Windows
Synopsis
Creates a device collector that connects to Windows servers to gather system metrics, performance counters, and event logs. Supports both local and domain authentication methods, with configurable connection parameters and debug options.
Schema
- id: <numeric>
name: <string>
description: <string>
type: windows
tags: <string[]>
pipelines: <pipeline[]>
status: <boolean>
properties:
address: <string>
port: <numeric>
username: <string>
password: <string>
domain: <string>
timeout: <numeric>
Configuration
The following are the minimum requirements to define the device.
Device
| Field | Required | Default | Description |
|---|---|---|---|
id | Y | Unique identifier | |
name | Y | Device name | |
description | N | - | Optional description |
type | Y | Must be windows | |
tags | N | - | Optional tags |
pipelines | N | - | Optional pre-processor pipelines |
status | N | true | Enable/disable the device |
Connection
| Field | Required | Default | Description |
|---|---|---|---|
address | Y | Target server address | |
port | N | 135 | WMI port number |
username | Y | Windows username | |
password | Y | Windows password | |
domain | N | - | Domain name for domain authentication |
Advanced Configuration
To enhance performance and achieve better message handling, the following settings are used.
Performance
| Field | Required | Default | Description |
|---|---|---|---|
timeout | N | 30 | Connection timeout in seconds |
Examples
The following are commonly used configuration types.
Local
The minimum configuration using local Windows authentication:
- id: 1
name: windows_server
type: windows
properties:
address: "192.168.1.100"
username: "Administrator"
password: "secret"
Domain-Level
Configuration using domain-level authentication:
The user account must have appropriate permissions to collect performance counters and event logs. For domain authentication, the format should be either "DOMAIN\username" or "[email protected]".
- id: 2
name: domain_windows
type: windows
properties:
address: "server1.domain.local"
username: "monitor"
password: "P@ssw0rd"
domain: "DOMAIN"
timeout: 60
When multiple collectors are deployed, the server adds a random delay (up to 20 seconds) before initiating the collection to help prevent overwhelming the target server.