Nagios Monitering Windows Security Upodates

sbridges · July 5, 2005, 11:48am

Right compleatly off the wall but I am looking at a way of getting nagios to monitor what windows security fixes are installed on a server.

I am currently thinking that this may have to be done as a seporate script / plugin for each of the available security fixes on the servers so that this casn then return an ok or critical result.

I am aware that there are log files with .log in c:\windows when these are installed . has any one got any thoughts on how to do this not as seportater plugins.

luca · July 6, 2005, 2:06pm

Here we do it on a separate WSUS server so we have the distribution of the patches too.

Luca

jakkedup · July 7, 2005, 2:38pm

There are check_log plugins that search a log file for “regex”. Perhaps that would help. But there must be a better way of managing Windows updates than this.

luca · July 7, 2005, 2:53pm

problem is you should update the command every time a patch is released… i don’t see this as really useful… you would even need to check every winodws release in a different way…

looks as a horror scenario…

Luca

Fin · July 8, 2005, 12:37am

Actually, I believe you could use check_snmp. I was just poking around with SNMP on some of my w2k3 servers and noticed these type entries when doing a snmpwalk:

HOST-RESOURCES-MIB::hrSWInstalledName.30 = STRING: "Windows Server 2003 Hotfix - KB 871250"
HOST-RESOURCES-MIB::hrSWInstalledName.31 = STRING: "Windows Server 2003 Hotfix - KB 873376"
HOST-RESOURCES-MIB::hrSWInstalledName.32 = STRING: "Windows Server 2003 Hotfix - KB 885835"
HOST-RESOURCES-MIB::hrSWInstalledName.33 = STRING: "Windows Server 2003 Hotfix - KB 885836"
HOST-RESOURCES-MIB::hrSWInstalledName.34 = STRING: "Windows Server 2003 Hotfix - KB 887797"
HOST-RESOURCES-MIB::hrSWInstalledName.35 = STRING: "Windows Server 2003 Hotfix - KB 890175"
HOST-RESOURCES-MIB::hrSWInstalledName.36 = STRING: “Windows Server 2003 Hotfix - KB 891711”

Note: I haven’t actually done this myself so there may be problems, but it looks to me that the info you need is available via SNMP.

luca · July 8, 2005, 8:58am

you still would need an updated entry on the server to check if that patch is needed or not on that particular host…

Luca

jakkedup · July 8, 2005, 5:25pm

For as often as hotfix come out, you would be spending all of your time configuring nagios to check 200 hosts for the new service check_hotfix123456.