This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Patch Manager Reporting

FormerMember
FormerMember


Hi All,

I use a single Patch Manager PAS to patch servers in multiple domains across 2 WSUS servers. Reporting is essential given the number of servers being managed (850+). I have not been able to utilize the PM reporting tools to date and I would like to make a start. I need help to create a high-level report that will detail the following:

·         Number of servers in WSUS per Domain

·         Broken into categories (Prod & Non Prod) with patch dates:

o        a)Non prod – patched up to XX date

o        b)Prod patched up to xx date

I have raised a support ticket with SolarWinds but I got a reply pointing me to a kb article on how to create reports from scratch.

Cheers,

Wasim.

  • Greetings Wasim.

    Getting the number of servers per domain and/or per WSUS server can be obtained from the stock WSUS Server Computers Info report, which is found in the Windows Server Update Services report category. A simple solution is to group by the desired columns, and the Group Header line for each group will provide a count of the number of objects in that group. If you group by Domain and Role, the Domain group header will tell you the number of computers in each role for each Domain. If you group by WSUS Server and then by Role, the WSUS Server group header will tell you the number of computers in each role for each WSUS server. You could also customize this report to provide just the count information. Open this report in the editor, and delete all of the fields except WSUS Server, Domain, Role and Computer, and then convert the Role column to have a COUNT(Computer) aggregation. Finally, also be aware that this type of basic statistical information is also available on the Patch Manager Web Console, which is a new feature in v1.8.

    Breaking them into categories works along the same concept, except you would likely use WSUS Target Groups, and I believe this report will need to be created from the Analytics report category using the Computer Update Status with Computer Information datasource.

    The WSUS reporting data,  however, does not record patch installation dates, so the best you'll be able to do with the "patch dates" criteria is filter on Release Date or Approval Date (whichever seems more appropriate for your needs).

    If you need some addiitional assistance pursuing this type of report, please post back and I can provide some additional details and guidance.

  • FormerMember
    0 FormerMember in reply to LGarvin

    Hi Lawrence,

    Thank you for the prompt response. I will have a look at the instructions you provided and see what reports are generated. However I would like to have a look at the Patch Manager Web Console and see what it looks like. So please excuse my ignorance but how do I go about installing the web console?

    Regards,


    Wasim

  • I've emailed you the download link for the Web Console Installer.

    Also, you can engage with a interactive demonstration of the console at

    http://oriondemo.solarwinds.com/Orion/PM/Summary.aspx

  • FormerMember
    0 FormerMember in reply to LGarvin

    Hi Lawrence,

    Staying with reporting, I currently run a daily computer inventory of both WSUS servers as well as computer inventories of Active Directory across all our domains, using Patch Manager. This is great as the results of all inventories are combined under "Managed Computer" in Patch Manager.

    In order to ensure that all servers in our Active Directory environments are checking into WSUS, I need a report that gives me the list of servers in WSUS vs a list of servers in AD. So my thoughts were to run a report against the WSUS inventories and run a separate report against the D inventories and then compare the two to find the discrepancies. However I couldn't find a way to run such a report against "Task History" or "Managed Computers.

    Any advice?

    Cheers,


    Wasim.

  • There are a couple of ways you can obtain this information.

    via Reporting, you'll want to use the <Computer System Basic> report in the <Computer (System Information)> category to get your domain member machines from the inventory (or you could just export the Managed Computers datagrid), and use the <Computers with approved percentages> report in the <Windows Server Update Services> category to get the list of your WSUS clients (or you could just export the All Computers group of the upstream server).

    Another way you can achieve this objective is by creating a Patch Manager Computer Group defined by two rules:

    All computers in the Domain with a Last Reported Date < 30 days.

    All computers in the WSUS All Computers group with a Last Reported Date < 30 days.

    This will create duplicate entries in the Patch Manager Computer Group for every domain computer that is registered with and reporting to WSUS. For domain computers not reporting to WSUS, or WSUS clients that are not in the domain, you will have one entry only. One of the advantages of using the Patch Manager Computer Group for this purpose is that it's a dynamic display and does not require the effort of running/exporting two reports, merging them into Excel, and then mapping the computer names.

  • FormerMember
    0 FormerMember in reply to LGarvin

    Hi Lawrence,

    I need to generate the following "High Level" Report to incorporate into the above report. So I need to generate the following report:

    Percentage/Count of Computers in each WSUS Computer Group with Approved Needed Updates Installed.

    Something that looks like this:

    WSUS Computer GroupPercentage of Computers with "Approved Needed Updates" InstalledCount of Computers with "Approved Needed Updates" Installed
  • FormerMember
    0 FormerMember in reply to FormerMember

    Just to elaborate, we patch servers on a montly basis and there are always servers that are missed or not patched on the day for whatever reason. So I want to identify the number/percentage of servers that were missed for each computer group or in turn the number/percentage of servers that had the approved updates successfully installed.

    Cheers.


    Wasim

  • Ditto here. We have multiple PM Groups, each getting patched at different times. I dont see an easy way to get a nice table of patch status on only certain PM Groups at a time, they all seem to be based on WSUS Groups...

  • Reporting on Patch Manager groups with respect to WSUS activities is not possible.

    Consider that all of the WSUS reporting data comes from the WSUS server based on what has been reported to the WSUS server by the WUAgent. The WSUS server and WUAgent know nothing about PM groups, so there is no way to correlate WSUS attributes to PM group.

    If you're looking to develop reports based on deployment tasks from Patch Manager, the best way to do that is to use the Task History Details, which will tell you exactly when each update was installed on which system. You can also retrieve that information from the Task History reporting function for as long as the Task History details are stored in the PM database (60 days, by default).

    Likewise, for identifying machines that failed to be patched from a PM task. generating a report that pulls for Download or Install actions with a "Failed" status will provide that information.

    Generally speaking, as addresses all of the questions throughout this thread, building a report in Patch Manager requires these steps:

    1. Identify the report category and datasource that has the data fields you want.
    2. Identify an existing report with that datasource to modify, or create a new report by selecting the desired fields from the datasource list and clicking on New Report.
    3. Customize the Report Builder for field display order, sort order, and any necessary report filters.