log analytics how to pull all updates installed on a server with names

Copper Contributor

been trying to get a list of all the updates that are installed on a server ? just cant find anything on it. im new to this so if anyone can help

10 Replies

@kashifhafeez 

 

What have you got so far, have you created a Log Analytics workspace and deployed agents to the server(s).  

 

There is an update management solution you can deploy.

 

https://docs.microsoft.com/en-us/azure/automation/automation-update-management

You can use the Update Management solution in Azure Automation to manage operating system updates for your Windows and Linux machines in Azure, in on-premises environments, and in other cloud environments. You can quickly assess the status of available updates on all agent machines and manage the process of installing required updates for servers.

 

Example queries can be found here:https://docs.microsoft.com/en-us/azure/automation/automation-update-management-query-logs

@CliveWatson 
Then you for the response Clive. 
I have a Windows and Linux OMS agent installed. i am able to pull data from Windows OMS agent and apply updates and see what updates and patches are missing.  these are non-azure vms, so from my on-prem to azure. i can only see updates on the boxes since the agent was installed. nothing before that.  i have also tried to quarry to pull list of all the patches that have been applied. i have not been successful in that. i would like to at least get name of patches that are applied and maybe date with it.

if i can get some help i would appreciate it.

@kashifhafeez 

 

That is how the agent works, data is from installation time.  If you wanted older data you'd have to use the Log Analytocs api to import it, but that's not a trivial piece of work.

@CliveWatson thank you, sir! that helps alot coming from an MVP. i can take that let the boss know i was right the first time.

@CliveWatson 

Hi Clive, I've got Update Management setup and it works in terms of installing updates. I want a way to ascertain what patches and versions (as well as packages with versions for Linux) are installed on  a particular box. This can then be compared against an external database of patch information to ascertain if any patches have been installed outside of the approval process.

The information in Log Analytics does not appear to provide this, though I haven't worked much with Log Analytics so it's possible I don't know how. I have searched online and can't find the answer, hence commenting here.

Is there a way to query an API or something and get a JSON back, please? Or indeed go direct to the VM agent? Anything that shows that current state of the VM would be helpful, ideally with some audit information.

Thanks,

Neil.

@CliveWatsonHi Clive. Thanks for the reply. Yes I saw those and they do provide useful information but from what I can see it all pertains to what Update Management did rather than the current status of a machine. I wanted a way to ascsertain what updates/packages were on a machine regardless of how they were installed, which I don't seem to be able to find. It doesn't look like manually installed updates/packages would be logged anywhere. Or have I missed the query?!

Neil.

@neilashbysenior  I think Usage only shows the required updates, not what is there.   Others may know more as I'm not familiar with the data itself. 

@neilashbysenior Did you find a solution for this topic? I am experiencing the same issue. The idea is to check if certain KBs are installed, to ensure that some CVEs are patched...

Hi @MiguelAND, not directly, I ended up using logs from an Elastic beat on the box itself to provide the information with which we could alert if an update was installed outside of Update Management. You could probably get the same information from the Windows Event Logs going into Log Analytics.