Inventory of system components, logs and active services

Right now, I have a dilemma. I need to come up with a (hopefully) non-interactive solution to gather auditing and data collection on a number of Windows and RHEL servers we own in a private cloud environment (we are talking about 40+ servers in all).

On Windows servers, we are using a freeware tool called WinAudit. It gives us pretty much what we need to know (even though it's not an automated application).

However, on our RHEL servers, there is no application that we have found that can collect all the information we need (as seen above) and put this into a readable text file for each system. I was considering on using Spiceworks, but this application required root-permissive ssh access to the RHEL servers and due to our guidelines, the root account is not accessible via ssh directly (root is only accessible via 'sudo'). I was thinking of trying to use SNMP for each of the RHEL servers, but discovered there is a limitation as it cannot actually print out each of the configuration/variables I am seeking for audit needs.

So, I am looking for a script, series of scripts or even a program that can be run from a central collection server that can obtain the following information from RHEL servers for auditing purposes:

- Installed software version and patches
- Error logs (i.e. syslog)
- Server security related settings
-- Configured ports (i.e. open ports and what applications are hooked to them)
-- Configured services (i.e. running processes, apache, java, etc)
-- Configured networks (i.e. ethernet settings)
-- Configured firewall (i.e. iptables)

The first one could most likely be done with just running 'yum list installed' on each RHEL server instance.
The second one could possibly be done with a syslog-ng setup on each server, then reporting back to a main server.
As for the third, I have no idea how to even consider this one as the are many parts to it -- especially since the final output needs to be in a report-like format.

Anyone know a site or application or have a group of scripts that has something about what I am looking for? Also, if someone has a better solution for the Windows aspect, I would be willing to look at this as well.
LVL 29
Michael WorshamStaff Infrastructure ArchitectAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I use spiceworks, and some administrators I know have had some difficulty with it because it is so easy.  And free too.

I've loaded it on my local desktop to test, and then to a dedicated network machine for live auditing and management.  Pretty good stuff, for free.

I recommend giving it a try.
Michael WorshamStaff Infrastructure ArchitectAuthor Commented:
I guess you didn't read very closely, but I already stated I tried using Spiceworks. Do to Spiceworks limitations with requiring a 'root' account for doing its system inventory and package checks, it isn't a viable solution in this aspect.
i have used ocs inventory

you can get all the information on hardware, hard disks, ram, and a great many other details with this freeware

the second option is to run cacti which is again a freeware which uses snmp monitoring for the said activities  available from
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Michael WorshamStaff Infrastructure ArchitectAuthor Commented:
I will take a look at the ocsinventory-ng application. Hopefully it won't have the same limitations as Spiceworks does.

As for cacti, I thought that was geared more of metric nneds (i.e. traffic) than for system inventory and checking against running services.
Michael WorshamStaff Infrastructure ArchitectAuthor Commented:
I found the best way was to just develop my own auditing script from the ground up. Our documentation librarian approved it as it providers all of the information that was needed for covering both FIPS and NIST requirements.

I am attaching a copy of it here if anyone wants to use it for their RHEL, Fedora or CentOS server environment.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sorry MWE, missed the spiceworks comment.  Glad you found a solution that meets your needs!

I use OCS Inventory It's quite powerful and has lots of config options.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.