I am monitoring a large amount of virtual machines, including Linux and Windows.
As of today, when a new windows update involving security is available (once / twice per day), all of my Windows hosts are stated “Critical” for the “System Updates” (WSUS) service.
However, the Windows machines usually update by themselves in the next - two following hours.
This means, once to two times per day, I have a wave of hosts stated as critical during few hours, and then disappear without needing action from me.
What I would like to do is to have a paramater that updates the state of the host only if the age exceeds a certain time (for example 3 hours) ; therefore I avoid having a bunch of critical hosts all of a sudden for no “real reason”. I’d get a critical warning only if the update didnt do itself automatically.
However, if im not mistaken, this is as of today not possible, since states can be changed only through hard checks.
I haven’t found a solution while configuring WSUS status. (Could put the hosts in warning, but this is not what im looking for, I would have the same issue, a wave of hosts in yellow).
It is not the state of the host what you are referring to but the state of one of its service checks: “System Updates”.
You can achieve your goal using the ruleset “Maximum number of check attempts for service”. This tells Checkmk to recheck the service for a number of times before sending out the notification. During that time the service is in the so called “soft state”. This state can be used to filter views.
Thank you for your quick response and the clarifications between host and service status.
I have created a rule “Maximum number of check attempts for service” for the service WSUS with a current value of 3.
What exactly is considered as a “notification” ? Are the events shown on the dashboards notifications ?
However I still see on the “Service Problems” dashboard the status of the service WSUS being either warning or critical with a check being made for example 20 minutes ago (there is 1 check per hour and the age of the checks being shown on the dashboard are < 1 hr). I probably havent configured properly.
I do not think I can achieve my goal with by tweaking the rules for WSUS.
When trying to tweak the rules of WSUS, I managed to disable having critical status for the WSUS services when an security update is available, or set it to 2 for example. This is not what I want.
Im trying to have the status being displayed as critical only if the servers didnt do the update by themselves (= its been few hours that there is an update available and that havent been applied automatically for an unknown reason)
ok
I dont think there is a simple solution here. It would be best if Checkmk reported failed WSUS Window updates.
There is no difference on regular windows updates, a system who have critical updates in Windows Update (but not yet installed) will show warn/crit.
I could take some time before the update is actually installed. If you just “postpone” the alerting as @r.sander suggested you will still get problems unless you just dont care about the service for a long time.
Yes I do agree with you. I’m currently using the windows_update.vbs script/plugin to monitor the updates. Didn’t find any way to tweak properly the plugin.
I tried using the “Maximum number of check attemps for service” but it doesn’t seem to do anything… I am probably missing something.
