Simon Krenger

In a previous post I showed how to install the Windows Management Instrumentation (WMI) client for Linux (wmic). In this post, I wish to show a few ways on how to query a Windows-based host using the WMI client.

Using WQL, we can query almost any aspect of the Operating System. Using the available WMI Classes (for example the WMI Win32 Classes), we can easily query performance indicators such as Memory Usage, Disk Usage or the status of a certain process.

Get process ID for process

Using this query, one can get the process ID of a process. This ID can then for example be used to get other metrics with another WQL query.

$ wmic -U Administrator%mysecret //10.140.10.10 "Select ProcessId from Win32_Process Where CommandLine like '%java.exe%'"

Get WorkingSetSize for process

When monitoring certain processes, this query can help you find memory leaks or other memory-related problems.

$ wmic -U Administrator%mysecret //10.140.10.10 "Select WorkingSetSize from Win32_Process Where CommandLine like '%java.exe%'"

Get thread count for process

$ wmic -U Administrator%mysecret //10.140.10.10 "Select ThreadCount from Win32_Process Where CommandLine like '%java.exe%'"

Get private bytes for process

$ wmic -U Administrator%mysecret //10.140.10.10 "Select PrivateBytes from Win32_PerfFormattedData_PerfProc_Process Where IDProcess='%java.exe%'"

Get free physical memory for host

$ wmic -U Administrator%mysecret //10.140.10.10 "Select FreePhysicalMemory from Win32_OperatingSystem"

WQL (SQL for WMI) is a subset of SQL and features some of the important SQL keywords such as WHERE, LIKE, GROUP and HAVING.

Microsoft has an excellent documentation of WMI and also has a library of examples.