[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [hobbit] monitoring patch status?

To: <hobbit (at) hswn.dk>
Subject: RE: [hobbit] monitoring patch status?
From: "Shea, Graeme A" <Shea.Graeme.A (at) edumail.vic.gov.au>
Date: Sat, 15 Nov 2008 14:17:15 +1100
References: <1226702319.11679.13.camel (at) mcdonalddj-dc.austin-energy.net>
Thread-index: AclGqb1oM7NvESx/Qw6ihzh1CvB2YwAJj5tw
Thread-topic: [hobbit] monitoring patch status?

The way I get around it is to us WSUS and not Xymon. I monitor WSUS
periodically and print up a report. I can think of several ways of
getting Xymon (rather BBWin) doing this but they all involve some
scripting. Its not much use just checking for the last patch installed
because it does not mean that the previous ones have been installed.


The easiest way I can see to get it into Xymon is to check the folders
in the windows directory. The patches will leave a folder with the
uninstall information there. If the folder is there it means the install
of the patch at least nearly completed, it's likely but not %100 certain
that install completed.

You could script access to the WSUS database and pull up a report
automatically or trigger Xymon on the contents.

That last two is to check for the existence of the registry keys that
means it is installed or even better the date and size of the files them
selves. This can be scripted and the info passed to Xymon (BBWin).

With all these methods you need to have a list of the updates you want
to check for. This can be a long list and they all have to be there or
else a change to the installed windows components (e.g. add/remove DHCP)
could remove or require a previous update. WSUS does this for you
automatically but I haven't looked at how to give a status report to
Xymon

Hoe this helps

Graeme

-----Original Message-----
From: McDonald, Dan [mailto:Dan.McDonald (at) austinenergy.com]
Sent: Saturday, 15 November 2008 9:39 AM
To: hobbit (at) hswn.dk
Subject: [hobbit] monitoring patch status?

I got hit up with the task of using xymon to monitor whether our windows
servers are patched.  I saw a plugin on deadcat that requires licensed
software from shavlik.com, (and being over 4 years old, I have no idea
if it works with bbwin, or if shavlik's api was still the same) but
wondered if there were any other solutions out there.  Minimum
functionality is a list of applied patches that would show up on the
client data link.

For our linux boxes, I could probably just rpm -qa --last | head and
check the date that an RPM was last installed - if it's more than a
month, there is probably a problem...  But I don't know enough about
windows to come up with a simple solution for those boxes.

--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy
http://www.austinenergy.com


Important - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Early Childhood Development.

Follow-Ups:
- "Stop after" not shown in the Info-Page
  - From: Alexander Bech

References:
- monitoring patch status?
  - From: McDonald, Dan

Prev by Date: Re: [hobbit] monitoring patch status?
Next by Date: Re: [hobbit] HTTP error 0
Previous by thread: Re: [hobbit] monitoring patch status?
Next by thread: "Stop after" not shown in the Info-Page
Index(es):
- Date
- Thread