Archive

Using Splunk to Determine Installed Software

Explorer

I'm looking to see if there is a splunk app that will look at a host and list all the software installed on said host.

Explorer

The systems are mostly Red Hat and Windows 08 and 12 boxes. Both red-hat and windows provide commands to list installed software packages.

0 Karma

SplunkTrust
SplunkTrust

You can use the Universal Forwarder, at least for Windows. See \Program Files\SplunkUniversalForwarder\etc\apps\windows\bin\win_installed_apps.bat or /opt/splunkforwarder/etc/apps/unix/bin/package.sh. Note that the Windows script will only report installed software recorded in the Windows registry; other software (like putty) will not be reported.

---
If this reply helps you, an upvote would be appreciated.

SplunkTrust
SplunkTrust

That'll provide Splunk with a snapshot. Scripted inputs are configured to run after some interval, so you can run them often enough to provide constant monitoring.

0 Karma

Explorer

Hi Rich,
Will running this batch file only give me a snapshot of the systems? Or will it provide me with ongoing status of what's installed on the systems? I'm looking for constant monitoring of installed software. I have both RH and Windows systems in my environment, but this is a step in the right direction so thanks for answering!

0 Karma

SplunkTrust
SplunkTrust

Do you have a means of getting such a list on your host, for example by running a command line tool?

Additionally, you'll get much more useful responses if you provide a little more info - OS for example.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!