ) == false )
                return -1;
        std::wcout << L"" << rs1[0][L"Caption"] << std::endl;

        std::wcout << L"[HDD]" << std::endl;
        if( wmi.getClassProperties(  L"Win32_DiskDrive", rs1 ) == false )
                return -1;
        std::wcout << L"" << rs1[0][L"Model"] << L"(" << rs1[0][L"Size"] << L")" << std::endl;

        std::wcout << L"[Sound]" << std::endl;
        if( wmi.getClassProperties(  L"Win32_SoundDevice", rs1 ) == false )
                return -1;
        std::wcout << L"" << rs1[0][L"Name"] << std::endl;

        std::wcout << L"[Video]" << std::endl;
        if( wmi.getClassProperties(  L"Win32_VideoController", rs1 ) == false )
                return -1;
        std::wcout << L"" << rs1[0][L"VideoProcessor"] << std::endl;

        std::wcout << L"[OS]" << std::endl;
        if( wmi.getClassProperties(  L"Win32_OperatingSystem", rs1 ) == false )
                return -1;
        std::wcout << L"" << rs1[0][L"Caption"] << L" " << rs1[0][L"CSDVersion"] << std::endl;
 
출력 결과 
[CPU]
Intel(R) Core(TM)2 CPU          6300  @ 1.86GHz * 2
Model 15, Stepping 6
[Keyboard]
PC/AT 101키 호환 키보드/USB 키보드(종류 1)
[Mouse]
Logitech USB Wheel Mouse
[HDD]
ST3320620AS(320070320640)
[Sound]
Realtek High Definition Audio
[Video]
GeForce 7600 GT
[OS]
Microsoft Windows XP Professional Service Pack 3
 


출처 : http://blog.naver.com/laster40

Trackback 0 Comment 0