VMware Cloud Community
hhub2
Contributor
Contributor
Jump to solution

Script for VUM

I am looking for a script that will extract the data from the update manager scans and possibly additional information ....

Thank you for any assistance..

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

The following script will produce a CSV file with missing patches for a number of guests.

In this case I took all the guests on a specific cluster but that can easily be changed.

$clusterName = <cluster-name>
$vms = Get-Cluster $clusterName | Get-VM

$report = @()

# Scan-Inventory -Entity $vms -UpdateType "vmPatch"
$vms | %{
	$vm = $_
	Get-Compliance -Entity $_ -ComplianceStatus "NotCompliant" -Detailed | %{
		$_.NotCompliantPatches | where {$_.Severiy -ne "NotApplicable"} | %{
			$row = "" | Select VMname, Vendor, UpdateName, Severity, Compliance, ReleaseDate 
			$row.VMname = $vm.Name
			$row.Vendor = $_.Vendor
			$row.UpdateName = $_.Name
			$row.Severity = $_.Severity
			$row.Compliance = "Missing"
			$row.ReleaseDate = $_.ReleaseDate
			$report += $row
		}
	}
}
$report | Export-Csv "C:\Missing-patches.csv" -NoTypeInformation -UseCulture

If you want to perform a Scan before you run the report , uncomment the line with the Scan-Inventory cmdlet.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
5 Replies
LucD
Leadership
Leadership
Jump to solution

Not sure exactly what information you want to extract but with the Get-Compliance cmdlet you can retrieve the information.

For example, this will show if there are patches for which the guest is non-compliant and it will list some details of each of these patches.

$vmName = <vm-name>

Scan-Inventory -Entity (Get-VM $vmName) -UpdateType "vmPatch"
Get-Compliance -Entity (Get-VM $vmName) -ComplianceStatus "NotCompliant" -Detailed | %{
	if($_.NotCompliantPatches.Count -eq 0){
		Write-Host "Compliant"
	}
	else{
		Write-Host "Not compliant"
		$_.NotCompliantPatches | %{
			Write-Host $_.Vendor $_.IdByVendor $_.Nam
		}
	}
}

There is a lot more information in the data returned by the Get-Compliance cmdlet.

Are you looking for some specific information ?

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

hhub2
Contributor
Contributor
Jump to solution

After a scan for updates, of a group of virtual machines is completed, the only way to see the systems that are not is compliance is via the Update Manager console. What I need, is to be able to export the results of a scan, which I can pass along to the server team.

As an example. Can you export the below information, from the scan results panel, per vm or for all vm’s.

Thank you for the help…

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

The following script will produce a CSV file with missing patches for a number of guests.

In this case I took all the guests on a specific cluster but that can easily be changed.

$clusterName = <cluster-name>
$vms = Get-Cluster $clusterName | Get-VM

$report = @()

# Scan-Inventory -Entity $vms -UpdateType "vmPatch"
$vms | %{
	$vm = $_
	Get-Compliance -Entity $_ -ComplianceStatus "NotCompliant" -Detailed | %{
		$_.NotCompliantPatches | where {$_.Severiy -ne "NotApplicable"} | %{
			$row = "" | Select VMname, Vendor, UpdateName, Severity, Compliance, ReleaseDate 
			$row.VMname = $vm.Name
			$row.Vendor = $_.Vendor
			$row.UpdateName = $_.Name
			$row.Severity = $_.Severity
			$row.Compliance = "Missing"
			$row.ReleaseDate = $_.ReleaseDate
			$report += $row
		}
	}
}
$report | Export-Csv "C:\Missing-patches.csv" -NoTypeInformation -UseCulture

If you want to perform a Scan before you run the report , uncomment the line with the Scan-Inventory cmdlet.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
hhub2
Contributor
Contributor
Jump to solution

Thank you for the help, I will test in a few and let you know if I have any issues... Thanks again !

Reply
0 Kudos
onelegtim
Contributor
Contributor
Jump to solution

I get the following error message when trying to run this script.

Get-Compliance : Cannot validate argument on parameter 'Entity'. The argument i
s null. Supply a non-null argument and try the command again.
At line:3 char:28
+      Get-Compliance -Entity <<<<  $_ -ComplianceStatus "NotCompliant" -Detail
ed | %{
    + CategoryInfo          : InvalidData: (:) [Get-Compliance], ParameterBind
   ingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VumAutom
   ation.Commands.GetCompliance

I need to export a list of all VMs and their Not Compliant patches.

Thanks,

Reply
0 Kudos