Solved a problem at work today, and it happened to involve a log. We have a huge stock of laptops that are loaned out for short periods of time. Today, someone realized a stick of RAM had been stolen out of one, causing a huge shit storm amongst bosses wondering if this was about to become a rampant problem. I wrote a script that pulls the computer's amount of physical memory, checks it against the factory installed amount, and if there is a difference, triggers a warning and writes to a log file.
Not a foolproof solution by any stretch of the means for someone who knows what they are doing, but the users of these machines are operating on a high-school dropout intelligence level. Not joking. Anyone with a basic knowledge of how to disable this script and clear the log doesn't need the money from stealing a stick of RAM, and they will all likely be scared shitless the first time they see the warning popup if anyone decides to pull a fast one again. This solution also took a trivial amount of time.
How do we do this on Windows? I want this fucking thing. I want it on all of our servers.
It's called snmp. If you have a Dell server, for example, you can run the Dell Openmanage service (which you should be anyway). This extends all of the hardware component monitoring out via snmp, and you can poll it via the mib and just about any snmp monitoring tool (e.g., Nagios or CA Spectrum). All server vendors have equivalent services. There are also agents that will extend hardware and software watches.
Comments
Not a foolproof solution by any stretch of the means for someone who knows what they are doing, but the users of these machines are operating on a high-school dropout intelligence level. Not joking. Anyone with a basic knowledge of how to disable this script and clear the log doesn't need the money from stealing a stick of RAM, and they will all likely be scared shitless the first time they see the warning popup if anyone decides to pull a fast one again. This solution also took a trivial amount of time.
You can even configure Windows to send an snmp trap via its own services from the Event Log. Not poll-based, but still worthwhile.
Linux is trivially simple to monitor via SNMP. Just use net snmp.
Edit: It sounds like we need to do a show on this specifically.