Solved: Re: Script - missing and installed patches for ESX...

dshivamu · ‎06-12-2012

Can I have the script to find out missing and installed patches for both ESX and ESXi using power CLI only ? out put should be csv format

LucD · ‎06-16-2012

You're resetting the contents of the $Results array on each baseline iteration.

Try like this

$Results = @()
foreach($esx in Get-VMHost) {
  foreach($baseline in (Get-Compliance -Entity $esx -Detailed | where {$_.Status -eq "NotCompliant"})){
    $Results += $baseline.CompliantPatches |
    Select @{N="Host";E={$esx.Name}},
    @{N="Status";E={"Compliant"}},
    @{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
    @{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}}

    $Results += $baseline.NotCompliantPatches |
    Select @{N="Host";E={$esx.Name}},
    @{N="Status";E={"NotCompliant"}},
    @{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
    @{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}}
  }
}
$Results

It will give the installed and missing patches that are defined in the non-compliant baslines linked to the ESXi host.

If you want to see all baselines, also the compliant ones, leave out the Where-clause on the baseline loop (foreach).

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

maishsk · ‎06-12-2012

Hi,

Maybe you could try the scripts in these threads for more information

Finding ESXi missing patches and update

Power Cli Script to retrieve patch level information

Maish

VMTN Moderator | vExpert

Author of VMware vSphere Design

@maishsk | My Blog

Maish Saidel-Keesing • @maishsk • http://technodrone.blogspot.com • VMTN Moderator • vExpert • Co-author of VMware vSphere Design

dshivamu · ‎06-14-2012

Thanks Lucd,

When I run the script below,

foreach($esx in Get-VMHost){
    foreach($baseline in (Get-Compliance -Entity $esx -Detailed | where {$_.Status -eq "NotCompliant"})){
        $baseline.NotCompliantPatches |
        select @{N="Host";E={$esx.Name}},
        @{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
        @{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}}
    }
}

nothing i am getting, no error message also

LucD · ‎06-14-2012

Against which vSphere version are you running the script ?

The way to query missing patches has changed between v4 and v5.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

dshivamu · ‎06-14-2012

Its Vsphere 5.0, power CLI 5.x And VUM 5.x version

LucD · ‎06-14-2012

In that case the 2nd thread Maish mentioned should work for you.

The Get-VMHostPatch cmdlet should produce the information.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

dshivamu · ‎06-15-2012

Get-VMHostPatch is not working for ESXi 5.0, can i have script to find out missing installed patches?

LucD · ‎06-15-2012

Does

Get-Compliance -Entity $esx -Detailed

return anything ?

You need to have vCenter Update Manager PowerCLI v5 installed.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

dshivamu · ‎06-15-2012

Thanks luc, I have to now see what are the patches are installed

it shows below error message

PowerCLI C:\users\pf09\desktop\script> Get-Compliance -Entity bbcesv.m

coors.com -detailed

Entity Baseline Status Complian NotCompl UnknownP NotApplic

tPatches iantPatc aches ablePatch

hes es

------ -------- ------ -------- -------- -------- ---------

bbcesxv.... Critical Host... Unknown 2 0 212 0

bbcesxv.. Non-Critical ... Unknown 13 0 132 0

LucD · ‎06-15-2012

As a guideline, this is an extract from a plugin I wrote for Alan's vCheck v6 to find missing patches.

foreach($baseline in (Get-Compliance -Entity $esx -Detailed | where {$_.Status -eq "NotCompliant"})){
  $Results = $baseline.NotCompliantPatches |
  select @{N="Host";E={$esx.Name}},
  @{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
  @{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}}
}
$Results

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

dshivamu · ‎06-15-2012

foreach($esx in Get-VMHost) {
foreach($baseline in (Get-Compliance -Entity $esx -Detailed | where {$_.Status -eq "NotCompliant"})){
$Results = $baseline.NotCompliantPatches |
select @{N="Host";E={$esx.Name}},
@{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
@{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}}
}
}
$Results

just ran the script nothing can see,, no error message also

LucD · ‎06-16-2012

You're resetting the contents of the $Results array on each baseline iteration.

Try like this

$Results = @()
foreach($esx in Get-VMHost) {
  foreach($baseline in (Get-Compliance -Entity $esx -Detailed | where {$_.Status -eq "NotCompliant"})){
    $Results += $baseline.CompliantPatches |
    Select @{N="Host";E={$esx.Name}},
    @{N="Status";E={"Compliant"}},
    @{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
    @{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}}

    $Results += $baseline.NotCompliantPatches |
    Select @{N="Host";E={$esx.Name}},
    @{N="Status";E={"NotCompliant"}},
    @{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
    @{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}}
  }
}
$Results

It will give the installed and missing patches that are defined in the non-compliant baslines linked to the ESXi host.

If you want to see all baselines, also the compliant ones, leave out the Where-clause on the baseline loop (foreach).

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

AlbertWT · ‎06-17-2012

Hi Luc,

where and how can I install the missing cmdlet Get-Compliance ?

The term 'Get-Compliance' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, veri

fy that the path is correct and try again.

/* Please feel free to provide any comments or input you may have. */

LucD · ‎06-17-2012

Hi Albert, the Get-Compliance cmdlet comes with the vCenter Update Manager PowerCLI snapin.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

Lallit · ‎06-17-2012

Hello sir,

Could you please help me that how can we create a templet by the help of script in esx?

Regards,

Lallit Singhania

LucD · ‎06-18-2012

Hi Lallit, can you create a new thread/discussion with your question ?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

dshivamu · ‎06-18-2012

I am running the same script which you provided, but still no output, Let me check what could be the issue.

dshivamu · ‎06-18-2012

After reconnecting to the VC, the script is working.. Thanks a lot Lucd.. Yes I will remove where clause as i do not want to attach any baselines.

But

It seems this script is not working for 4.0 and 4.1 client

LucD · ‎06-18-2012

That is correct, for vSphere 4 environment you will have to use v4 version of the Update Manager snapin.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

All

Script - missing and installed patches for ESX and ESXi