8 Replies Latest reply on Sep 4, 2015 10:04 AM by brahiem99

    WSUS events

    brahiem99

      Hi Guys,

       

      Is it possible to receive events from a WSUS server?

      I am using the Vista Security connector, but i only get userlogon/logoff, machine logon/logoff events and actually that is not what i want. Is there a connector for the WSUS server?

        • Re: WSUS events
          colinbarr

          What type of logs are you wanting?

          I have looked into this some as well, on the servers you can get logs on when updates install and what updates install.

          Are you looking for it as a "one stop shop" for it reporting updates installing and failing to workstations? I am working on getting logs as to those types of events, and would like some info on such as well.

          • Re: WSUS events
            colinbarr

            From the target server view in System logs you can see if an update failes to install.

            I have this rule in place, and watch it as I deploy windows updates to servers.

            LEMFailedUpdateMonitor.png

            I also have another rule built around just the installation running. This is also very useful if extra people / service accounts have admin rights and run an installer on a server

            LEMUpdateMonitor.png

            These are very useful for real time notification of servers and update status.

             

            The problem I have is, and assume you have the same, is I do not have Solarwinds installed on every workstation... But I do want notification directly if a workstation fails on specific updates, a bunch of updates, or hasnt communicated with WSUS in X number of days. This would indicate it has issues directly, and could be troublshot direclty.

             

            You have respiked my interest in this, and I will dig into it more now.

            I am unsure if the above are of any use to you, or if you already have simular in place.

            1 of 1 people found this helpful
              • Re: WSUS events
                brahiem99

                Thanks. I will try this and let you know. This is what i have in the filter.

                WSUS.PNG

                I don't have the Solarwinds installed on the workstations. I just want to monitor the servers we have. I was also using the SolarWinds Event Log Forwarder for Windows on the WSUS, but cant find the forwarded events in the LEM console.

              • Re: WSUS events
                colinbarr

                After further research and talking to the DB admins here, multiple possibilities have come up.

                The main factor is your WSUS database embeded, sqlite, or full instance installed?

                For my WSUS setup I just went with the embeded database. Below is what pointed us in the right direction, we think. I will be installing SQL tools on the server next week and trying a few things out.

                https://msdn.microsoft.com/en-us/library/bb410149(VS.85).aspxhttp://blogs.technet.com/b/gborger/archive/2009/02/27/exploring-the-wsus-windows-internal-database.aspx

                 

                For what I want to do, I think I am going to look to just scrape the data we want out of the WSUS database and put it into a clean report, that WSUS doesnt seem to provide by default.

                 

                Sorry I couldnt fully answer your question, but I think the issue at hand is the syslog engine doesnt have access to the logs, and you need to have those logs pulled from the database, or the database provide them by some means.

                 

                Hope this helps.

                1 of 1 people found this helpful
                • Re: WSUS events
                  brahiem99

                  Here is what i did to pull the WSUS events from the server into LEM.

                  WSUS1.PNG

                  I used the Windows Application Log connector.

                  WSUS.PNG

                  I hope this works for you guys.

                   

                  Thank you.