OCS Inventory
OCS Inventory NG (Open Computers and Software Inventory Next Generation) is a free and open-source IT asset management solution that enables organizations to inventory and track hardware, software, and network devices across their IT infrastructure.[1] It operates through lightweight agents deployed on client machines, which collect detailed configuration data—such as hardware specifications, installed software, and system settings—and transmit it to a central management server for storage in a database, allowing administrators to generate reports, monitor compliance, and manage assets efficiently.[2] Developed and maintained by the French company FactorFX, OCS Inventory NG has been actively available since 2001, evolving into a robust tool that supports large-scale deployments of over 150,000 machines while remaining compatible with major operating systems including Windows (Vista and later), Linux, macOS, and Android.[1][3] Key features include SNMP-based network scanning for discovering and inventorying non-agent devices like printers and switches (introduced in version 2.0), automated software package deployment via HTTP/HTTPS to ensure uniformity across endpoints, and extensive plugin support for customization.[1][2] The solution integrates seamlessly with third-party IT service management tools such as ITSM-NG, iTop, and GLPI, enhancing its utility for comprehensive IT operations and providing a flexible, cost-effective alternative to proprietary inventory systems.[1][4]Introduction
Overview
OCS Inventory NG (Open Computers and Software Inventory Next Generation), often abbreviated as OCS-NG, is an open-source asset management solution designed for collecting and managing IT asset data across computer networks. As a free software project, it enables organizations to automate the discovery, inventory, and tracking of hardware, software, and network devices in enterprise environments.[2] The system operates through a centralized management server that aggregates data from client machines, providing a web-based administration console for accessing and analyzing inventory results.[5] The primary purpose of OCS Inventory NG is to streamline IT asset management by automating the collection of detailed information on system configurations, installed software, and connected peripherals, thereby supporting efficient resource allocation and maintenance.[2] This automation reduces the need for manual audits, which traditionally consume significant time and resources in large-scale deployments.[5] Additionally, it aids in regulatory compliance by maintaining accurate records of software licenses and hardware specifications, helping organizations meet auditing requirements for standards such as ITIL or GDPR.[2] By offering centralized oversight, OCS Inventory NG empowers IT administrators to monitor asset lifecycles, detect unauthorized changes, and plan upgrades proactively. A foundational capability of OCS Inventory NG is its multi-platform support, accommodating agents on Windows (from Vista onward), Linux, Unix variants (including BSD, Sun Solaris, IBM AIX, and HP-UX), macOS, and Android devices.[3][1] This broad compatibility ensures comprehensive coverage in heterogeneous environments, where diverse operating systems coexist.[6] The agent-based data collection mechanism allows for flexible deployment via HTTP/HTTPS protocols, facilitating integration with other IT management tools where needed.[2]Key Features
OCS Inventory NG provides comprehensive hardware inventory capabilities, capturing detailed information on CPUs, memory, storage devices, peripherals such as screens and USB devices, and network interfaces including IP addresses and MAC addresses.[2] This allows administrators to maintain an up-to-date record of physical and virtual machine configurations across diverse environments.[5] The software inventory feature catalogs installed applications, including their names, versions, publishers, installation paths, and architecture details (32-bit or 64-bit), along with hotfix lists for operating systems.[2] While usage data such as runtime metrics is not natively collected in the core inventory, the system supports extensions for enhanced tracking if needed through plugins.[7] Reporting and search tools are accessible via a web-based administration console, enabling users to query assets by various criteria, generate customizable reports on inventory data, and visualize hardware and software distributions through charts and tables.[2] This interface facilitates quick asset location and compliance audits without requiring external software. OCS Inventory NG supports IP-based device discovery through the IpDiscover tool, which scans networks using ARP protocols to identify active devices, and refines data via SNMP for non-agent devices like printers, switches, and routers.[8] This capability extends visibility to unmanaged network elements. Extensibility is a core strength, with modular plugins allowing custom data collection for specific assets such as printers (via SNMP queries) and virtual machines (through plugins for hypervisors like VMware).[2] Agent-side scripts in VBScript/PowerShell for Windows or shell/Perl for Unix/Linux enable tailored inventory extensions, while server-side Perl/PHP modules enhance data processing and interface customization.[7] Compliance features include tracking software licenses by comparing installed applications against entitlement records in the database, aiding in license optimization and audit preparation.[2] Additionally, integration with CVE databases enables vulnerability scanning, where the system daily queries for known exploits matching inventoried software versions and displays risks by CVSS score.[9]History
Origins and Early Development
OCS Inventory NG originated as an open-source project initiated by the French Gendarmerie Nationale around 2001, aiming to provide a cost-effective solution for IT asset management in large-scale environments.[10] Developed by a team of French developers within the Gendarmerie and the broader open-source community, the project addressed the growing need for automated tracking of hardware and software assets across extensive networks, where proprietary tools were often prohibitively expensive or restrictive.[11] This effort marked a shift toward accessible, community-driven inventory systems, leveraging a client-server architecture to centralize data collection without vendor lock-in.[12] The project's early development focused on building a robust agent-based model, where lightweight agents installed on client machines would gather inventory data and transmit it to a central server for storage and analysis. By early 2007, the first stable public release, version 1.0, was made available in January, introducing the foundational agent-server framework that enabled periodic or on-demand inventory scans via HTTP/HTTPS protocols. This release emphasized simplicity and scalability, supporting deployment on Windows, Linux, and other Unix-like systems, and quickly gained traction among organizations requiring reliable asset visibility. A subsequent minor update, version 1.01 in February 2007, addressed initial bugs to stabilize the platform for wider use. Early adoption was prominent within European IT communities, particularly in France, where large public sector entities like the Gendarmerie Nationale (managing over 60,000 workstations) and the Caisse Nationale d'Assurance Maladie (CNAM, overseeing around 100,000 systems) integrated OCS Inventory NG as one of their initial implementations.[12] These deployments highlighted the tool's suitability for high-volume environments, fostering community contributions and refinements. In version 1.0rc3, released prior to the stable 1.0, developers introduced a module system to enhance extensibility, allowing users to customize and extend core functionalities such as inventory parsing and reporting without altering the base code. This feature laid the groundwork for future adaptability, solidifying OCS Inventory NG's role as a flexible open-source alternative in IT management.Major Releases and Milestones
OCS Inventory NG's development progressed significantly with version 2.0 in 2011, which introduced the "NG" branding to emphasize its next-generation capabilities and featured an enhanced web console built on a PHP/MySQL backend for improved data management and user interface.[13] In 2014, agent compatibility expanded to include support for mobile devices such as Android. In 2019, version 2.6 further improved overall inventory capabilities.[14][15] The 2022 release of version 2.10 incorporated CVE vulnerability scanning to help identify security risks in inventoried assets and enhanced the API to facilitate integration with third-party tools. In 2015, the project migrated to GitHub, which opened development to a wider community for collaborative contributions, and was taken over by the French company FactorFX for professional maintenance.[11][16] As of September 2024, the latest stable server release is version 2.12.3, accompanied by agent updates reaching version 2.11.0.1 in May 2025, which introduced enhanced security protocols to strengthen data transmission and protection.[17] Key milestones include the launch of annual OCS User Conferences starting in 2014 to foster knowledge sharing among users. The community has driven substantial growth, with approximately 70 user-developed plugins created since 2010 to extend functionality, such as custom inventory extensions.[18] As of November 2025, the project is developing version 3.0, a complete overhaul of the software, with a stable release targeted for the first half of 2025.[19]Technical Architecture
As of version 2.12.3 (September 2024), the server infrastructure of OCS Inventory NG consists of a management server that centralizes inventory data from client agents, comprising a database for storage, a communication server for agent interactions, and a web-based administration console for user access.[20] The core software stack includes the Apache web server (versions 2.2.x or 2.4.x) to host the application, a MySQL 8.0 or higher, or MariaDB 10.3 or higher database (using the InnoDB engine) to store inventory information, and scripting languages such as Perl 5 for the communication server and PHP 7 or higher for the web interface.[20][21] This LAMP-based architecture enables efficient processing and retrieval of asset data on Linux or Unix-like systems.[20] Agent-server communication occurs over HTTP or HTTPS protocols, with data exchanged in XML format and compressed using zlib to optimize bandwidth usage.[2] The key modules include OCSReports, a PHP-based web console for querying and managing inventory data, and the Communication Server, a Perl-based Apache module that processes pull and push requests from agents.[20] The database schema, named "ocsweb" by default and accessible on port 3306, features core tables such ashardware for device identifiers and links to other entities, accountinfo for custom fields and account details, bios for firmware information, and softwares for installed applications.[22] Additional tables handle logs and configurations, with relations established via JOINs on hardware_id rather than enforced foreign keys, supporting data organization for hardware, software, and user accounts.[22]
Installation prerequisites favor Linux distributions such as RHEL 7 and newer, Debian 10 and newer, Ubuntu 18.04 and newer, CentOS/Rocky/AlmaLinux 8 and newer, or Gentoo, requiring root privileges and activation of the MySQL InnoDB engine.[20][23] For small deployments (under 10,000 devices), a single server with at least 2 GB RAM is typically sufficient, though separate servers are recommended for larger scales.[20][24]
Security features encompass SSL encryption for HTTPS communications, particularly required for the deployment server, and user authentication integration with LDAP or Active Directory to delegate console access.[20][25]
Client Agents
The OCS Inventory NG client agents are lightweight software components installed on endpoint devices to collect and transmit inventory data to the management server. These agents operate periodically, gathering details on hardware, software, and system configurations before packaging the information for secure transmission via HTTP or HTTPS. Designed for minimal intrusion, they support a variety of operating systems and deployment scenarios, enabling automated asset management across diverse IT environments.[5] OCS Inventory NG provides native agents tailored to specific platforms, including an MSI installer for Windows, Perl-based scripts for Unix-like systems, a PKG package for Mac OS X, and an APK for Android devices. The Windows agent supports both 32-bit and 64-bit architectures and runs as a system service. Unix agents rely on Perl modules for cross-platform compatibility, while the Mac OS X agent integrates with launchd for scheduling, and the Android agent can function as a background service or standalone app. These agent variants ensure consistent inventory collection regardless of the host OS.[26][27][28][29] Installation methods vary by platform but emphasize simplicity and scalability. For Windows, agents can be deployed manually via the executable, through Group Policy Objects (GPO) in Active Directory domains, or via scripted tools like PSEXEC for silent installation. Unix agents are typically installed locally using package managers, repositories for Debian- or Red Hat-based distributions, or manual compilation from source with Perl's Makefile.PL, requiring root privileges. Mac OS X uses a graphical PKG installer with interactive prompts, while Android agents are sideloaded from APK files or installed via the Google Play Store. Automated tools like the OCS Agent Unix Packager or Ansible roles facilitate bulk deployments on Unix systems.[26][30][28][29] The core functions of the agents center on periodic inventory scans, which run at configurable intervals—defaulting to 24 hours via the PROLOG_FREQ setting—and package collected data into XML format for transmission. Scans capture hardware details (e.g., CPU, memory, peripherals), software inventories, and network information, with options to exclude certain categories like software to reduce overhead. Agents briefly reference server components for data handoff but focus on local execution, supporting features like SNMP for network devices on Unix platforms.[27][31][29] Supported platforms for current agents include Windows 7 SP1 and later, major recent Linux distributions (e.g., CentOS 8+, Debian 11+, Ubuntu 20.04+), BSD variants (FreeBSD 12+, OpenBSD 7+), Solaris 11+, AIX 7+, HP-UX 11i v3+, macOS 10.13 and later, and Android 6.0 and later; legacy agents are available for older systems. Compatibility matrices ensure ongoing support for enterprise environments, with updates addressing newer OS versions.[3][23][32][33][34] Agent configuration is handled through platform-specific files, such as ocsinventory-agent.cfg on Unix and Mac OS X, or INI files on Windows, allowing customization of server URL, SSL/TLS settings, logging levels, and tags for grouping. Options include proxy support for HTTP/HTTPS connections (specified via --proxy or config entries like proxy=url:port), wake-on-LAN compatibility for remote activation (enabled through BIOS/UEFI and agent timing), and custom fields on Unix agents via Perl hooks in extension modules (e.g., adding user-defined data collection scripts). These settings enable adaptation to network constraints and organizational needs.[27][28][26][31][35] Resource usage remains low to avoid impacting endpoint performance, with agents occupying under 10 MB of disk space post-installation and consuming minimal CPU during scans—typically brief bursts under 5% utilization on modern hardware. No persistent inbound ports are required, as communication is outbound-only.[17][27]Operation and Functionality
Inventory Collection Process
The inventory collection process in OCS Inventory NG begins with the client agent initiating contact with the management server through a mechanism known as the prolog phase. During this phase, the agent sends basic identification data, and the server responds with instructions on whether a full inventory is needed, based on factors like the age of the last inventory.[26][36] Inventory collection can be triggered in multiple ways to ensure timely data gathering. Scheduled runs occur automatically, with the agent contacting the server every PROLOG_FREQ hours (default 10 hours), incorporating a randomization delay between 0 and PROLOG_FREQ to distribute load across multiple clients. On-demand collection is possible via manual execution of the agent with the/force or --force option, bypassing the prolog check. Event-based triggers include the agent's first launch or server-directed requests during prolog, often integrated with system events like user login through deployment scripts.[26][27][37]
The agent gathers a comprehensive set of data categories to provide a detailed asset profile. Hardware information includes BIOS details (such as serial number, manufacturer, and model) obtained via WMI or DMI queries; storage drives (size, type, model, and serial); monitors (manufacturer, resolution, description, type, and serial number); processors, memory modules, video and sound cards, network interfaces, controllers, slots, and ports. Software data encompasses installed applications (name, publisher, version, language, architecture, and installation details) collected through registry scans or WMI queries, including hotfix lists from Add/Remove Programs. Network specifics cover IP addresses, MAC addresses, subnet masks, and related configurations via APIs like IpHlpAPI. User information captures logged-in or last-logged users, along with OS details like product ID, owner, and registered company. Printers are inventoried as connected input devices, including manufacturer, model, and type.[2][37][26]
Once collected, the data is formatted into an XML structure by the agent and transmitted to the server via HTTP or HTTPS POST request to the endpoint /ocsinventory. The transmission uses uncompressed XML for direct sends or compressed .ocs files in local mode, with the server—typically running on Apache with mod_perl—parsing the XML and updating the MySQL database accordingly. Authentication may be required using user credentials if configured.[26][27][5]
To manage duplicates, the system identifies machines using unique keys such as the MAC address, BIOS serial number, or the agent-generated device ID stored in ocsinventory.dat. Upon receipt, the server merges updates for existing entries or flags potential duplicates for administrative review, preventing redundant records in the database.[26][37]
Error handling ensures reliability during collection and transmission. The agent implements retry logic for failed server contacts and buffers data locally in cases of network interruptions or offline scenarios, resending upon reconnection. Detailed logs are generated for diagnostics, with verbosity levels adjustable (0-2) via options like /debug or LOGLEVEL, stored in paths such as %ProgramData%\OCS Inventory NG\Agent\ocsinventory.log on Windows or /var/log/ocsinventory-agent on Unix systems, capturing issues like HTTP errors.[26][27][37]
For scalability, OCS Inventory NG supports environments with thousands of endpoints through features like load-balanced servers and distributed architectures. A single tuned server with 4GB RAM and 2 vCPUs can handle up to 10,000 nodes, while larger deployments (over 20,000) benefit from splitting components across multiple servers or using master-slave configurations to manage high volumes of concurrent agent contacts.[24][38]
Software Deployment
OCS Inventory NG provides a built-in software deployment capability that enables administrators to distribute packages and execute commands on managed endpoints, leveraging collected inventory data to inform targeting decisions.[39] The feature operates through a central web console where packages are uploaded and configured, allowing for automated rollout to selected computers without manual intervention on each device.[40] This deployment system integrates seamlessly with the inventory module, using asset details such as operating system versions or hardware specifications to define deployment criteria.[39] The deployment engine utilizes the OCS Inventory NG agent installed on client machines to handle downloads and executions. Administrators access the web console via the "Deployment > Build" menu to upload packages in formats like MSI installers, ZIP archives for Windows, TAR.GZ for Linux, executables, or batch/PowerShell scripts.[40][39] Targeting is criteria-based, employing the search functionality to select computers by inventory attributes, such as specific OS versions (e.g., Windows 10) or hardware specs (e.g., CPU type), or by assigning packages to static groups of machines.[39] For instance, a package might be targeted to all computers with insufficient RAM based on prior inventory scans.[39] The deployment process involves several steps managed by the agent: packages are assigned priorities (0-10, with 0 being highest) and downloaded via HTTP/HTTPS in fragmented chunks to minimize network load, especially for large files exceeding configurable thresholds like 5 MB per fragment.[41][39] Upon agent communication—typically during inventory cycles—the system performs pre-deployment notifications and executes actions silently in the background, such as running scripts or installing software, without user interaction.[39] Status is tracked in the central database, with outcomes like "SUCCESS," "ERR_EXIT_CODE_1," or "ERR_DOWNLOAD_FAILED" viewable in the console for monitoring and troubleshooting.[39] Scripts and commands support dynamic variables derived from inventory data, such as %USERNAME% for user-specific paths or %SystemDrive% for drive locations, enhancing customization.[39] Scheduling occurs through configurable agent cycles, with deployments queued within a default period of 10 cycles and latencies (e.g., 60 seconds between cycles) to control timing and avoid overload.[41] Common use cases include rolling out software updates across fleets, enforcing configuration policies like security patches, and ensuring license compliance by deploying or removing unauthorized applications based on inventory reports.[39] For example, administrators might deploy an antivirus update to all Windows machines missing the latest version, using inventory criteria to identify targets.[39] Limitations include a reliance on the presence of the OCS agent for execution, with no support for native mobile device deployment, and primary testing focused on Windows environments, though Linux agents are compatible for TAR.GZ packages.[39] Rollback mechanisms are not natively provided, requiring custom scripting for reversals, and offline machines cannot be directly woken without external tools.[39]Network Discovery
OCS Inventory's Network Discovery feature utilizes the IpDiscover tool, a Perl-based scanner designed to identify unknown devices on a network without requiring the installation of OCS agents. This tool employs SNMP queries, ICMP pings, and port probes to detect active devices, enabling the discovery of hardware such as printers, routers, and switches that may not support agent deployment.[8] The discovery operates in two primary modes: passive and active. In passive mode, OCS agents on inventoried machines listen on network interfaces and scan local subnets for MAC addresses and other indicators of connected devices, with the server electing suitable agents based on criteria like operating system, connection quality, and fidelity. Active mode involves server-initiated sweeps using the ipdiscover-util.pl script, which targets configurable subnets and integrates tools like Nmap for more thorough probing.[8] Upon detection, IpDiscover generates XML-formatted output that can auto-register devices directly into the OCS server database or produce agent download links for manual installation on compatible systems. This output populates sections in the OCS web interface, such as inventoried, non-inventoried, and identified hosts, facilitating further SNMP-enhanced scanning for detailed attributes. For non-agent devices like network equipment, the process supports automatic population of inventory data without prompting for agent installs.[8][42] Configuration options allow administrators to define XML rules for classifying device types and behaviors during scans, ensuring accurate identification and categorization. Exclusion lists can be implemented to prevent scanning of sensitive network areas or known devices, reducing unnecessary traffic and false positives. These settings are managed through the OCS administration console, with parameters like scan latency and maximum host timeouts tunable for optimal operation.[8][42] Performance is enhanced by multi-threading in the IpDiscover scanner, enabling efficient handling of large-scale networks; for instance, it can process up to 20,000 hosts across 250 subnets, updating approximately 15,000 IP addresses daily in production environments. This scalability makes it suitable for enterprise networks while minimizing disruption through configurable delays between probes.[8]Integrations and Ecosystem
Compatibility with Other Software
OCS Inventory NG primarily integrates with the GLPI IT service management (ITSM) suite through the dedicated OCS Inventory NG plugin, which enables the import of asset data from OCS into GLPI and facilitates linking inventory items to service tickets for enhanced workflow management.[43][44] It also integrates with ITSM-NG, a fork of GLPI, which uses OCS Inventory for asset management and helpdesk functionalities, including a plugin engine for extended capabilities.[1] Additionally, OCS Inventory NG connects with iTop for managing shared infrastructures and asset management through dedicated connectors.[1] The system provides RESTful API endpoints, available since version 2.4, that allow third-party tools to export and retrieve inventory data.[45] In commercial environments, OCS Inventory NG can serve as a data source for IT asset management (ITAM) platforms, where inventory details can be pulled via API or database connections to populate asset tracking systems.[2] Additionally, its MySQL/MariaDB backend supports direct SQL queries, enabling custom scripts to integrate data with enterprise resource planning (ERP) systems for synchronized asset and procurement tracking.[44] Practical examples of compatibility include syncing user and group data from Active Directory via LDAP synchronization to enrich inventory records with organizational context, or exporting datasets to CSV format for analysis in tools like Microsoft Excel.[25][44] However, OCS Inventory NG lacks built-in integration with security information and event management (SIEM) systems, necessitating custom plugins or scripts to achieve such connectivity.[2]Plugins and Modules
OCS Inventory NG features an extensible module system that allows users to enhance inventory collection and reporting through custom plugins. The architecture relies on Perl-based hooks for both the agent and server components, enabling the integration of additional data gathering mechanisms without altering the core codebase. Plugins are structured around XML definitions that specify data fields and database schemas, paired with Perl scripts responsible for data collection and processing on the client side. Installation can be performed manually by extracting plugin files to designated directories, such as/usr/share/ocsinventory-reports/ocsreports/extensions/ for the server or agent-specific paths like C:\Program Files (x86)\OCS Inventory Agent\Plugins on Windows, or via the web console's Extensions tab for automated deployment and activation. Since version 2.6, the plugin installer has incorporated Python 3 and the scp package to facilitate secure file transfers during setup.[46]
Official plugins provided by the OCS Inventory NG project include Winusers for tracking local user accounts and profiles on Windows systems, SNMP for detailed device information retrieval from network equipment, and Telephony for inventorying VoIP hardware configurations. These plugins leverage the Perl hook system, such as the Map.pm module, to map collected data into the central database. For instance, the SNMP plugin extends core network scanning by querying MIBs to gather specifics like printer models or switch ports.[46][2]
The community maintains a repository at plugins.ocsinventory-ng.org, hosting over 60 plugins as of 2025, with contributions covering diverse areas such as virtualization environments and security monitoring. Examples include VMware Vcenter for ESXi host and virtual machine details, and the Security plugin for antivirus software status and vulnerability assessments. These community extensions are developed collaboratively on GitHub under the PluginsOCSInventory-NG organization, ensuring open-source accessibility.[18][47]
Plugin development follows a standardized process: developers define custom data fields via XML files to extend the inventory schema, implement collection logic in Perl scripts executed by the agent, and include version compatibility checks to align with OCS Inventory NG releases. For example, a custom plugin might add fields for environmental sensors in data centers using SNMP queries or extract software license keys from registry entries via targeted Perl modules. Developers test agent-side modules, such as Myplugin.pm, before packaging for distribution.[46][48]
Maintenance of plugins occurs independently from core updates, with developers releasing versions compatible with the latest extension engine. After installation, an Apache server restart is typically required, and deactivation through the console handles uninstallation by removing files and database entries. Version mismatches can prevent execution, so compatibility verification is essential during upgrades.[47][46]