We have a requirement to design a monitoring application for our Windows client machines and I'm chasing up some information on the the WMI architecture. Our current plan is to use fairly simple VBScript scripts to periodically query the database, writing relevant information to flat files for later transfer to a central server (where all the heavy lifting of analysis and reporting already exists for our non-Windows machines.
I've tried looking for an answer to this question on MSDN and the net at large, but all the articles seem particularly "fluffy" - lots of "how to use it" but little on "how it works internally".
Take for example a VBScript segment like:
set wmi = getObject("winmgmts:\\.\root\cimv2")
set itemCpu = wmi.get("Win32_PerfRawData_PerfOS_Processor.Name='_Total'")
n = itemCpu.PercentProcessorTime
or:
set wmi = getObject("winmgmts:\\.\root\cimv2")
set colMem = wmi.execQuery(
"select AvailableKBytes from Win32_PerfRawData_PerfOS_Memory",,48)
Now, I understand that these goes out to the CIM database and retrieve the relevant entries, and I think there's a disconnect between the collecting of information into that database and the extraction of it.
In other words, statistics are collected and written to the database by Windows regardless of whether anyone is requesting information from said database. My understanding can best be summed u开发者_C百科p as:
+------------+ req/ ========
| Monitoring | resp / \ stats +------------+
| Processes | <-------> < Database > <-------- | Collectors |
| | \ / +------------+
+------------+ ========
\_____________________________/ \_____________________________/
On-demand Always happening
But I'm interested in the process whereby the database is populated, in more depth. Things like:
- How can we tell how often, and under what circumstances, information is added to the database by the Windows "collectors"?
- Does the Windows kernel write process information on every task switch?
- Does it write memory information every second?
- Does it only update the database on demand (when a monitoring application requests information)?
That's the sort of stuff I'm trying to find out.
Does anyone have that sort of information, or links to technically-minded articles or whitepapers on the subject?
In short, the WMI metabase is updated in real time. For example, view systems timezone class:
wmic timezone get /all /format:list
Then change the systems regional zone setting and re-check the timezone class again.
The UAC (from Win VISTA onwards) plays a greater part in WMI infrastructure: http://msdn.microsoft.com/en-us/library/windows/desktop/aa826699(v=VS.85).aspx
This turorial article (pretty good) describes the CIM architecture: http://www.wbemsolutions.com/tutorials/CIM/index.html
This MSDN article describes MOF: http://msdn.microsoft.com/en-us/library/windows/desktop/aa823192(v=vs.85).aspx
So in summary, there is no hard and fast rule for when the CIM database is re-populated, it depends on what the system is doing at the time and/or what a user does.
I'm not sure the information you require is really documented in depth anywhere.
From what I understand of WMI, it is all based around a consumer/provider mechanism and its the implementation of those providers that are responsible for keeping information up-to-date. Your scripts are then consumers.
One book I can recommend to you is "Developing WMI Solutions" by Craig Tunstall and Gwyn Cole. It's about 800 pages and I think it really contains more than enough detail for anyone that wants to work with WMI, including developing consumer applications and custom providers.
http://www.amazon.com/Developing-WMI-Solutions-Management-Instrumentation/dp/0201616130
精彩评论