Nagios Monitering Windows Security Upodates


#1

Right compleatly off the wall but I am looking at a way of getting nagios to monitor what windows security fixes are installed on a server.

I am currently thinking that this may have to be done as a seporate script / plugin for each of the available security fixes on the servers so that this casn then return an ok or critical result.

I am aware that there are log files with .log in c:\windows when these are installed . has any one got any thoughts on how to do this not as seportater plugins.


#2

Here we do it on a separate WSUS server so we have the distribution of the patches too. :slight_smile:

Luca


#3

There are check_log plugins that search a log file for “regex”. Perhaps that would help. But there must be a better way of managing Windows updates than this.


#4

problem is you should update the command every time a patch is released… i don’t see this as really useful… you would even need to check every winodws release in a different way…

looks as a horror scenario…

Luca


#5

Actually, I believe you could use check_snmp. I was just poking around with SNMP on some of my w2k3 servers and noticed these type entries when doing a snmpwalk:

HOST-RESOURCES-MIB::hrSWInstalledName.30 = STRING: "Windows Server 2003 Hotfix - KB 871250"
HOST-RESOURCES-MIB::hrSWInstalledName.31 = STRING: "Windows Server 2003 Hotfix - KB 873376"
HOST-RESOURCES-MIB::hrSWInstalledName.32 = STRING: "Windows Server 2003 Hotfix - KB 885835"
HOST-RESOURCES-MIB::hrSWInstalledName.33 = STRING: "Windows Server 2003 Hotfix - KB 885836"
HOST-RESOURCES-MIB::hrSWInstalledName.34 = STRING: "Windows Server 2003 Hotfix - KB 887797"
HOST-RESOURCES-MIB::hrSWInstalledName.35 = STRING: "Windows Server 2003 Hotfix - KB 890175"
HOST-RESOURCES-MIB::hrSWInstalledName.36 = STRING: “Windows Server 2003 Hotfix - KB 891711”

Note: I haven’t actually done this myself so there may be problems, but it looks to me that the info you need is available via SNMP.


#6

you still would need an updated entry on the server to check if that patch is needed or not on that particular host…

Luca


#7

For as often as hotfix come out, you would be spending all of your time configuring nagios to check 200 hosts for the new service check_hotfix123456.