While the tools for SNMP are available, the protocol is not enabled by default.This section explains how to enable SNMP with the standard Oracle Linux and additional Oracle PCA Management Information Bases (MIBs).The typical existing solutions are running reports through Windows Update Servers (WSUS), or running scripts against the registry to list and compare the applied patches against a baseline (Security scanners like Foundstone or Nessus do just that).The last approach is certainly the most accurate, but also the most intensive way.Together with the setup of a SNMP trap daemon, plus the passive service configuration in Nagios, we receive Windows update check results that are launched daily through the Windows scheduler.The client setup is easy on the windows system and also easy on the Nagios side, because we can leverage the existing SNMP trap implementation of our Windows Reboot Monitoring.SNMP, or Simple Network Management Protocol, is widely used to communicate with and monitor network devices, servers, and more, all via IP.
Instead it checks the correct setup of the automatic patch service, either being Microsoft Online or a local WSUS server.
With a active Nagios notification being send to our admins, I found the patching being done much faster and pro-active.
Nobody want's their servers being listed in status warning for too long.
As a result, we face the dilemma how to initiate the check and how to transport our monitoring result back to Nagios. going through all the required testing of implementing another service.
One solution is to add a service such as NRPE-NT, which is exactly made for that purpose. I tested sucessfully Trap Gen from Network Computing Technologies, Inc., a small 136KB binary that can send custom SNMP traps from Windows systems.
This tutorial describes an approach to check if Windows systems are being properly patched.
This is important in particular if you have servers in larger numbers, and you need to evaluate their compliance and risk status for your company.
With Microsoft releasing patches bi-weekly, these patch lists are growing huge over time.
Even when they finally collapse into a service pack after many month's, patch lists are frequently changing and confusing.
The result for the second command should contain a lot more information about your system, and will likely be thousands of lines.
For troubleshooting or hardware monitoring, it may be useful to enable SNMP on the servers in your Oracle PCA.