Nagios Monitering Windows Security Upodates

Right compleatly off the wall but I am looking at a way of getting nagios to monitor what windows security fixes are installed on a server.

I am currently thinking that this may have to be done as a seporate script / plugin for each of the available security fixes on the servers so that this casn then return an ok or critical result.

I am aware that there are log files with .log in c:\windows when these are installed . has any one got any thoughts on how to do this not as seportater plugins.

Here we do it on a separate WSUS server so we have the distribution of the patches too. :slight_smile:

Luca

There are check_log plugins that search a log file for “regex”. Perhaps that would help. But there must be a better way of managing Windows updates than this.

problem is you should update the command every time a patch is released… i don’t see this as really useful… you would even need to check every winodws release in a different way…

looks as a horror scenario…

Luca

Actually, I believe you could use check_snmp. I was just poking around with SNMP on some of my w2k3 servers and noticed these type entries when doing a snmpwalk:

HOST-RESOURCES-MIB::hrSWInstalledName.30 = STRING: "Windows Server 2003 Hotfix - KB 871250"
HOST-RESOURCES-MIB::hrSWInstalledName.31 = STRING: "Windows Server 2003 Hotfix - KB 873376"
HOST-RESOURCES-MIB::hrSWInstalledName.32 = STRING: "Windows Server 2003 Hotfix - KB 885835"
HOST-RESOURCES-MIB::hrSWInstalledName.33 = STRING: "Windows Server 2003 Hotfix - KB 885836"
HOST-RESOURCES-MIB::hrSWInstalledName.34 = STRING: "Windows Server 2003 Hotfix - KB 887797"
HOST-RESOURCES-MIB::hrSWInstalledName.35 = STRING: "Windows Server 2003 Hotfix - KB 890175"
HOST-RESOURCES-MIB::hrSWInstalledName.36 = STRING: “Windows Server 2003 Hotfix - KB 891711”

Note: I haven’t actually done this myself so there may be problems, but it looks to me that the info you need is available via SNMP.

you still would need an updated entry on the server to check if that patch is needed or not on that particular host…

Luca

For as often as hotfix come out, you would be spending all of your time configuring nagios to check 200 hosts for the new service check_hotfix123456.