WMIC on Linux examples

June 18 2012, by Simon Krenger

In a previous post I showed how to install the Windows Management Instrumentation (WMI) client for Linux. In this post, I wish to show a few ways on how to query a Windows-based host using the WMI client.

Using WQL, we can query almost any aspect of the Operating System. Using the available WMI Classes (for example the WMI Win32 Classes), we can easily query performance indicators such as Memory Usage, Disk Usage or the status of a certain process.

Get process ID for process

Using this query, one can get the process ID of a process. This ID can then for example be used to get other metrics with another WQL query.
$ wmic -U Administrator%mysecret //10.140.10.10 "Select ProcessId from Win32_Process Where CommandLine like '%java.exe%'"

Get WorkingSetSize for process

When monitoring certain processes, this query can help you find memory leaks or other memory-related problems.
$ wmic -U Administrator%mysecret //10.140.10.10 "Select WorkingSetSize from Win32_Process Where CommandLine like '%java.exe%'"

Get thread count for process

$ wmic -U Administrator%mysecret //10.140.10.10 "Select ThreadCount from Win32_Process Where CommandLine like '%java.exe%'"

Get private bytes for process

$ wmic -U Administrator%mysecret //10.140.10.10 "Select PrivateBytes from Win32_PerfFormattedData_PerfProc_Process Where IDProcess='%java.exe%'"

Get free physical memory for host

$ wmic -U Administrator%mysecret //10.140.10.10 "Select FreePhysicalMemory from Win32_OperatingSystem"

WQL (SQL for WMI) is a subset of SQL and features some of the important SQL keywords such as WHERE, LIKE, GROUP and HAVING.

Microsoft has an excellent documentation of WMI and also has a library of examples.

Tags: , , , , , , , ,
WMI client (WMIC) for Linux – Simon Krenger (June 27, 2012):

[...] The following example shows how to get the size of the WorkingSet of the process “java.exe” running on the remote host 192.168.20.20: wmic -U Administrator%mysecret //192.168.20.20 "Select WorkingSetSize from Win32_Process Where CommandLine like '%java.exe%'" Update: I added a set of examples here. [...]

Ken Wimer (October 2, 2012):

Does your code provide the ability to read the linux system data from a windows client?

Simon Krenger (October 2, 2012):

Hello Ken, thanks for your question.
No, WMI (Windows Management Instrumentation) is a Microsoft Windows feature, therefore you are unable to do anything other than query Windows systems with these examples.

However, you can use SSH or CIM to get Linux system data.

Kevin D (October 9, 2012):

Is there a way via the APP for format the output?

This is the only way I could format the output:
wmic -U /\% // “select * from Win32_BIOS”|awk ‘{ FS=” |”;RS=”|”}{print $0}’

Simon Krenger (October 9, 2012):

Hello Kevin,
No, I do not know of a better way to format the output, I would have done it the same way you did it (with awk, sed etc.). For more information on WQL, see here: http://msdn.microsoft.com/en-us/library/aa394606%28VS.85%29.aspx Sadly there seems to be no good documentation for the “wmic” client :(.

Ron (December 2, 2012):

Hi Simon,

is there a way to use WMIC for information about:
- Active Directory functionality (fsmo, replication etc.)
- Exchange

Thanks,
Ron

Simon Krenger (December 5, 2012):

Hello Ron,

No, I am not aware of any WQL queries that can query AD or Exchange, sorry :(. If you find something, let me know.

Alex (February 10, 2013):

WMI Active Directory Provider: http://msdn.microsoft.com/en-us/library/windows/desktop/aa384689(v=vs.85).aspx

Example: http://www.winfrastructure.net/article.aspx?BlogEntry=Get-Active-Directory-users-using-WMI

Shan Jinlai (April 10, 2013):

Hi Simon,
I am now trying to retrieve HBA adapter’s port attributes using wmic.

for example:
$wmic -U admin%password //172.18.37.114 –namespace=Root\\WMI “SELECT * FROM MSFC_FibrePortHBAStatistics”

On my machine, the command will return as following:

CLASS: MSFC_FibrePortHBAStatistics
Active|HBAStatus|InstanceName|Statistics|UniquePortId
True|0|PCI\VEN_1077&DEV_2422&SUBSYS_01331077&REV_02\5&24554dfa&0&080310_0|Unsupported|18446744071695982596

the Statistics ‘s value is show as “unsupported”. actually its type is MSFC_HBAPortAttributesResults.

Is there a way to use WMIC to query the value of attribute defined as a class structure?

Thanks,
Shan

Simon Krenger (April 10, 2013):

Sadly, no. If you look at the sources for the Linux WMI client, you can see that objects default to the string “Unsupported”:

char *string_CIMVAR(TALLOC_CTX *mem_ctx, union CIMVAR *v, enum CIMTYPE_ENUMERATION cimtype)
{
	switch (cimtype) {
	case CIM_SINT8: return talloc_asprintf(mem_ctx, "%d", v->v_sint8);
[..]
	case CIM_REFERENCE: return talloc_asprintf(mem_ctx, "%s", v->v_string);
	case CIM_CHAR16: return talloc_asprintf(mem_ctx, "Unsupported");
	case CIM_OBJECT: return talloc_asprintf(mem_ctx, "Unsupported");
	case CIM_ARR_SINT8: RETURN_CVAR_ARRAY_STR("%d", v->a_sint8);
[..]
	case CIM_ARR_REFERENCE: RETURN_CVAR_ARRAY_STR("%s", v->a_reference);
	default: return talloc_asprintf(mem_ctx, "Unsupported");
	}
}

Post a comment

Please enter a name, an e-mail address and your comment (all fields are required).
Your e-mail address will never be published or made available to any third party, I promise.