The way I get around it is to us WSUS and not Xymon. I monitor WSUS periodically and print up a report. I can think of several ways of getting Xymon (rather BBWin) doing this but they all involve some scripting. Its not much use just checking for the last patch installed because it does not mean that the previous ones have been installed.
The easiest way I can see to get it into Xymon is to check the folders in the windows directory. The patches will leave a folder with the uninstall information there. If the folder is there it means the install of the patch at least nearly completed, it's likely but not %100 certain that install completed.
You could script access to the WSUS database and pull up a report automatically or trigger Xymon on the contents.
That last two is to check for the existence of the registry keys that means it is installed or even better the date and size of the files them selves. This can be scripted and the info passed to Xymon (BBWin).
With all these methods you need to have a list of the updates you want to check for. This can be a long list and they all have to be there or else a change to the installed windows components (e.g. add/remove DHCP) could remove or require a previous update. WSUS does this for you automatically but I haven't looked at how to give a status report to Xymon
Hoe this helps
Graeme
-----Original Message----- From: McDonald, Dan [mailto:Dan.McDonald at austinenergy.com] Sent: Saturday, 15 November 2008 9:39 AM To: hobbit at hswn.dk Subject: [hobbit] monitoring patch status?
I got hit up with the task of using xymon to monitor whether our windows servers are patched. I saw a plugin on deadcat that requires licensed software from shavlik.com, (and being over 4 years old, I have no idea if it works with bbwin, or if shavlik's api was still the same) but wondered if there were any other solutions out there. Minimum functionality is a list of applied patches that would show up on the client data link.
For our linux boxes, I could probably just rpm -qa --last | head and check the date that an RPM was last installed - if it's more than a month, there is probably a problem... But I don't know enough about windows to come up with a simple solution for those boxes.
-- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
Important - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Early Childhood Development.