Systems Management Question

Best Practice for Patch Reporting?

09/01/2016 704 views
What kind of report setup do you guys use when reporting on deployed patches?

Insofar as our patching strategy, what I have set up in the environment right now is as follows:

A daily detect job finds all missing patches, emails a report to the tech responsible for patching during that cycle.
A deployment job deploys all missing patches.
A post-deployment detect job finds all missing patches, emails a report to the tech.

The tech then has to manually compare the two, because the report in question cannot filter for a given patch label.  The way the report filters are set up are as follows:
  • Label Names = "* Servers - All (SL)"
  • Detect Status = "NOTPATCHED"
  • Label Names = "* 2016-08 Server Patches (2)"
This report is a duplicate of the pre-packaged "For a group of devices, what patches are installed" report, with the exception of changing the variables in the first two fields and adding the third, yet it does not work.

What I get is a report that shows ALL patches missing.  The "* 2016-08 Server Patches (2)" label contains a static group of patches that we manually approved, and only shows critical patches (we don't apply the "important" ones), yet the report shows every missing patch; both critical and important.

Has anyone found a workaround for this?  Or is anyone else not experiencing this same issue?

Alternately, is there a way to show patch severity in the report?
0 Comments   [ + ] Show comments


Be the first to answer this question

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ