Archive

Using Splunk to Determine Installed Software

kabobb
Explorer

I'm looking to see if there is a splunk app that will look at a host and list all the software installed on said host.

kabobb
Explorer

The systems are mostly Red Hat and Windows 08 and 12 boxes. Both red-hat and windows provide commands to list installed software packages.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You can use the Universal Forwarder, at least for Windows. See \Program Files\SplunkUniversalForwarder\etc\apps\windows\bin\win_installed_apps.bat or /opt/splunkforwarder/etc/apps/unix/bin/package.sh. Note that the Windows script will only report installed software recorded in the Windows registry; other software (like putty) will not be reported.

---
If this reply helps you, an upvote would be appreciated.

martin_mueller
SplunkTrust
SplunkTrust

That'll provide Splunk with a snapshot. Scripted inputs are configured to run after some interval, so you can run them often enough to provide constant monitoring.

0 Karma

kabobb
Explorer

Hi Rich,
Will running this batch file only give me a snapshot of the systems? Or will it provide me with ongoing status of what's installed on the systems? I'm looking for constant monitoring of installed software. I have both RH and Windows systems in my environment, but this is a step in the right direction so thanks for answering!

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Do you have a means of getting such a list on your host, for example by running a command line tool?

Additionally, you'll get much more useful responses if you provide a little more info - OS for example.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!