Windows Files Monitoring
Description
This connector returns information of a specific file on Windows.
Target
Typical platform: Microsoft Windows
Operating system: Microsoft Windows
Prerequisites
Leverages: PowerShell and WMI
Technology and protocols: Commands
Variables:
matchPath: Regular expression pattern to match file names for monitoring. (C:\Users\Public\logs*.log,C:\Program Files\MetricsHub\logs*.log)contentPattern: Regular expression pattern to match file content for monitoring. (Error|Exception|Failure)
Examples
CLI
metricshub HOSTNAME -t win -c +WindowsFile --wmi -u USER
metricshub.yaml
resourceGroups:
<RESOURCE_GROUP>:
resources:
<HOSTNAME-ID>:
attributes:
host.name: <HOSTNAME> # Change with actual host name
host.type: win
connectors: [ +WindowsFile ] # Optional, to load only this connector
protocols:
wmi:
username: <USERNAME> # Change with actual credentials
password: <PASSWORD> # Encrypted using metricshub-encrypt
additionalConnectors:
WindowsFile: # Unique ID. Use 'uses' if different from the original connector ID
uses: WindowsFile # Optional - Original ID if not in key
force: true # Optional (default: true); false for auto-detection only
variables:
matchPath: <VALUE> # Replace with desired value.
contentPattern: <VALUE> # Replace with desired value.
Connector Activation Criteria
The Windows Files Monitoring connector must be selected manually, and its status will be reported as OK if all the below criteria are met:
- The command below succeeds on the monitored host:
- Command:
PowerShell.exe -ExecutionPolicy Bypass -Command "if ($env:OS -eq 'Windows_NT') { 'Windows' } else { 'Not Windows' }" - Output contains:
Windows(regex)
- Command:
Metrics
| Type | Collected Metrics | Specific Attributes |
|---|---|---|
| file | system.file.atimesystem.file.ctimesystem.file.linessystem.file.mtimesystem.file.size | idsystem.file.namesystem.file.path |
| patternMatching | system.file.keywords | idsystem.file.keywordsystem.file.namesystem.file.path |