Windows Exporter Configuration for Netdata Monitoring

Published: at 06:30 AM

Windows Exporter Configuration for Netdata Monitoring

This guide covers the installation and configuration of Windows Exporter with custom log file monitoring capabilities and firewall exception setup.

Configuration File

Save this configuration as config.yaml in your Windows Exporter directory (e.g., C:\windows_exporter\config.yaml):

collectors:
  enabled: cpu,memory,disk,logon,os,service,system,net,logfile

collector:
  logfile:
    files:
      - name: ArStatusUpdate
        path: 'C:\ProgramData\Infopercept\logs\ArStatusUpdate*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: IvsAgent
        path: 'C:\ProgramData\Infopercept\logs\IvsAgent*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: IvsSync
        path: 'C:\ProgramData\Infopercept\logs\IvsSync*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: IvsTray
        path: 'C:\ProgramData\Infopercept\logs\IvsTray*.log'
        pattern: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} [+-]\d{2}:\d{2}) \[(?P<severity>\w+)\] (?P<message>.*)'
      - name: osquery-install
        path: 'C:\ProgramData\Infopercept\logs\osquery-install.log'
        pattern: '=== (?P<message>.*) (?P<timestamp>\d{2}/\d{2}/\d{4}  \d{2}:\d{2}:\d{2})  (?P<extra>.*)==='
      - name: wazuh-install
        path: 'C:\ProgramData\Infopercept\logs\wazuh-install.log'
        pattern: '=== (?P<message>.*) (?P<timestamp>\d{2}/\d{2}/\d{4}  \d{2}:\d{2}:\d{2})  (?P<extra>.*)==='

log:
  level: info

Installation Steps

Let’s go through the steps to install windows_exporter with this configuration and create a firewall exception:

1. Save the Configuration

Save the configuration above to a file named config.yaml in a location of your choice, for example, C:\windows_exporter\config.yaml.

2. Download Windows Exporter

Download the windows_exporter MSI installer from the official GitHub releases page.

3. Install with MSI Command

Open a command prompt or PowerShell with administrator privileges and execute the following command to install windows_exporter with the custom configuration and create a firewall exception:

msiexec /i <path-to-windows-exporter.msi> EXTRA_FLAGS="--config.file=C:\windows_exporter\config.yaml" LISTEN_PORT=9182 ADDLOCAL=FirewallException

Replace <path-to-windows-exporter.msi> with the actual path to the downloaded MSI file.

This command does the following:

4. Verify Installation

After installation, the windows_exporter service should start automatically, and a firewall rule should be created to allow incoming connections on the specified port.

5. Verify Firewall Rule

You can verify the firewall rule by opening Windows Defender Firewall with Advanced Security and checking the Inbound Rules for a rule named “windows_exporter”.

6. Test the Exporter

To test if it’s working, open a web browser and go to http://localhost:9182/metrics. You should see metrics being exported, including those from your custom log files.

7. Test Remote Access

You can also try accessing the metrics from another machine on the network to ensure the firewall exception is working correctly.

Configuration Management

If you need to make changes to the configuration later:

  1. Modify the config.yaml file
  2. Restart the windows_exporter service:
Restart-Service windows_exporter

Log File Patterns Explained

The configuration monitors several log files with specific patterns:

Standard Log Format

For logs like ArStatusUpdate, IvsAgent, IvsSync, and IvsTray:

Installation Log Format

For osquery-install and wazuh-install logs:

Important Notes

This setup provides comprehensive Windows monitoring with custom log file metrics that can be visualized in Netdata or any other Prometheus-compatible monitoring solution.