We are moving from a MS patching solution to BigFix for Server Patching. However, with the MS product, a report would get cut automatically during/after a patching window notifiying the operator of action statuses for the effected assets.
the report below is a step in the right direction, but I’m not sure if it is possible to email it to only a specific DL that admins the assets, or the operator that queued up the action would be nice.
Does anyone have any automation in place for patching reports?
This is what I want too… I want to be emailed a report after an action is taken with the status of each computer (IE: Failed, Fixed, Pending Restart, etc)…
We are starting a new patching policy and need a report automatically generated and emailed…
Ideas? I would think this would be a built in / canned report but can’t find one.
You guys might have seen from other threads that engineering is aware of this as a common request.
This is a common use case that all of us would have liked to have supported by the product out of the box.
Work with me and maybe we can come up with a scheme that will work. There are a few moving parts, so not a click and run scenario.
I have created a report that will list the action status for all actions that have just ended base on a hard coded timeframe.
o Note that a policy action with no end date will get excluded.
o Right now the hard code says “7 *day”. We will want to change this later.
o It filters for only Actions that start with “MS” for Microsoft bulletin. If you want this to apply for any actions, we need to remove the statement (name of source fixlet of it starts with “MS”).
Use Scheduled Activities in Web Reports to schedule for this report to be emailed whenever the following condition is true. It is important to know that Scheduled Activities will decide if a report should be sent whenever Web Reports
Refreshes the Cache
. Which by default is 20 minutes. You can determine your setting by going to menu (8.x) Administration/Database Settings/Cache Settings.
Select these options in Activity Triggers:
Generate report on every refresh
Match Relevance Conditions/ Generate report when relevance is true
Condition is as follows, but change 7day to your refresh interval, such as the default of 20minute
(it > 0) of number of results of bes actions whose (exists end date of it and name of source fixlet of it starts with “MS” and now > ((end date of it as string & " " & end time_of_day of it as string & " " & local time zone as string) as time) and now - ((end date of it as string & " " & end time_of_day of it as string & " " & local time zone as string) as time) < 7*day)
Now that we see how the end date filter is hard coded, go back to the report and change the 7*day used for testing to match the Web Reports refresh interval.
Sorry that there are a few moving parts. If someone tries this and has success, please let us know.
the Start Date and End Dates are nice, but I feel that the actual start time of the action is more important to me. Just because the Start date is now doesn’t mean that it will run now. In our environment, we have a start date but an action contstraint is set until the Maintenance Window is true. So the actual time the action begins to run may be better
No expired actions - I understand that they shouldn’t be included, but what if your action’s stop time ends before your 20min report email cycles? I could see actions being skipped because they would have a status of ‘expired’
It would be great if the email could sent to the ‘issued by’ operator
The built in filter doesn’t allow for filtering based off the operator. Can a filter be added to the actual report that gives this ability?
I really appreciate you tackling this… However, I’m a bit confused…
So the gist is this report will show any actions that have a “MS*” fixlet in them that have been issued within the past 7 days? You say it filters ACTIONS that start with “MS” but I’m showing actions that don’t start with “MS”, which I prefer anyways just want to clarify.
The part I’m also confused about is changing the “< 7*day” to match the refresh interval? Can you explain deeper?
the Start Date and End Dates are nice, but I feel that the actual start time of the action is more important to me. Just because the Start date is now doesn’t mean that it will run now. In our environment, we have a start date but an action contstraint is set until the Maintenance Window is true. So the actual time the action begins to run may be better
No expired actions - I understand that they shouldn’t be included, but what if your action’s stop time ends before your 20min report email cycles? could see actions being skipped because they would have a status of ‘expired’
Expired actions will be included. I meant no policy actions, which are actions without an end date/time.
It would be great if the email could sent to the ‘issued by’ operator
BigFix does not have the email address of the console operator. When we create a new user account, the username is actually used for the purpose of creating the digital certificate.
One way that this might work is if the username of the console operator is the same as their email address. Then we can possibly post pend the email domain behind the user name.
The built in filter doesn’t allow for filtering based off the operator. Can a filter be added to the actual report that gives this ability?
I have excluded any type of filtering because it will prevent the report from being scheduled and email automatically.
So the gist is this report will show any actions that have a “MS*” fixlet in them that have been issued within the past 7 days? You say it filters ACTIONS that start with “MS” but I’m showing actions that don’t start with “MS”, which I prefer anyways just want to clarify.
Not issued within the last 7 days, rather the End Date is within the last 7 days.
There is a filter statement in there (name of source fixlet of it starts with “MS”), so yes, it should be for Fixlets with names starting with MS.
Note that when we can an action, you can change the name of the Action, but I am filtering base on the name of the “source Fixlet”.
The part I’m also confused about is changing the “< 7*day” to match the refresh interval? Can you explain deeper?
This report is all about Scheduled Activities, which is the ability to automatically export, email, or custom action an existing report.
Web Reports determine when a scheduled report should be executed at every refresh cache intervals. This is when Web Reports go to the database to pull out all the new changes. By default, this happens every 20 minutes.
So every refresh cache intervals, we have an opportunity to decide if this report should be emailed. The filter will ensure that only actions ended within this internal are being reported.
I tried this last night and didn’t get emailed… Here is what I did…
Downloaded your report and changed the 7day to 1200second and then imported it.
Added report to scheduled with a start time and no expire time. Changed the trigger to generate on every refresh. Checked the match relevance box and copied / pasted your relevance changing the 7day to 1200second.
Created an action to execute this morning at 4:00AM with a few MS fixlets…
Added report to scheduled with a start time and no expire time. Changed the trigger to generate on every refresh. Checked the match relevance box and copied / pasted your relevance changing the 7day to 1200second.
The intent of this use case is to send out an email on the statuses of actions after it expired/ended, so it will not work if you did not specify the end date/time.
Don’t be sorry! You’re help and reports are GREATLY appreciated…
I see the hairiness of the situation and I honestly can’t think of a great answer to your question…
Basically, I’m interested in a report that gives me the status of each PC of the action but I want that report pretty much first thing in the morning… I guess I can just put in an end date and have the action only last a few hours if that would be the easiest…
One issue I’ve seen… When I have this report emailed to me in HTML it is HUGE… That is fine but it’s just a html email which I can’t filter, etc…
If I choose CSV to email it in, it’s till huge (which is fine as it’s the amount of PC’s and fixlets that decide the size) but when opening in Excel it’s unusable… I’m guessing it’s because it’s in XML?