Conceptually similar to SNMP, but not the same. You configure Splunk with a service account. Periodically, Splunk will login to those designated systems and collect WMI information. The service account needs the proper rights and privileges to read WMI on each system.
-AK On Tue, Jul 10, 2012 at 7:34 PM, Champ Clark III <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 7/10/12 6:56 PM, anthony kasza wrote: >> I second the Splunk suggestion. You can collect events via WMI - >> no agents necessary. > > Sort of a side note, > > WMI you have to "probe" for the messages, no? Sorta of like SNMP trap? > Is that correct, because that's what I've been told. Just curious. > > Thanks. > > - -- > - - Champ Clark III ([email protected]) > Quadrant Information Security (http://quadrantsec.com) > Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A > GPG Key ID: 0381878A > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJP/MoVAAoJENnmXt7Lmc3KXi8H/iRx0ovRHPw2WtaQ5cgOirPO > xJ+ycLxdo/Z4w86cOnexdQIHJEEfgveB4P2mty/yKQRhzIVftnE6JD1gARPxBwLj > evj2+6XeRydkpJBL9XXyX6N1LDkXQWmnAv7LIcerY8QJudjN+DlcjVQAS1+6gduh > CKHuTEiFgRwx+l31BqwqkPWNyS+Ota6H9Jbp7M0YZBgM1plxTOeAqwMbGejKFyU1 > ju1Nhky5bNc2PC8SkZPi39W4yres4c7ef+aQ05fzwiqGvS/uzYP/PfvQmm96onXm > UZcF4EOzgqtofYenOdn+NnAmaMzDyDV45Hu22RFyexRLeI3hApwdHxFghFiY48I= > =aiac > -----END PGP SIGNATURE----- > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
