Is there a way to monitor windows updates from Splunk? I have a VBScript that queries a remote machine for update history but for security reasons, our remote registry is turned off on these machines.
Is there a way to simply monitor this history on Splunk? My goal is to match up some of the file system changes that I see on my windows machines to Windows Update timing. I do not want to have to check the update consoles to see what is approved (and this doesn't tell me when they were actually applied).
Thanks for any help.
asked 14 Feb '11, 16:46
This is covered by the Windows app, out of the box. It even contains dashboards and reports to track this for you.
answered 14 Feb '11, 17:55
You can use the Splunk Windows app. It works by collecting the WindowsUpdate.log file (located in the windows\system32 folder I believe) and parsing out the information that's available from there.
answered 14 Feb '11, 18:34
BUT what about remote computers? The only way I see is to copy the windowsupdate.log from each remote computer and have splunk index it.
answered 02 Nov '11, 08:43