Best Practice for Patch Reporting?
What kind of report setup do you guys use when reporting on deployed patches?
Has anyone found a workaround for this? Or is anyone else not experiencing this same issue?
Insofar as our patching strategy, what I have set up in the environment right now is as follows:
A daily detect job finds all missing patches, emails a report to the tech responsible for patching during that cycle.
A deployment job deploys all missing patches.
A post-deployment detect job finds all missing patches, emails a report to the tech.
The tech then has to manually compare the two, because the report in question cannot filter for a given patch label. The way the report filters are set up are as follows:
- Label Names = "* Servers - All (SL)"
- Detect Status = "NOTPATCHED"
- Label Names = "* 2016-08 Server Patches (2)"
This report is a duplicate of the pre-packaged "For a group of devices, what patches are installed" report, with the exception of changing the variables in the first two fields and adding the third, yet it does not work.
What I get is a report that shows ALL patches missing. The "* 2016-08 Server Patches (2)" label contains a static group of patches that we manually approved, and only shows critical patches (we don't apply the "important" ones), yet the report shows every missing patch; both critical and important.
Has anyone found a workaround for this? Or is anyone else not experiencing this same issue?
Alternately, is there a way to show patch severity in the report?
0 Comments
[ + ] Show comments
Answers (0)
Please log in to answer
Be the first to answer this question
