Add first draft of wmi metricset

elastic · herrBez · Dec 3, 2024 · Dec 3, 2024 · Dec 3, 2024 · Dec 12, 2024
commit 4c6334fe32e441ad48ae428b52154fc54b52f165
@@ -339,6 +339,7 @@ require (
 	github.com/mattn/go-ieproxy v0.0.1 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/microsoft/wmi v0.24.5 // indirect
 	github.com/mileusna/useragent v1.3.4 // indirect
 	github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8 // indirect
 	github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3 // indirect

@@ -702,6 +702,8 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/microsoft/go-mssqldb v1.7.2 h1:CHkFJiObW7ItKTJfHo1QX7QBBD1iV+mn1eOyRP3b/PA=
 github.com/microsoft/go-mssqldb v1.7.2/go.mod h1:kOvZKUdrhhFQmxLZqbwUV0rHkNkZpthMITIb2Ko1IoA=
+github.com/microsoft/wmi v0.24.5 h1:NT+WqhjKbEcg3ldmDsRMarWgHGkpeW+gMopSCfON0kM=
+github.com/microsoft/wmi v0.24.5/go.mod h1:1zbdSF0A+5OwTUII5p3hN7/K6KF2m3o27pSG6Y51VU8=
 github.com/miekg/dns v1.1.22/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs=
 github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ=

@@ -0,0 +1,37 @@
+// Config is put into a different package to prevent cyclic imports in case
+// it is needed in several locations
+
+package wmi
+
+import (
+	"time"
+
+	wmiquery "github.com/microsoft/wmi/pkg/base/query"
+)
+
+type WmibeatConfig struct {
+	Period         time.Duration `config:"period"`
+	IncludeQueries bool          `config:"include_queries"` // Whether to include the query in the document
+	IncludeNull    bool          `config:"include_null"`    // Whether to include or not nil properties
+	Host           string        `config:"host"`
+	User           string        `config:"username"`
+	Password       string        `config:"password"`
+	Namespace      string        `config:"namespace"` // Namespace for the queries
+	Queries        []QueryConfig `config:"queries"`
+}
+
+type QueryConfig struct {
+	Query  *wmiquery.WmiQuery
+	Class  string   `config:"class"`
+	Fields []string `config:"fields"`
+	Where  []string `config:"where"`
+}
+
+func NewDefaultConfig() WmibeatConfig {
+	return WmibeatConfig{
+		Period:         10 * time.Second,
+		IncludeQueries: false,
+		IncludeNull:    false,
+		Namespace:      WMIDefaultNamespace,
+	}
+}
@@ -1,9 +1,15 @@
 package wmi
 
 import (
-    "github.com/elastic/elastic-agent-libs/mapstr"
+	"fmt"
+
 	"github.com/elastic/beats/v7/libbeat/common/cfgwarn"
 	"github.com/elastic/beats/v7/metricbeat/mb"
+	"github.com/elastic/elastic-agent-libs/logp"
+	"github.com/elastic/elastic-agent-libs/mapstr"
+
+	wmiquery "github.com/microsoft/wmi/pkg/base/query"
+	wmi "github.com/microsoft/wmi/pkg/wmiinstance"
 )
 
 // init registers the MetricSet with the central registry as soon as the program
@@ -20,35 +26,99 @@ func init() {
 // interface methods except for Fetch.
 type MetricSet struct {
 	mb.BaseMetricSet
-	counter int
+	config WmibeatConfig
 }
 
+const WMIDefaultNamespace = "root\\cimv2"
+
 // New creates a new instance of the MetricSet. New is responsible for unpacking
 // any MetricSet specific configuration options if there are any.
 func New(base mb.BaseMetricSet) (mb.MetricSet, error) {
 	cfgwarn.Beta("The windows wmi metricset is beta.")
 
-	config := struct{}{}
+	config := NewDefaultConfig()
 	if err := base.Module().UnpackConfig(&config); err != nil {
 		return nil, err
 	}
 
-	return &MetricSet{
+	m := &MetricSet{
 		BaseMetricSet: base,
-		counter:       1,
-	}, nil
+		config:        config,
+	}
+
+	// Compiling the Query once
+	for i := range m.config.Queries {
+		q := m.config.Queries[i]
+		m.config.Queries[i].Query = wmiquery.NewWmiQueryWithSelectList(q.Class, q.Fields, q.Where...)
+	}
+
+	return m, nil
 }
 
 // Fetch method implements the data gathering and data conversion to the right
 // format. It publishes the event which is then forwarded to the output. In case
 // of an error set the Error field of mb.Event or simply call report.Error().
 func (m *MetricSet) Fetch(report mb.ReporterV2) error {
-	report.Event(mb.Event{
-		MetricSetFields: mapstr.M{
-			"counter": m.counter,
-		},
-	})
-	m.counter++
 
+	var err error
+
+	sm := wmi.NewWmiSessionManager()
+	defer sm.Dispose()
+
+	session, err := sm.GetSession(m.config.Namespace, m.config.Host, "", m.config.User, m.config.Password)
+
+	if err != nil {
+		return fmt.Errorf("could not initialize session %v", err)
+	}
+	_, err = session.Connect()
+	if err != nil {
+		return fmt.Errorf("could not connect session %v", err)
+	}
+	defer session.Dispose()
+
+	for _, queryConfig := range m.config.Queries {
+
+		rows, err := session.QueryInstances(queryConfig.Query.String())
+		if err != nil {
+			logp.Warn("Could not execute query %v", err)
+			continue
+		}
+
+		for _, instance := range rows {
+			event := mb.Event{
+				MetricSetFields: mapstr.M{
+					"class":     queryConfig.Class,
+					"namespace": m.config.Namespace,
+				},
+			}
+
+			if m.config.IncludeQueries {
+				event.MetricSetFields.Put(".query", queryConfig.Query)
+			}
+
+			// Get only the required properites
+			properties := queryConfig.Fields
+
+			// With special array, we retrive all properties
+			if len(queryConfig.Fields) == 1 && queryConfig.Fields[0] == "*" {
+				properties = instance.GetClass().GetPropertiesNames()
+			}
+
+			for _, fieldName := range properties {
+				fieldValue, err := instance.GetProperty(fieldName)
+				if err != nil {
+					logp.Err("Unable to get propery by name: %v", err)
+					continue
+				}
+
+				if !m.config.IncludeNull && fieldValue == nil {
+					continue
+				}
+
+				event.MetricSetFields.Put(fieldName, fieldValue)
+			}
+			report.Event(event)
+		}
+	}
 	return nil
 }