Right compleatly off the wall but I am looking at a way of getting nagios to monitor what windows security fixes are installed on a server.
I am currently thinking that this may have to be done as a seporate script / plugin for each of the available security fixes on the servers so that this casn then return an ok or critical result.
I am aware that there are log files with .log in c:\windows when these are installed . has any one got any thoughts on how to do this not as seportater plugins.
There are check_log plugins that search a log file for “regex”. Perhaps that would help. But there must be a better way of managing Windows updates than this.
problem is you should update the command every time a patch is released… i don’t see this as really useful… you would even need to check every winodws release in a different way…
Actually, I believe you could use check_snmp. I was just poking around with SNMP on some of my w2k3 servers and noticed these type entries when doing a snmpwalk:
HOST-RESOURCES-MIB::hrSWInstalledName.30 = STRING: "Windows Server 2003 Hotfix - KB 871250"
HOST-RESOURCES-MIB::hrSWInstalledName.31 = STRING: "Windows Server 2003 Hotfix - KB 873376"
HOST-RESOURCES-MIB::hrSWInstalledName.32 = STRING: "Windows Server 2003 Hotfix - KB 885835"
HOST-RESOURCES-MIB::hrSWInstalledName.33 = STRING: "Windows Server 2003 Hotfix - KB 885836"
HOST-RESOURCES-MIB::hrSWInstalledName.34 = STRING: "Windows Server 2003 Hotfix - KB 887797"
HOST-RESOURCES-MIB::hrSWInstalledName.35 = STRING: "Windows Server 2003 Hotfix - KB 890175"
HOST-RESOURCES-MIB::hrSWInstalledName.36 = STRING: “Windows Server 2003 Hotfix - KB 891711”
Note: I haven’t actually done this myself so there may be problems, but it looks to me that the info you need is available via SNMP.