Hi, I am new to BigFix. How can I tell precisely when a patch was installed? I was hoping there was a way to see the specific installation or application time of a patch right from the BigFix Console. Recently, I was troubleshooting a patch issue and was unable to determine how to do this from the Console. Your help is appreciated.
BigFix Patch Management works a little differently. The patching fixlets will use relevance language to determine if a specific patch is applicable to an endpoint or not. The relevance language checks things like file versions and registry key entries on the endpoint to determine applicability a defined by the Microsoft release bulletins. There is really not a determination of applicability by reading the list of installed updates (it is based on file and registry level values). If you take an action to patch via BigFix and it is successful you do have a record of installation date for those updates you updated via the fixlets.
You may want to try creating an analysis to retrieve this information from the endpoints:
And here:
1 Like
We are also very familiar with these kinds of requests. The first thing anybody looks for when an application starts to have troubles is what has changed, and what patches have been applied. If you are looking for actions that have been taken on a device you are at a disadvantage if the action no longer exists in the console or the log files have rolled on the client. However, all actions are recorded in the ActionHistory.db on in the client. This file is in a SQLite format and can be accessed using the fixlet debugger. The following relevance will inspect the ActionHistory.db file on the local client and return
ActionID, IssuerName, IssuedTime, ChangeTime, ActionName
rows of statement "select AH.ActionID, IssuerName, IssuedTime, ChangeTime, ActionName from ACTION_HISTORY as AH, ACTION_STATE_HISTORY as ASH where AH.ActionID = ASH.ActionID" of sqlite database of file(parent folder of regapp "BESClient.exe" as string & "\__BESData\__Global\ActionHistory.db")
The time formats are in epoch time.
As far as I can tell this file grows without bound. I have used this method to troubleshoot software distributions over a year old.
4 Likes
Hi, Thanks for your replies @BigFixNinja and @zpt8mjs, I see that there are multiple was to querery a db on the client or using an analysis to get the information from endpoints. Also, judging from your replies. I see that Console is not the tool for retreiving this information. I will try both methods and let you know how it goes. Thanks again
The relevance that @zpt8mjs gave can be placed in a property/analysis and can then bring the data back up to the console for you to view.