3 Replies Latest reply on Dec 1, 2012 6:27 PM by Bill Robinson

    Collect parts for Compliance

    Steffen Kreis



      i would like to get your feedback on the way how we collect Parts inside the template for a Compliance Job.


      We have a fairly large custom compliance template which checks various things on our Windows targets.

      As an example it checks for the existence of certain files and certain registry keys.


      Initially when we implemented that we explicitly collected those files and keys as Parts inside the Component Template.

      This implementation however is throwing "Asset Collection Errors" when they don't exist on the target.


      Therefore we are now adding "FileSystem" and "Registry" as Parts to our template, which we collect to run the rules against.


      Previously i thought all parts get collected from the target and then the rules are executed against that on the App-Server-side.

      Obviously this is not really the case, as it is not collecting the whole "FileSystem" :-)


      Just wanted to get your feedback if the way of collecting these top-level objects is alright or if this may cause any trouble.



      Thanks for you help




        • 1. Re: Collect parts for Compliance

          I think there was misunderstanding with what gets collected before the rules are executed. If you have any Local Custom Objects in the Template, then those will be executed first before the Rules can be run against them.


          I think collecting the top level objects is ok for compliance, as those parts aren't really evaluated by rather provide the starting point for the Rules that use them.


          I'd be more concerned if you were talking about Audits/Snapshots of entire filesystem with recursive set on, other than that you should be good.


          You can run some base line testing, then add the filesystem part, and run another test for comparison, but I think you should be ok.

          • 2. Re: Collect parts for Compliance
            Steffen Kreis

            Hi Lazar,


            thanks for your feedback....

            We'll keep on collecting :-)



            • 3. Re: Collect parts for Compliance
              Bill Robinson

              lazar - i'm not sure about the top level behaviour - i typically use the highest level object that should be there, but i don't use top level objects like / or HLKM...  so i might use /etc/ or HKLM\Software\BladeLogic.