Configuration file tracking

  • Release version: Xanadu
  • Updated June 11, 2026
  • 5 minutes to read

    • The horizontal discovery process can find configuration files that belong to certain applications and add those configuration files to the CMDB. You can track the changes to these files by comparing them to previous versions.

    Warning:
    Configuration files contain sensitive system information. To prevent unauthorized access, ensure that access control lists (ACL) are placed on the Tracked Configuration file table [cmdb_ci_config_file_tracked]. Only allow authorized users to view this table or uncheck the Save Content setting.

    Components for configuration file tracking

    CI type

    All applications and hosts in your organization must have a corresponding configuration item (CI) type, which is necessary for discovering and processing applications and hosts correctly. In a base system, many CI types have configuration file paths defined for them. You can add new or modify existing definitions for tracking configuration files. See Modify tracking changes in configuration files for instructions.

    Patterns

    Configuration file tracking is available for patterns that discover applications. On the pattern, you can create tracked file definitions that specify the CI type to which the application CI belongs and the path of the configuration file. Specify as many tracked file definitions as needed. You can also specify whether you want to save the contents of configuration files so you can view and compare the contents of different versions.

    Note:

    Configuration file tracking is not available for discoveries performed by traditional probes and sensors.

    The classifier that triggers the pattern must specify the Horizontal Pattern probe, which in turn, must specify the pattern. If you upgrade your instance to the current version, not all classifiers are configured to use patterns for discovery by default.

    CMDB

    All configuration files are saved as a CI in the Tracked Configuration file [cmdb_ci_config_file_tracked] table. If you enable the content to be saved, these CI records provide the contents of the configuration files, including previous versions. From the configuration file CI record, you can compare different versions.

    Dependency maps and application service maps

    Both dependency maps and service instance maps display tracked configuration files. The relationship between a configuration file and its host is a contains relationship. The application contains the configuration file.

    For example, this IIS web server contains three tracked configuration files:
    CI containing racked configuration files
    Sometimes you organize CI types as a main CI type and its related CI types. On a service instance map, Service Mapping shows changes to configuration files of related CIs for the main CIs in inclusions. In inclusions, the system treats applications hosted on a server as independent objects. For example, the Tomcat WAR CI appears separate from its host, the Tomcat CIs. In this case, Service Mapping shows changes to configuration files of Tomcat WAR when you select Tomcat. In addition, Service Mapping displays changes to configuration files of the hardware server hosting inclusions. In this example, it is a Linux server:
    Figure 1. Map showing an inclusion with a host

    Map showing an inclusion with a host

    Deletion strategy

    You can specify what you want to do with tracked configuration file CI records when discovery can no longer find them. You can keep the configuration file CI record, automatically delete it, delete only the CI relationships to it, or mark it absent.

    Discovery patterns that support configuration file tracking by default

    These patterns provide tracked file definitions by default:

    Classifier Pattern CI Type File path of tracked file
    Apache Server Apache On Unix Pattern

    Apache On Windows Pattern

    		 Apache Web Server [cmdb_ci_apache_web_server] $config_file
    MySQL Server MySQL server On Windows and Linux Pattern MySQL Instance [cmdb_ci_db_mysql_instance] $config_file
    Microsoft IIS Server IIS Microsoft iis Web Server [cmdb_ci_microsoft_iis_web_server] EVAL(javascript: var rtrn = '';var winDir = CTX.getCommandManager().shellCommand("echo %WinDir%", false, null, null, CTX);rtrn = winDir.trim() + '\\System32\\Inetsrv\\Config\\*.config';)
    IIS Virtual Directory [cmdb_ci_iisdirectory] $install_directory + "\*.config"
    TIBCO BusinessWorks and EMS ActiveMatrix BusinessWorks ActiveMatrix Business Works [cmdb_ci_appl_tibco_matrix] $config_file
    Enterprise Message Service Tibco Enterprise Message Service [cmdb_ci_appl_tibco_message] $config_file
    Oracle Oracle DB on Windows Pattern Oracle Instance [cmdb_ci_db_ora_instance] $install_directory + "\network\admin\*.ora"
    Oracle Instance [cmdb_ci_db_ora_instance] $install_directory + "\dbs\*.ora"
    Oracle DB on Unix Pattern Oracle Instance [cmdb_ci_db_ora_instance] $install_directory + "/dbs/*.ora"
    Oracle Instance [cmdb_ci_db_ora_instance] $install_directory + "/network/admin/*.ora"
    Tomcat Tomcat Tomcat [cmdb_ci_app_server_tomcat] $install_directory + "/conf/server.xml"
    Tomcat WAR [cmdb_ci_app_server_tomcat_war] $install_directory + "/WEB-INF/web.xml"
    WMB WMB On Unix Pattern IBM WebSphere Message Broker [cmdb_ci_appl_ibm_wmb] $install_directory + "/*/etc/config/*/*.prop"
    WMB On Windows Pattern IBM WebSphere Message Broker [cmdb_ci_appl_ibm_wmb] $install_directory + "\*\etc\config\*\*.prop"
    WMQ WMQ On Windows Pattern IBM MQ Manager (formerly IBM WebSphere MQ) [cmdb_ci_appl_ibm_wmq] $install_directory + "\*\config\*"
    WMQ On Windows Pattern IBM MQ Manager [cmdb_ci_appl_ibm_wmq] $install_directory + "/bin/*.sh"

    What to do

    1. Enable configuration file tracking by setting the glide.discovery.enable_file_tracking Discovery property to true.

      You can also configure other properties to control the size and number of tracked configuration files, the time window during which changes to configuration files are tracked for a given version, and the number of changes allowed on a configuration file during that time window. See Discovery properties for details.

    2. To prevent unauthorized access to the sensitive information from configuration files, perform the following steps:
      1. Ensure that access control rules (ACL) are placed on the Tracked Configuration file table [cmdb_ci_config_file_tracked]. Only allow authorized users to view this table or uncheck the Save Content setting.
      2. Ensuring that the tracked_file_reader role that controls access to configuration file data is assigned to correct users and user groups. By default, the itil role contains the tracked_file_reader role giving all users with the itil role access to the configuration file information.
    3. Verify that the Horizontal Discovery probe is active on the classifier for the software that you want to discovery. If not, you can enable it, specify the pattern, and then disable the other probes. See Add the Horizontal Pattern probe to a classifier for instructions.
    4. Add or modify tracked file definitions to change the CI type or file path.
    5. Set the tracked files deletion strategy to specify what you want to do with tracked configuration file CI records when pattern discovery can no longer find them.
    6. Run horizontal discovery on the hosts that are running the applications you want to discover with patterns, open the application CI record, and check the Tracked Configuration Files related list.
    7. Compare two versions of tracked CI configuration files to see the actual changes made to them.