The present invention relates generally to computer systems, and more particularly, to monitoring of activity on computer systems.
As the popularity of the computer networks continues to increase, so does the challenge of controlling the systems making up the network where a variety of activities may be carried out over time by different people in an uncoordinated manner. Such actions may increase the challenges for network managers in monitoring change activity to address problems encountered by users and maintain a desired service level for the network. Thus, network managers may continue to look for ways to monitor changes to and the performance of the network and debug the network for any problems that may arise.
The ISO-17799/BS7799 standard defines the three most important goals of information security as confidentiality, integrity and availability. Confidentiality as used herein refers to ensuring that information is accessible only to those authorized to have access. Integrity refers to safeguarding the accuracy and completeness of information and processing methods. Availability refers to ensuring that authorized users have access to information and associated assets when required. Careful control over the computing facility's configuration is typically required to meet these goals.
In an enterprise information technology (IT) environment, ensuring system elements stay in their desired states may be a labor intense and challenging task. System administrators may need to frequently verify that system elements remain in their desired states. In a heterogeneous IT environment, important system elements typically include disparate things, such as the files/directories, settings in system configuration files, lists of ports, configuration options of system services and the like. This range of disparate elements generally requires administrators to understand each of the system elements, the commands, and the APIs to extract data from the disparate elements. The administrators generally may need to use this knowledge to continuously examine (query) the disparate elements and evaluate the data received from the disparate elements. The goal typically is to verify that the system elements have not been changed. The problem may get even more severe when new applications are introduced to an existing IT environment, further widening the list of items to be monitored and/or controlled.
One approach to this problem is the Tripwire Enterprise application available from Tripwire, Inc. Tripwire Enterprise provides single-point change auditing for auditing changes across multi-vendor servers, desktops and the like. In addition, detected changes may be reconciled with authorized changes. Tripwire Enterprise generally requires generating a snapshot of the file system, storing the snapshot in a flat file, re-running the snapshot generating code to generate a new snapshot, comparing the old snapshot to the new snapshot and reporting any detected differences. Thus, to add different devices or the like to its snapshot, the snapshot code of the Tripwire Enterprise application generally must be modified. As such, Tripwire Enterprise may require inordinate amounts of work to extend.