Refine your search:

Monitoring Windows Updates from Splunk

1

Hello,

Is there a way to monitor windows updates from Splunk? I have a VBScript that queries a remote machine for update history but for security reasons, our remote registry is turned off on these machines.

Is there a way to simply monitor this history on Splunk? My goal is to match up some of the file system changes that I see on my windows machines to Windows Update timing. I do not want to have to check the update consoles to see what is approved (and this doesn't tell me when they were actually applied).

Thanks for any help.

Kevin

asked 14 Feb '11, 16:46

kholleran's gravatar image

kholleran
3338629
accept rate: 25%

3 Answers:
oldestnewestmost voted
3

This is covered by the Windows app, out of the box. It even contains dashboards and reports to track this for you.

link

answered 14 Feb '11, 17:55

Ron%20Naken's gravatar image

Ron Naken
4.1k3427
accept rate: 38%

0

You can use the Splunk Windows app. It works by collecting the WindowsUpdate.log file (located in the windows\system32 folder I believe) and parsing out the information that's available from there.

link

answered 14 Feb '11, 18:34

gkanapathy's gravatar image

gkanapathy ♦
32.3k4827
accept rate: 41%

0

BUT what about remote computers? The only way I see is to copy the windowsupdate.log from each remote computer and have splunk index it.

link

answered 02 Nov '11, 08:43

MBerikcurtis's gravatar image

MBerikcurtis
957
accept rate: 25%

1

You could put the Splunk Universal Forwarder on each remote Windows computer and have it forward the update logs. That would be beter than copying them.

(02 Nov '11, 09:13) lguinn ♦
Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×498
×433
×371
×117

Asked: 14 Feb '11, 16:46

Seen: 1,806 times

Last updated: 02 Nov '11, 09:13

Related questions

Splunk Log Data Tampering: Windows File/Directory Auditing?

Process to copy index from one Windows Server to another

Scripted Input - Windows Indexer - Linux Host

Adding data from Wireshark capture windows txt file into Splunk

migrating from kiwi to splunk

How can I index SNMP traps on Windows with Splunk?

Require excel_export for windows

Windows WMI configuration

Copyright © 2005-2012 Splunk Inc. All rights reserved.