How Do You Monitor Changes To Your BigFix Infrastructure?

Hi all …

How do you monitor changes to your BigFix server? By changes, I don’t mean running tasks/fixlets that perform work on other machines; what I mean is, tracking configuration changes to the BigFix server itself. Is the BigFix server log sufficient for this purpose? [Maybe what I really mean is an audit trail?]



I’ve had success in the past with Nagios for monitoring BigFix services on Linux and Windows infrastructure. There are plug-ins for Nagios that you can implement to extend the core functionality. For example, beyond the standard monitoring of BES service up/down, I’ve implemented a HTTP-200 test of the RD page (i.e. http://server_name:52311/rd) for the root server and top-level relays.

There’s also the log server module that could be used to audit the serveraudit.log and other critical BES logs if desired. Another possible open source log auditing solution would be Graylog.

If you’re going to audit the BES logs from the root server and top-level relays, you may want to consider adding the relevant DB2 or MSSQL logs for the BigFix database instances.

Hope that helps.


One other option is to use BigFix itself to Enforce the settings you are concerned with.

1 Like

While @TimRice is correct that you can monitor BigFix with content/policies, the downside to doing so is that your implementation can encounter stability, performance or other issues with the BESClient. While this doesn’t happen often, it did happen back in v9.5.5 with the lines of file inspector for all NIX endpoints. In that case the service PID remained up, but it became completely unresponsive to any/all commands. In that scenario any monitoring via content/policies would be rendered useless until the BESClient is restarted.


While it’s more work and infrastructure to implement an external monitoring solution like Nagios, it does offer an higher degree of reliability for monitoring and alerting. In many medium to large enterprises there may be an existing monitoring solution that you can leverage for this purpose.

Hi all … thank you for your insights! --Mark