Monitoring hardware specs on a Windows machine
84 views
Skip to first unread message
Todor Dimitrov
Nov 6, 2024, 8:05:37 AM11/6/24
to Wazuh | Mailing List
Hello,
I am very new to scripting and Wazuh as a whole so these might be stupid questions but i'll ask anyway. I found this blog post https://wazuh.com/blog/monitoring-windows-resources-with-performance-counters/ to try and set up a hardware monitor custom visualization for my Windows machine. Would this article work?
Regards,
Todor
Manuel Jose Cano Rojo
Nov 6, 2024, 8:23:55 AM11/6/24
to Wazuh | Mailing List
Hi Todor!
You can monitor your Windows endpoint hardware by simply configuring the syscollector module, I'm linking you to the related documentation.
You can monitor your Windows endpoint hardware by simply configuring the syscollector module, I'm linking you to the related documentation.
Basically, this module will automatically gather your system information and will let you know not just about the hardware specifications but also packages and other stuff.
Let me know if it helps!
Regards,
Let me know if it helps!
Regards,
Manuel.
Message has been deleted
Message has been deleted
Todor Dimitrov
Nov 8, 2024, 9:04:46 AM11/8/24
to Wazuh | Mailing List
Hello Manuel,
I have syscollector active and i can see the hardware info in the inventory section of my Windows agent and that's how it looks in the ossec.conf file:
<!-- System inventory -->
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<ports all="no">yes</ports>
<processes>yes</processes>
<!-- Database synchronization settings -->
<synchronization>
<max_eps>10</max_eps>
</synchronization>
</wodle>
I can see the hardware specs and all the info but i can't see any of the syscollector options when i try to create a line depicting RAM usage. Can you please help?
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<ports all="no">yes</ports>
<processes>yes</processes>
<!-- Database synchronization settings -->
<synchronization>
<max_eps>10</max_eps>
</synchronization>
</wodle>
I can see the hardware specs and all the info but i can't see any of the syscollector options when i try to create a line depicting RAM usage. Can you please help?
Regards,
Todor
Manuel Jose Cano Rojo
Nov 11, 2024, 2:48:09 AM11/11/24
to Wazuh | Mailing List
Hello Todor!
I'm afraid this is not possible since Wazuh does not monitor real-time RAM usage. The total amount of RAM is the metric retrieved.
I'm afraid this is not possible since Wazuh does not monitor real-time RAM usage. The total amount of RAM is the metric retrieved.
Regards,
Manuel.
Todor Dimitrov
Nov 11, 2024, 5:09:36 AM11/11/24
to Wazuh | Mailing List
Hello Manuel,
So if i want to be able to see hardware resources in real time what do i need to do?
Regards,
Todor
Manuel Jose Cano Rojo
Nov 12, 2024, 6:04:36 AM11/12/24
to Wazuh | Mailing List
Hi Todor!
I think the best you could do is reduce the scan interval for the syscollector module to keep all the retrieved information updated as soon as possible. But I'm afraid there is no real-time resource monitoring feature.
I think the best you could do is reduce the scan interval for the syscollector module to keep all the retrieved information updated as soon as possible. But I'm afraid there is no real-time resource monitoring feature.
Hope it helps!
Regards,
Manuel.
Manuel Jose Cano Rojo
Nov 12, 2024, 6:07:21 AM11/12/24
to Wazuh | Mailing List
Hello Todor,
Another thing you could do is set alerts for specific system metrics without using syscollector, but using commands and logs monitoring. Here is an example of this kind of alert under Linux systems.
Let me know if it helps!
Reply all
Reply to author
Forward
0 new messages