if you have a list of patches (whitelist) you can run a "Patch Analysis Job" using this whitelist. you'd run the job against a "Server Group" which contains all the servers for this vendor. it sounds like you found the whitelist functionality.
the server group could be static or dynamic (smart) but either will work.
Thank you. I think that is exactly what I need then. What format does the whitelist need to be in? ie. MS patch number, KB#, entire filename of patch, etc.
RTM, it's only on p603 :)
Under Analysis Options (Windows Servers), do any of the following:
• For Analyze only for patches specified in, use the browse button to select a file or enter a Network Shell-style path to a file that lists the QNumbers of patches that should be analyzed. The list should include only one QNumber per line. If the file name you enter is incorrect, all patches are analyzed.
When you enter a file name, three options below are automatically checked. and you
cannot clear those checks. Those options are Analyze security patches, Analyze
security tools, and Analyze non-security patches.
• For Filter out patches from result specified in, use the browse button to select a
file or enter a Network Shell-style path to a file that lists the QNumbers of patches
that should not be reported on. The list should include only one QNumber per line.
If I run a PAJ using a whitelist and I get no results back per se,
Not scanned machines:0
Total number of installed patches:0
Total number of missing patches:0
Total number of not applicable patches:0 "
what is this telling me?
Should it not, at least, show the number of patches installed and/or not applicable?
hmm - so what's in your whitelist file, and is there anything in the appserver.log or in the job run log (in the gui) that indicates an error?
and the agents are all atleast 7.4.1?
can you run this on 1 machine where you see patches missing in the live browse | hotfixes ?
Have you configured your APP server to download the .CAB files from shavlik. It shounds like you havn't yet which is why it is saying you have no patches installed
Whitelist contains just the Q numbers for ten patches.
Agents are 7.4.1
Log shows successful job.
One difference is that we have no access to the web at this time until our network adds us to the base proxy. I am having to manually download the CABs to a location on the appserver. I don't know if this would have much of an impact.
In the job described in my previous post, there is nothing at all showing in the object view. The server view is there with 0 patch counts except for missing.
when you download the cabs, where do you put them, and in the 'tools | patch analysis config' what are the download urls set to and do you have the 'check for updates' box checked?
i think that you cannot just drop the cab into the storage/templates directory on the file server, i think you need to drop them in an nsh accessible path and then change the download urls to point to that path. save a copy of the urls so when you do get proxy access you can change them back.
but i'm not 100% on that because you have been running successful analysis right?
OK, found out that when it mentions Q numbers in the whitelist, you must include the "Q". Did not get that from the instructions.
Whitelist operating as advertised...