Skip to content

Instantly share code, notes, and snippets.

@anubhavg-icpl

anubhavg-icpl/windowsexporter for netdata.md

Created September 17, 2024 10:14
Show Gist options
  • Save anubhavg-icpl/6eba7406bc7d85042134dfd8d7a85f98 to your computer and use it in GitHub Desktop.
Save anubhavg-icpl/6eba7406bc7d85042134dfd8d7a85f98 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
windowsexporter for netdata.md

Certainly! I understand you want to include a firewall exception for windows_exporter as well. We can modify the msiexec command to include this. Here's an updated configuration and installation process that includes the firewall exception:

collectors:
  enabled: cpu,memory,disk,logon,os,service,system,net,logfile

collector:
  logfile:
    files:
      - name: ArStatusUpdate
        path: 'C:\ProgramData\Infopercept\logs\ArStatusUpdate*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: IvsAgent
        path: 'C:\ProgramData\Infopercept\logs\IvsAgent*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: IvsSync
        path: 'C:\ProgramData\Infopercept\logs\IvsSync*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: IvsTray
        path: 'C:\ProgramData\Infopercept\logs\IvsTray*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: osquery-install
        path: 'C:\ProgramData\Infopercept\logs\osquery-install.log'
        pattern: '=== (?P<message>.*) (?P<timestamp>\d{2}/\d{2}/\d{4}  \d{2}:\d{2}:\d{2})  (?P<extra>.*)==='
      - name: wazuh-install
        path: 'C:\ProgramData\Infopercept\logs\wazuh-install.log'
        pattern: '=== (?P<message>.*) (?P<timestamp>\d{2}/\d{2}/\d{4}  \d{2}:\d{2}:\d{2})  (?P<extra>.*)==='

log:
  level: info

Now, let's go through the steps to install windows_exporter with this configuration and create a firewall exception:

  1. Save the configuration above to a file named config.yaml in a location of your choice, for example, C:\windows_exporter\config.yaml.

  2. Download the windows_exporter MSI installer from the official GitHub releases page.

  3. Open a command prompt or PowerShell with administrator privileges.

  4. Execute the following command to install windows_exporter with the custom configuration and create a firewall exception:

msiexec /i <path-to-windows-exporter.msi> EXTRA_FLAGS="--config.file=C:\windows_exporter\config.yaml" LISTEN_PORT=9182 ADDLOCAL=FirewallException

Replace <path-to-windows-exporter.msi> with the actual path to the downloaded MSI file.

This command does the following:

  • Installs windows_exporter as a Windows service
  • Uses the custom configuration file specified by --config.file
  • Sets the listening port to 9182 (you can change this if needed)
  • Adds a firewall exception for windows_exporter (ADDLOCAL=FirewallException)

  1. After installation, the windows_exporter service should start automatically, and a firewall rule should be created to allow incoming connections on the specified port.

  2. You can verify the firewall rule by opening Windows Defender Firewall with Advanced Security and checking the Inbound Rules for a rule named "windows_exporter".

  3. To test if it's working, open a web browser and go to http://localhost:9182/metrics. You should see metrics being exported, including those from your custom log files.

  4. You can also try accessing the metrics from another machine on the network to ensure the firewall exception is working correctly.

If you need to make changes to the configuration later, you can modify the config.yaml file and restart the windows_exporter service.

Remember that the paths in the configuration file should match the actual locations of your log files. If the log files are in different locations, update the paths accordingly.

Is there anything else you'd like me to clarify or add to this setup?

@anubhavg-icpl
Copy link
Author

I understand you want to focus specifically on file-based monitoring for Windows using windows_exporter. Based on the information provided, here's a configuration tailored for file-based monitoring:

collectors:
  enabled: logfile

collector:
  logfile:
    files:
      - name: ArStatusUpdate
        path: 'C:\ProgramData\Infopercept\logs\ArStatusUpdate*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: IvsAgent
        path: 'C:\ProgramData\Infopercept\logs\IvsAgent*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: IvsSync
        path: 'C:\ProgramData\Infopercept\logs\IvsSync*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: IvsTray
        path: 'C:\ProgramData\Infopercept\logs\IvsTray*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: osquery-install
        path: 'C:\ProgramData\Infopercept\logs\osquery-install.log'
        pattern: '=== (?P<message>.*) (?P<timestamp>\d{2}/\d{2}/\d{4}  \d{2}:\d{2}:\d{2})  (?P<extra>.*)==='
      - name: wazuh-install
        path: 'C:\ProgramData\Infopercept\logs\wazuh-install.log'
        pattern: '=== (?P<message>.*) (?P<timestamp>\d{2}/\d{2}/\d{4}  \d{2}:\d{2}:\d{2})  (?P<extra>.*)==='

log:
  level: info

To use this configuration with windows_exporter, follow these steps:

  1. Save the configuration above to a file named config.yaml in a location of your choice, for example, C:\windows_exporter\config.yaml.

  2. Download the windows_exporter MSI installer from the official GitHub releases page.

  3. Open a command prompt or PowerShell with administrator privileges.

  4. Execute the following command to install windows_exporter with the custom configuration and create a firewall exception:

msiexec /i <path-to-windows-exporter.msi> EXTRA_FLAGS="--config.file=C:\windows_exporter\config.yaml" LISTEN_PORT=9182 ADDLOCAL=FirewallException

Replace <path-to-windows-exporter.msi> with the actual path to the downloaded MSI file.

This configuration focuses solely on file-based monitoring, collecting metrics from the specified log files. The windows_exporter will parse these logs according to the patterns provided, allowing you to monitor events and metrics from these files.

@anubhavg-icpl
Copy link
Author

Windows Server Monitoring with Netdata

This README provides instructions for setting up Windows server monitoring using Netdata and the Prometheus Windows Exporter.

Prerequisites

  • One or more Windows servers to monitor
  • A Linux machine to run the Netdata agent
  • A Netdata Cloud account (free)

Setup Instructions

1. Install Windows Exporter

  1. Download the latest MSI installer from the Windows Exporter releases page.
  2. Run the installer on each Windows server you want to monitor.
  3. Verify the installation by visiting http://localhost:9182/metrics on the Windows server.

2. Set up Netdata

  1. Sign up for a free account at Netdata Cloud.
  2. Copy the installation command provided.
  3. Install the Netdata agent on a Linux node using the copied command.

3. Configure Netdata to Collect Windows Metrics

  1. Edit the windows.conf file on your Netdata Linux node:
jobs:
  - name: win_server1
    url: http://<WINDOWS_SERVER_IP>:9182/metrics

Replace <WINDOWS_SERVER_IP> with the IP address of your Windows server.

4. (Optional) Set up Virtual Nodes

To monitor each Windows server as a separate node:

  1. Create a vnodes.conf file in /etc/netdata/vnodes/:
- hostname: win_server1
  guid: <GENERATED_GUID>
  1. Update the windows.conf job to include the virtual node:
jobs:
  - name: win_server1
    vnode: win_server1
    url: http://<WINDOWS_SERVER_IP>:9182/metrics

Monitoring Windows Server Metrics

Netdata will automatically collect and visualize various Windows server metrics, including:

  • CPU usage
  • Memory usage
  • Network activity
  • Disk I/O
  • Process information

You can view these metrics in real-time on the Netdata dashboard.

Monitoring Windows Applications

Netdata can also monitor common Windows applications such as:

  • IIS (Internet Information Services)
  • SQL Server
  • Exchange
  • .NET Framework
  • Active Directory

Refer to the Netdata documentation for specific configuration instructions for each application.

Troubleshooting with Machine Learning

Netdata includes built-in anomaly detection using machine learning. Enable the anomaly view on any chart or use the Anomalies tab to explore potential issues across your infrastructure.

Additional Resources

For more detailed information and advanced configurations, please refer to the official Netdata documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment