I'm looking to see if there is a splunk app that will look at a host and list all the software installed on said host.
The systems are mostly Red Hat and Windows 08 and 12 boxes. Both red-hat and windows provide commands to list installed software packages.
You can use the Universal Forwarder, at least for Windows. See \Program Files\SplunkUniversalForwarder\etc\apps\windows\bin\win_installed_apps.bat or /opt/splunkforwarder/etc/apps/unix/bin/package.sh. Note that the Windows script will only report installed software recorded in the Windows registry; other software (like putty) will not be reported.
That'll provide Splunk with a snapshot. Scripted inputs are configured to run after some interval, so you can run them often enough to provide constant monitoring.
Hi Rich,
Will running this batch file only give me a snapshot of the systems? Or will it provide me with ongoing status of what's installed on the systems? I'm looking for constant monitoring of installed software. I have both RH and Windows systems in my environment, but this is a step in the right direction so thanks for answering!
Do you have a means of getting such a list on your host, for example by running a command line tool?
Additionally, you'll get much more useful responses if you provide a little more info - OS for example.