Certainly! I understand you want to include a firewall exception for windows_exporter as well. We can modify the msiexec command to include this. Here's an updated configuration and installation process that includes the firewall exception:
collectors:
enabled: cpu,memory,disk,logon,os,service,system,net,logfile
collector:
logfile:
files:
- name: ArStatusUpdate
path: 'C:\ProgramData\Infopercept\logs\ArStatusUpdate*.log'
pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
- name: IvsAgent
path: 'C:\ProgramData\Infopercept\logs\IvsAgent*.log'
pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
- name: IvsSync
path: 'C:\ProgramData\Infopercept\logs\IvsSync*.log'
pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
- name: IvsTray
path: 'C:\ProgramData\Infopercept\logs\IvsTray*.log'
pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
- name: osquery-install
path: 'C:\ProgramData\Infopercept\logs\osquery-install.log'
pattern: '=== (?P<message>.*) (?P<timestamp>\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}) (?P<extra>.*)==='
- name: wazuh-install
path: 'C:\ProgramData\Infopercept\logs\wazuh-install.log'
pattern: '=== (?P<message>.*) (?P<timestamp>\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}) (?P<extra>.*)==='
log:
level: info
Now, let's go through the steps to install windows_exporter with this configuration and create a firewall exception:
-
Save the configuration above to a file named
config.yamlin a location of your choice, for example,C:\windows_exporter\config.yaml. -
Download the windows_exporter MSI installer from the official GitHub releases page.
-
Open a command prompt or PowerShell with administrator privileges.
-
Execute the following command to install windows_exporter with the custom configuration and create a firewall exception:
msiexec /i <path-to-windows-exporter.msi> EXTRA_FLAGS="--config.file=C:\windows_exporter\config.yaml" LISTEN_PORT=9182 ADDLOCAL=FirewallException
Replace <path-to-windows-exporter.msi> with the actual path to the downloaded MSI file.
This command does the following:
- Installs windows_exporter as a Windows service
- Uses the custom configuration file specified by
--config.file - Sets the listening port to 9182 (you can change this if needed)
- Adds a firewall exception for windows_exporter (ADDLOCAL=FirewallException)
-
After installation, the windows_exporter service should start automatically, and a firewall rule should be created to allow incoming connections on the specified port.
-
You can verify the firewall rule by opening Windows Defender Firewall with Advanced Security and checking the Inbound Rules for a rule named "windows_exporter".
-
To test if it's working, open a web browser and go to
http://localhost:9182/metrics. You should see metrics being exported, including those from your custom log files. -
You can also try accessing the metrics from another machine on the network to ensure the firewall exception is working correctly.
If you need to make changes to the configuration later, you can modify the config.yaml file and restart the windows_exporter service.
Remember that the paths in the configuration file should match the actual locations of your log files. If the log files are in different locations, update the paths accordingly.
Is there anything else you'd like me to clarify or add to this setup?