Compliance can only use live servers, it doesn't use snapshots. Also - compliance will show a green check if the job was successfully run, even if there are items that are not in compliance, so it's just like audit in that respect.
i'm not sure i understand why compliance won't work on your live servers. the rules can be written to handle varying conditions across the targets - so in your file system example, why can't you iterate over your file system list and then the conditions get triggered by the type or something other than the name ?
also - it's not clear if you are trying to check the state of the target systems against a known ruleset or just against how they were configured last time the snapshot ran. if the latter, why wouldn't the 'change tracking' work ? that compares the state the server configuration to itself over time.
Bill, It’s not that simple. I can’t say what file systems should be on a given server. I need to know if what was there at a point in time is still there.
For example, lets say on 1/1/2014 we had the following servers and file systems
The file system names and mount points could vary widely among the servers. I need to know if today Servera has the same file systems mounted it had on 1/1/2014. The same for serverb, serverc……..
I guess audit may work as the job status does highlight if there are differences. I guess I wasn't looking at it correctly.
Is there a way to programmaticly tell the audit to look at the most recent snapshot or conversely have it look at the oldest snapshot? I'm thinking I use the oldest snapshot method that way if someone runs another snapshot against the server it doesn't mess with my audit results.
yes - you would just run the snapshot job daily, and then in the snapshot job results there is a 'change tracking tab'. you do not need to create a separate audit job.
Doesn’t that only apply compare the current snapshot to the previous snapshot? Or does ‘change tracking’ keep it comparing to the original one?
Change tracking compares the current snapshot to the previous one. if you want to compare it to a ‘baseline’ snapshot you will need to write a script that will modify the audit job after every snapshot run to update the target snapshot. I think my old ‘change tracking’ script that’s posted here somewhere did that. but imo it’s easier to use the change tracking and just get notification of the changes.
Since this may not be a regular tracking type of activity I don’t think the change tracking will work. We need to compare to a point in time. It seems there may be no real way to do this ‘natively’ but I’ll look for the script you mention to see what we can do.
Can you think of another process which may help me to compare a huge list of servers to their previous 'baseline'? Even if it does not use snapshot or audit. Audit would work well if I could create an audit that did server to snapshot correlation but I can only pick 1 baseline snapshot. That will not work as I'm not comparing a large number of servers to a single standard, essentially each server is it's own, undefined, standard.
1 baseline snapshot per server ? or one baseline snapshot for all servers ?
Each server should be compared to a snapshot of itself so 1 snapshot per server.
you can probably result a lot of the logic in my change tracking script, what you would do is skip the part where the audit is re-mastered, and just have it re-targeted. so you will have 1 snapshot job, i think you could do it for all targets, then you'd have 1 audit for each target. the master would be the baseline snapshot for that server, and the target would get flipped to the latest snapshot for that server.
why do you want to make the target a snapshot though? why not just the live server ?
The source of configuration data is the snapshot. I need to know that a server looks like it used to some time in the past.
Right, so you take 1 snapshot, per server and that is the master of the audit. The target of the audit can be the live server. then you just run the audit over and over. No need to run the snapshot job after you get your baseline.