Diff Entire Servers with UpGuard

An Introduction to Visual Diffing

One of UpGuard's core features is its ability to diff the configurations of complete servers. This can be useful when trying to figure out why machine A is working differently from machine B, or why your app in development stops working when moving from Dev to QA, or from QA to Production. Quickly discovering differences is what UpGuard was built for, and with agentless deployments and group diff, it's easier than ever to gain visibility into the configurations of your servers. It's also entirely free for up to 10 devices, so you can get started right away.

Create an Account

While we can offer an on-premises virtual appliance for paying customers who require it, the free version of UpGuard is cloud-hosted. Signing up is painless, and no payment information is necessary for the free version.

Add Servers

We call them nodes within the UpGuard app, mostly because we can scan way more than just Unix/Linux and Windows servers—we also do network devices, cloud services, databases, and more. Adding your server nodes is a straightforward process, and there are two different ways to go about it: Install the UpGuard agent, or go agentless

Making Sense of Your First Node Scans

The categorized boxes represent configuration items (CIs) that have been scanned by UpGuard. By default for a Unix/Linux server, we grab about 1,000 CIs comprising the most commonly modified configuration points on a system. You can drill down into any of these boxes to see more information about the configuration item. (For those who prefer a more traditional table-style view, that option is in there, too.) Power users will find that adding more configuration items is easy


The real power in this type of visualization becomes apparent when we begin diffing scans—either node vs. node, or one node vs. a prior scan of that node.

One-to-One Differencing

Comparing two scans is as simple as using the menu along the left to select which scan you'd like to compare to. Comparing the current scan to a previous scan of the same machine can easily answer the question, "This machine worked yesterday... What changed?" While comparing two nodes head-to-head will immediately show you every difference between two machines you expected to be the same.

The light grey boxes represent items that exist in both scans and have the same properties. For configuration files, that means they have the same content. For things like packages, this means they're present in both scans and at the same version level.

Blue and dark grey boxes represent items that exist only on one scan or the other, but not both. These could be packages that are present on one node or the other, user accounts, ports that are open, or services that are installed. Windows admins may find this particularly useful for keeping an eye on registry keys and installed hotfixes.

Yellow boxes represent items that exist in both scans, but have different attributes or content. Perhaps a .conf file has different content, or permissions have changed on a file. In the case of packages—the package is present in both scans, but at a different version. For services, maybe their status (running, stopped, etc.) is different. Any of these blocks can be clicked on to bring up a panel that will explain exactly what the difference is.

Differencing Groups

Finding inconsistencies across an entire group is just as easy. Add all the nodes you'd like to look at to a Node Group, then hit the "Diff this Group" button. What you'll see is essentially a heatmap of differences, whether you're looking at 3 nodes or 3,000. Again, you can click into any item to see exactly what the differences are and on which machines they're located.


The platform does much more than simply diffing nodes. You can create policies to establish your requirements going forward, receive versatile alerts when there's a change or deviation, and even export your good configurations to automation platforms like Puppet, Chef, Ansible, Salt, and Powershell DSC. Best of all, it's completely free for up to 10 nodes—for life.

Many organizations have rolled UpGuard out company-wide for complete visibility into their infrastructure. Get started with a free account right away, or schedule a personalized demo with our engineers who can show you what UpGuard will do for your organization.

UpGuard Customers