In the electronic environment of today, computer systems undergo constant changes. In order to keep up with these changes, it is important that users of these systems be able to monitor the systems. Monitoring can be classified into several different types, including active monitoring and passive monitoring. Passive monitoring includes any observation that does not modify a computer system. To this extent, passive monitoring can include scanning a file system to perform a compliance check, scanning a registry to determine which applications are currently installed on the system, security scanning, file system inspection, license usage monitoring, and the like. In contrast, activities, such as patching, applying a security update, etc., that involve modification of the computer system are referred to as active monitoring.
In a standard single-kernel computer system, passive monitoring often includes running one or more programs in the background of the system to perform passive monitoring functions. However, this solution becomes less practical in computer systems, such as virtual server type computer systems, in which a large number of instances are executed on the same physical machine. For example, a snapshot creator program, while consuming relatively little space and/or resources when run once on a single kernel system, consumes increasingly larger amounts of space and/or resources when an instances of it is included and running in every virtual server instance in a virtual machine.
One way of performing passive monitoring of a computer system that minimizes the limitations mentioned above utilizes a system “snapshot.” Such a “snapshot” can capture data corresponding to the file system, the running state and/or any other information in software stack of a particular system, virtual or otherwise, at a particular point in time. This “snapshot” can then be evaluated by passive monitoring software without affecting the execution of the system itself.