none
Change and Configuration Management tracking software

    Question

  • Hi,

    I am getting bored trying guessing who did what on our servers when they start behaving weirdly!

    Does anyone know an easy to use, not expensive (open-source allowed) software that can help us tracking any change in the configuration of our servers? It can be manually completed or automatically. It should not be only restricted to Windows servers as we have a few Linux boxes and we could even enter the change done to our network equipment (routers, firewalls and switches).

    Thanks for your suggestions.


    MCSE 2k3, MCTS W2k8
    Friday, January 07, 2011 10:13 AM

Answers

  • Hi there,

    I'd also like to know if there is any software can acheive this.

    Not sure if it'll help, but we currently do this by a manual process. Essentially, staff are trained that in order to change any configuration, they need to raise a Change Request (Word template), detailing all the details of the change. This is then passed onto the IT person responsible for actually making the change. It's assigned a unique "Change ID", and logged in an excel spreadsheet.

    It's a long winded process, that relies on staff being trained to raise change requests, but the end result is that we can look back from histroy of a particular system to see all the changes that were made.

    We also have a mechanism that allows for "Emergency Change Requests" that allow us to change first and raise the paperwork later. This is discouraged, but in a true emergency, allows changes to be made quickly.

    Hope this helps.

    James

    Monday, January 10, 2011 11:06 AM
  • Perhaps you could clarify further what you might expect from a system that "helps us track".  If you have diligent engineers then you could track changes in a simple spreadsheet.  I like to use a sharepoint discussion list for tracking changes because we can subscribe to the list and receive an email when a change occurs, while also discussing the change and maintaining that discussion in a single location.  But then again, we could just setup a mailbox for change tracking and have people write an email to it when they change something.

    If you don't have diligent engineers and want to find some software that actually recognizes changes, then you're faced with a very diverse set of options and there really isn't one that is good, inexpensive, and easy to use, that works across all platforms.  Since this is a Microsoft Forum I'll say that Microsoft Operations Manager is pretty good.  System Center Essentials is fairly inexpensive but their interface is still clunky.  For "what happened" type tracking I like to use Splunk.  I forward all event logs to it.  If you enable auditing on registry keys then those changes land in the logs.  If you're running a 2008r2 infrastructure then you can just use its built-in log forwarding for centralized log management.  I'm ultimately looking towards something like Tripwire Enterprise for true automated change management.

    Monday, January 10, 2011 5:16 PM

All replies

  • Hi there,

    I'd also like to know if there is any software can acheive this.

    Not sure if it'll help, but we currently do this by a manual process. Essentially, staff are trained that in order to change any configuration, they need to raise a Change Request (Word template), detailing all the details of the change. This is then passed onto the IT person responsible for actually making the change. It's assigned a unique "Change ID", and logged in an excel spreadsheet.

    It's a long winded process, that relies on staff being trained to raise change requests, but the end result is that we can look back from histroy of a particular system to see all the changes that were made.

    We also have a mechanism that allows for "Emergency Change Requests" that allow us to change first and raise the paperwork later. This is discouraged, but in a true emergency, allows changes to be made quickly.

    Hope this helps.

    James

    Monday, January 10, 2011 11:06 AM
  • Perhaps you could clarify further what you might expect from a system that "helps us track".  If you have diligent engineers then you could track changes in a simple spreadsheet.  I like to use a sharepoint discussion list for tracking changes because we can subscribe to the list and receive an email when a change occurs, while also discussing the change and maintaining that discussion in a single location.  But then again, we could just setup a mailbox for change tracking and have people write an email to it when they change something.

    If you don't have diligent engineers and want to find some software that actually recognizes changes, then you're faced with a very diverse set of options and there really isn't one that is good, inexpensive, and easy to use, that works across all platforms.  Since this is a Microsoft Forum I'll say that Microsoft Operations Manager is pretty good.  System Center Essentials is fairly inexpensive but their interface is still clunky.  For "what happened" type tracking I like to use Splunk.  I forward all event logs to it.  If you enable auditing on registry keys then those changes land in the logs.  If you're running a 2008r2 infrastructure then you can just use its built-in log forwarding for centralized log management.  I'm ultimately looking towards something like Tripwire Enterprise for true automated change management.

    Monday, January 10, 2011 5:16 PM
  • I like this idea. It looks very clean.

    Unfortunately, my team is a little bit less disciplined, so I need to go by steps to get this "ultimate" result.

    We are currently using GLPI for the helpdesk with OCS for the tracking, so to get what I want I decided to create tickets for our servers where the staff is supposed to fill and close once the modification is done. There is no approval but at least (if done correctly) a tracking about who did what.

    Thanks about the input and your ideas, I'll keep them in mind for the future.


    MCSE 2k3, MCTS W2k8
    Tuesday, February 08, 2011 4:33 PM
  • Thanks for your answer.

    I'll test Splunk to see if it can be useful.

    At the beginning, yes, I'd like to get the changes on the Microsoft systems but ultimately on everything (network switches, firewalls, ...).

    We've got licence of MOM 2005 but they didn't use it. We are very close to the limits of System Center Essentials (50 servers), I asked the staff to test it and to give me a report about it, but I'm afraid that we should go directly to the System Center "Enterprise" Edition which has too many different expensive modules.

    I heard a lot of good things about Tripwire, I'll try to find an evaluation version.

    My CIO enjoys Sharepoint, I'm sure that the idea to use it can convince him about the importance of change management.

    Thanks for your feedback.


    MCSE 2k3, MCTS W2k8
    Tuesday, February 08, 2011 4:42 PM