As a Symantec/Altiris SE I always get the question around configuration management and how can we track changes that are occurring in the environment. One specific question that comes up often in this regard is around software. My clients would like to know if it is possible to be alerted when a product is installed or un-installed. Although there are several different methods to accomplish this I will outline one example. This article will outline the steps on how to create a rudimentary policy that will send an email when software, in my case Notepad++, is either installed or uninstalled. I will be using these components in my example:
- Symantec Management Platform V7 (aka SMP, aka Notification Server version 7)
- Automation Policies (aka Notification Policy in V6)
- Inventory Solution
- Resource History
The assumption in this example is the product we are looking for is listed in the add/remove section of the machine.
The basic idea is as follows - track the history of the add/remove programs data class, create an automation policy that queries the history table of add/remove programs, if there are results then send an email to the administrator.
To start you will need to turn on history for add/remove programs. In the console go to:
Please note that you can find out which table stores inventory information by going to the Status tab of any data class.
Next we need to build the query that will pull up the right information regarding what was changed for the product NotePad++. Of course you can use the same query for other products, or all products. We'll just use NotePad++ for our example today. The query I built is the following:
SELECT InvHist_AddRemoveProgram.DisplayName as [Product Name],
InvHist_AddRemoveProgram.DisplayVersion as 'Product Version',
vComputer.Name AS [Computer Name],
vComputer.[IP Address],
vComputer.Domain,
case when InstallFlag = 1 then 'Installed' else 'Uninstalled' end as Activity,
InventoryDate as [Inventory Date]
FROM InvHist_AddRemoveProgram INNER JOIN vComputer ON InvHist_AddRemoveProgram._ResourceGuid = vComputer.Guid
WHERE (InvHist_AddRemoveProgram.DisplayName LIKE '%NotePad%')
Test this query against the CMDB to see if you get the desired results. A couple notes about the query:
- I did not include time/date range. You will want to add this to correspond to how often you are going to run the automation policy (we will create this in the next step). This way you will avoid having the same results displayed. For example, if you plan on running the policy once a day, you will want to set a date range for the field InventoryDate in the table InveHist_AddRemoveProgram to be within the range of currentdate - 24 hours.
- The InstallFlag indicates whether the software was removed or installed. That is why I have the 'Activity' field show up as 'Installed' or 'Uninstalled' depending on the value of the InstallFlag field (0 or 1).
- Now we will create the Automation Policy. In the console go to:
- Manage->Automation Policies
- Click on 'New policy'
- Give it an appropriate name
- Set the desired schedule (and repeat if desired - sounds like the instructions on a shampoo bottle J
- The data source will be 'Raw SQL Query'
- Click on the 'edit query' pencil icon
- Click on the Results tab to ensure that the results are posted
- Press ok
- Leave the Evaluation Rule at 'Run for Non-Empty Data'
- For job/tasks select the pencil icon and select the following job: Jobs and Tasks->Samples->Notification Server->Send E-mail
- You can leave the job as is. Notice that there are 2 parameterized variables, %!Subject!% and %!Message!%.
- Press ok
- Click on 'Edit Parameters'
- For Subject select [Custom] for the data source and enter in the desired subject under the Custom Value text box
- For the Message field select 'Results as HTML'
- For the To field select [Custom] data source and enter in the desired email address in the Custom Value text box
- Press ok
Now you are ready to test your Automation Policy. Click on the Test Automation button on the bottom right corner and make sure that the results come through. My email looks like the following:
If you don't get the email and/or receive an error it is most likely due to the fact that email setup was not done on the Notification Server. To check this go to:
- Settings->All Settings->Notification Server->Notification Server Settings.
- Click on the E-mail tab
- Enter in the appropriate fields
- Click the 'Send test E-mail' to make sure the settings were put in correctly.
And you're done!
A couple notes to get this "production ready":
- As mentioned before you will want to put time parameters in your query to avoid getting the same results every time the policy is run.
- You can modify the query to include/exclude fields that you deem appropriate to display in the results
- I used the example of looking at the add/remove programs section for software. You may want to look in other areas for a more consistent method of tracking installs/uninstalls of software across all platforms such as using the Inv_InstalledSoftware table. You can turn on history for this data class (same section as the add/remove programs data class described earlier in the article) and use that history table in your query.
Enjoy!