Testing failed: "Add remote capability to the wmi plugin" from issue 1747



issue "LOGSTASH-1747" would be a nice feature! I had tested it out, but it didn't work for me.
I've installed the contrib-package and modified the logstash/lib/logstash/input/wmi.rb with the following file content:

By testing my config an error has occured:
LoadError: load error: win32ole/win32ole – java.lang.UnsatisfiedLinkError: /opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-win32ole-0.8.5/lib/racob-x86.dll: /opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-win32ole-0.8.5/lib/racob-x86.dll: invalid ELF header (Possible cause: endianness mismatch)

My conf btw..:
input {
wmi {
query => "SELECT * FROM Win32_NTLogEvent WHERE (logfile='Application')"
interval => 30
host => ""
user => "logstash"
password => "test1234"

I changed some dynamic paths into hard paths in the /opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-win32ole-0.8.5/lib/jruby-win32ole.rb

#require 'racob.jar'
require '/opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-win32ole-0.8.5/lib/racob.jar'
#require 'win32ole/win32ole'
require '/opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-win32ole-0.8.5/lib/win32ole/win32ole.jar'

But by doing that and testing my config again I got another error:
missing class or uppercase package name (`org.racob.com.Dispatch')

What I'm doing wrong? :-/

My main aim is to remote collection of Windows eventlog (over the WMI protocol) on linux hosts without the need to install an agent on the Windows target.

Thanks in advance.


Logstash Developers


Marcel Müller

Affects versions