I'm very excited to announce that SolarWinds Server Configuration Monitor (SCM) 1.1 is now available for download! This release expands on SCM 1.0 capabilities, both giving more detail for each change detected, and adding a new data source that can be analyzed for changes:
- Detect “Who made the change” for files and registry
- Detect changes in near real-time
- Deploy PowerShell scripts and track changes in the output (with links to additional example scripts)
- Set baselines for multiple nodes at once
Who made the change? In near real-time
SCM 1.0 is good at detecting changes in your Windows files and registry, but it didn't tell you who made the change, leaving you to do some additional investigative work. SCM 1.1 adds "who made the change" by leveraging our File Integrity Monitoring (FIM) technology, which also detects changes in near real-time -- a double benefit. Near real-time allows us to catch changes almost as they happen, and gives us a separate record for each change, even if changes are happening in rapid succession.
Turning on "Who made the change"
After you install or upgrade to SCM 1.1, you can easily turn on the "Who Made the Change" feature for the servers you want to monitor via a wizard:
- From the "Server Configuration Summary -> What's New Resource," click the Set Up "Who Made the Change" Detection button
- From the "All Settings -> Server Configuration Monitor Settings -> Polling Settings Tab," click the Set Up Who Detection button
Either way, it starts the "Who Made the Change" wizard.
The first step tells you about what happens when you turn on "Who Made the Change" detection:
The second step allows you to define the server exclusion list and turn on the feature:
Once you press Enable Who Detection, SCM will push out FIM driver to the agent(s) and turn it on, so file and registry changes will be monitored in near real-time rather than polled once a minute as in SCM 1.0. You can always come back and change the exclusion list or turn off "Who Made the Change" later.
Where to see "Who made the change"
You can see who made the change (user and domain) in a number of places, represented by the person icon.
- SCM Summary: Recent Configuration Changes resource
- Node Summary: Configuration Details and Recent Configuration Changes resources
- Node: Content comparison, note the time I added to the file matches the time SCM shows the file changed.
When building an alert, you can filter on "Who made the change" and add it to the text of your alert.
The out-of-the-box SCM report includes "Who made the change" data.
Deploy and monitor the output of PowerShell scripts
Everyone's environment is different, and SCM could never monitor everything you want to "out-of-the-box." So, we added the ability to deploy and execute PowerShell scripts and compare the output over time. Now, configuration monitoring is only limited by your imagination and scripting super powers.
Adding a new script
I created a new Profile for this test, but you can add scripts to your current Profiles too.
First, create a new Profile and click Add to add a new element.
To add a PowerShell script configuration element:
- Choose PowerShell script as your Element type.
- Paste your script into the box.
- Click Add to add the element to the profile, then add again to save the profile.
Deploy and enjoy!
Once your new (or modified Profile) is ready, you can deploy it to one or more agents. From Server Configuration Monitor Settings > Manage Profiles, select the profile and click assign, then pick the servers you want, and walk through the wizard. SCM will deploy the scripts and start executing them on schedule.
Comparing the output
Comparing the output of the script over time works like any other source (file, registry, asset info) in SCM. You can set baselines and see changes in the content comparison. As you can see, the entire output of the script is captured and stored.
Mix and match elements in profiles
Don't forget -- one of the great things about SCM is you can mix and match elements in a single profile. Mix and match registry setting, multiple files, and PowerShell scripts into a single profile to monitor interesting aspects of your configurations.
Check Out Some Cool PowerShell Examples by Kevin
Keep a lookout in our SCM forums for more PowerShell script examples in the future, and feel free to post your scripts too.
Set/Reset baselines for multiple nodes at once
Our early customers in large environments were limited to setting/resetting baselines one node at time, which was very painful when the dozens or hundreds of servers were updated (like a Windows update), so we addressed it quickly in this release. Now from the Server Configuration Monitor Settings screen, you can pick multiple servers, see a quick summary of the number of baselines you'll be updating, and then reset the baselines to the current output -- easy as 1-2-3.
Don't forget to read the SCM 1.1 Release Notes to see all the goodness now available.
If you don't see the features you've been waiting for, check out the What We're Working on for SCM post for a list of features our dedicated team of configuration nerds and code jockeys are already researching. If you don't see everything you've been wishing for, add it to the Server Configuration Monitor (SCM) Feature Requests.