2 Replies Latest reply on Aug 17, 2015 12:10 PM by Joseph Christl

    Patch Analysis with includes/excludes

    Joseph Christl

      So was curious about the BMC Server Automation Windows Patch Analysis jobs includes/excludes portion.  For the longest time I have had a "BlackList" exclude that basically would filter out all the "bad" patches or hotfixes, but recently I noticed some strange anomalies and was on the hunt for more detail with how the includes/excludes worked. 


      I did find some BMC online documentation in regards to BMC Bladelogic Portal 1.2 with Redhat and it had a little graphic that stated Includes minus excludes equals Patch Analysis (here).


      When I go to the Online help for BMC Server Automation 8.6 it doesn't make any specific mentioning of that.  So is that the case for the Bladelogic Server Automation console that Includes minus excludes = Patch Analysis?



        • 1. Re: Patch Analysis with includes/excludes
          Yanick Girouard

          If you have both explicit include filters and exclude filters in your patch analysis job, then yes it's true. The patches to be analyzed are the results of the included list minus the exclude list, which is perfectly logic.


          To keep in mind: Windows and unix patching work very differently.


          On Windows, regardless of the filters provided in the PAJ job, the actual scan that is done on the target by the Shavlik engine checks for everything and returns the whole list of what's installed or missing (results.xml). The application server then filters out those results based on the filters you have added to the PAJ job, if any. In other words, all of the filtering is done by the application server when the analysis results comes back, and not on the target itself.


          For Red Hat, it's different because it's using yum under the covers, which means it needs either the list of packages to search for (includes are passed to the yum update command-line) or list of packages to exclude (exclude=... in the yum.conf file in generates). The data is not filtered by the application server in this case, but rather parsed to be displayed as objects instead of plain text results which yum normally produces...

          • 2. Re: Patch Analysis with includes/excludes
            Joseph Christl

            Ok thanks.  I don't have direct control over the Patch Catalog itself but our BMC admins do have two smart groups within named

            "Approved Microsof Patches - White list" & "Approved Microsof Patches - Black list".  They told me to just add an exclude for the Blacklist and go with that.  But recently I was getting non-microsoft patches  included and couldn't understand why.


            I should be fine by adding the white list as an include and the blacklist as an exclude.


            Thank you.@