Can I have the script to find out missing and installed patches for both ESX and ESXi using power CLI only ? out put should be csv format
You're resetting the contents of the $Results array on each baseline iteration.
Try like this
$Results = @() foreach($esx in Get-VMHost) { foreach($baseline in (Get-Compliance -Entity $esx -Detailed | where {$_.Status -eq "NotCompliant"})){ $Results += $baseline.CompliantPatches |
Select @{N="Host";E={$esx.Name}},
@{N="Status";E={"Compliant"}},
@{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
@{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}} $Results += $baseline.NotCompliantPatches |
Select @{N="Host";E={$esx.Name}},
@{N="Status";E={"NotCompliant"}},
@{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
@{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}} } } $Results
It will give the installed and missing patches that are defined in the non-compliant baslines linked to the ESXi host.
If you want to see all baselines, also the compliant ones, leave out the Where-clause on the baseline loop (foreach).
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi,
Maybe you could try the scripts in these threads for more information
Finding ESXi missing patches and update
Power Cli Script to retrieve patch level information
Maish
VMTN Moderator | vExpert
Author of VMware vSphere Design
Thanks Lucd,
When I run the script below,
foreach($esx in Get-VMHost){ foreach($baseline in (Get-Compliance -Entity $esx -Detailed | where {$_.Status -eq "NotCompliant"})){ $baseline.NotCompliantPatches | select @{N="Host";E={$esx.Name}}, @{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor, @{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}} } }
nothing i am getting, no error message also
Against which vSphere version are you running the script ?
The way to query missing patches has changed between v4 and v5.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Its Vsphere 5.0, power CLI 5.x And VUM 5.x version
In that case the 2nd thread Maish mentioned should work for you.
The Get-VMHostPatch cmdlet should produce the information.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Get-VMHostPatch is not working for ESXi 5.0, can i have script to find out missing installed patches?
Does
Get-Compliance -Entity $esx -Detailed
return anything ?
You need to have vCenter Update Manager PowerCLI v5 installed.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks luc, I have to now see what are the patches are installed
it shows below error message
PowerCLI C:\users\pf09\desktop\script> Get-Compliance -Entity bbcesv.m
coors.com -detailed
Entity Baseline Status Complian NotCompl UnknownP NotApplic
tPatches iantPatc aches ablePatch
hes es
------ -------- ------ -------- -------- -------- ---------
bbcesxv.... Critical Host... Unknown 2 0 212 0
bbcesxv.. Non-Critical ... Unknown 13 0 132 0
As a guideline, this is an extract from a plugin I wrote for Alan's vCheck v6 to find missing patches.
foreach($baseline in (Get-Compliance -Entity $esx -Detailed | where {$_.Status -eq "NotCompliant"})){ $Results = $baseline.NotCompliantPatches |
select @{N="Host";E={$esx.Name}},
@{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
@{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}} } $Results
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
foreach($esx in Get-VMHost) {
foreach($baseline in (Get-Compliance -Entity $esx -Detailed | where {$_.Status -eq "NotCompliant"})){
$Results = $baseline.NotCompliantPatches |
select @{N="Host";E={$esx.Name}},
@{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
@{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}}
}
}
$Results
just ran the script nothing can see,, no error message also
You're resetting the contents of the $Results array on each baseline iteration.
Try like this
$Results = @() foreach($esx in Get-VMHost) { foreach($baseline in (Get-Compliance -Entity $esx -Detailed | where {$_.Status -eq "NotCompliant"})){ $Results += $baseline.CompliantPatches |
Select @{N="Host";E={$esx.Name}},
@{N="Status";E={"Compliant"}},
@{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
@{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}} $Results += $baseline.NotCompliantPatches |
Select @{N="Host";E={$esx.Name}},
@{N="Status";E={"NotCompliant"}},
@{N="Baseline";E={$baseline.Baseline.Name}},Name,ReleaseDate,IdByVendor,
@{N="KB";E={(Select-String "(?<url>http://[\w|\.|/]*\w{1})" -InputObject $_.Description).Matches[0].Groups['url'].Value}} } } $Results
It will give the installed and missing patches that are defined in the non-compliant baslines linked to the ESXi host.
If you want to see all baselines, also the compliant ones, leave out the Where-clause on the baseline loop (foreach).
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi Luc,
where and how can I install the missing cmdlet Get-Compliance ?
Hi Albert, the Get-Compliance cmdlet comes with the vCenter Update Manager PowerCLI snapin.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hello sir,
Could you please help me that how can we create a templet by the help of script in esx?
Regards,
Lallit Singhania
Hi Lallit, can you create a new thread/discussion with your question ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I am running the same script which you provided, but still no output, Let me check what could be the issue.
After reconnecting to the VC, the script is working.. Thanks a lot Lucd.. Yes I will remove where clause as i do not want to attach any baselines.
But
It seems this script is not working for 4.0 and 4.1 client
That is correct, for vSphere 4 environment you will have to use v4 version of the Update Manager snapin.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference