cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

SAM Monitoring via WMI?

We are looking at using WMI to monitor windows servers due to the lack of SNMP v3 support from Microsoft. We use SNMP to monitor applications and services, and would need to use WMI to do the same. Just wondering if anyone here is currently doing that and if it works okay, and if it's better/worse than using SNMP?

 

Thanks, Kevin

0 Kudos
6 Replies
Level 7

Thanks for the replies mesverrum, sturdyerde, sreenathmp! I was told that applications and services couldn't be monitored when using WMI, and wondered if that was actually the case. 

0 Kudos

Maybe whoever told you that meant that you can't use the same templates, if you had an snmp service monitor you would need to replace it with a wmi service monitor.
- Marc Netterfield, Github
0 Kudos


@gothamyyc wrote:

Thanks for the replies mesverrum, sturdyerde, sreenathmp! I was told that applications and services couldn't be monitored when using WMI, and wondered if that was actually the case. 


That is incorrect. Applications and services can be monitored with WMI. 😀

0 Kudos

You'll have a much better experience monitoring Windows Servers with WMI instead of SNMP[v2]. WMI is native to Windows, built as an extension to the industry-standard CIM. It can be used to query virtually anything about a Windows system.

Please note that the term "WMI" (Windows Management Instrumentation" can sometimes be used to refer to:

  • a data set (what data you are querying about a system)
  • a query language (how you ask for the data)
  • a provider (the engine that provides the data to query)

When Orion sends a WMI over the network to a node, it can either one of these sets of protocols: 

  • WinRM - Sends encrypted data through HTTP on TCP port 5985 or through HTTPS on TCP port 5986. This is more efficient and more secure. Use this.
  • Or using legacy protocols through DCOM and RPC, which require a gazillion firewall ports to be opened. Much less efficient and not as secure for your infrastructure. Don't use this anymore. 😀

From when I was consulting I'd say the majority of people who use SAM use WMI, it allows a lot of additional data to be collected.  They both work fine.  WinRM polling was recently added in the latest release and they say that's supposed to be much more efficient and easier for firewall rules.

- Marc Netterfield, Github
Level 12

I think most of the SAM components for Windows are WMI based. With 2020.2 they are encouraging WinRM.