One question that we get often is how people can use BES to check to see if the size of RAM has changed. The reason given is that people will sometimes steal the RAM from their computers at work and bring it home.
BES keeps various types of historical information (actions, when Fixlets became relevant/nonrelevant, statistical historical information about certain properties), but this particular task of watching the RAM change requires that you first record the RAM value and then compare it to see if it changes.
This is a pretty straight-forward set of custom Fixlets and so I put them together (they are attached).
Here are the instructions:
Import the two Fixlets (BES 6.0+ only).
Create a policy action from the Fixlet “Record Current RAM Value”, which will set the current RAM size in the registry (along with the time it was recorded).
The Fixlet “Amount of RAM has Changed!” will become relevant if the RAM changes (it also gives you an action to reset the RAM value if necessary).
The same technique can be applied to pretty much any property (or collection of properties).
I tested this minimally and it seemed to work OK. Let me know if it works for you or if it needs some enhancements.
And to get an email alert for this (BES 6.0+ only), you can do this:
First create the report you want and store it:
Go to Web Reports. “Create” a report.
Select all Fixlets. Find the “Amount of RAM has Changed!” Fixlet.
Store this report.
Then make a scheduled activity to email whenever it changes:
Go to “Schedule”.
“New”. Choose “Stored Report” and select your report.
Choose “Generate Report on each refresh” and make sure the box “Send email/store archive only when report has changed” is checked.
Check the “Email” box and then select the email settings that you want.
After doing this, if someone steals some RAM, it will trigger the Fixlet to be relevant. Each time the Web Reports refreshes its information (20 minutes by default), it will see if this report has changed and if there are new computers relevant, it will email you and let you know.
I set up the action and then the email alert feature…further we tried to have a change done onto one of the Desktop and we even got an alert for the same…thats great…
was just thinking what could be the other aspects we can touch…any suggestiosn how this can be utilised more…
i was deploying the first fixlet which set the registry of current ram
then
i was deploying the second fixlet,
i’m able to received an e-mail notification from BES report, but i couldn’t see the amount number of RAM that change ? is it only notified that the RAM has change without any information whether the RAM decrease / increase ? say from 512 to 256 or from 512 to 1000 ?
You could create an analysis with the following property
if ((exists value “LastRamSize” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix” of registry) AND (value “LastRamSize” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix” of registry as integer) != (size of ram /1024/1024)) then ((size of ram /1024/1024) - (value “LastRamSize” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix” of registry) as integer) as string else “No Change”
This will return the difference between the baselined value which you can then report on.
Do you know how to compare two custom properties in the Scheduled Activities on webreport on “Match Relevance conditions”? I need to compare the values of two custom properties with clause greater than/less than.(> <).
exists
value
"LastRamSize"
of
key
"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix"
of
registry)
AND
(value
"LastRamSize"
of
key
"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix"
of
registry
as
integer)
!=
(size
of
ram
/
1024
/
1024
))
then
((size
of
ram
/
1024
/
1024
)
(value
"LastRamSize"
of
key
"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix"
Thanks a lot for your greatest support on bigfix. I am having a small request that we need an email notification whenever a machine is not reporting since last 30 days. That email should contains operating system along with the host name. We have windows as well unix machines.
