If we are concerned about keeping our Microsoft Windows environment up to date and controlled, we can also help ourselves with monitoring to control the pending patches that our Servers have in Windows Update. Let's continue to centralize everything we can in our management panel, let's control all our infrastructure from Nagios or Centreon and live more relaxed!

We'll be based on a small Windows Script File script, running on a Windows OS computer and will check for updates that you have pending installation. As we already know, with NRPE we can call a remote command, from Nagios we will invoke this script and read its output. If you don't have the NRPE agent or check_nrpe command installed on Nagios, Better look at yourself first This document.

So, download this small WSF file, we save it in the 'Scripts' directory’ in the NSClient folder on Windows computers. We take it down from here: https://exchange.nagios.org/directory/Plugins/Operating-Systems/Windows-NRPE/Check_Updates-(Windows)/details, As always the great script portal Exchange Nagios will save our lives! And we tried to execute it:

[SourceCode]
cscript.exe //NoLogo check_updates.wsf
[/SourceCode]

After validating that the script does what we want, All that remains is to register in the 'nsclient.ini file’ The alias and script, In this case, the following would be enough:

[SourceCode]
[/settings/external scripts/scripts]
check_updates = cscript.exe //T:30 //NoLogo scripts\check_updates.wsf

[/settings/external scripts/alias]
check_updates = check_updates
[/SourceCode]

Remember to restart the NSclient service ++ to reload the configuration we just put into the INI.

And (optionally), we go to the Nagios or Centreon appliance or whatever we have to verify with check_nrpe the command that we have just registered on the Windows computer; If we remember, By executing the following, we will verify the pending updates on that machine remotely (Let's go to the scripts directory first, normally /usr/lib/nagios/plugins/):

[SourceCode]
./check_nrpe -H IP_EQUIPO_WINDOWS -C check_updates
[/SourceCode]

And nothing! We will now be able to create the Services that monitor pending Windows Update patches, if we remember we will already have the Command created that will be called 'check_nrpe', we therefore created the Service from “Configuration” > “Services” > “Add” or we clone one and indicate the following data at least:

• Description: We indicate the name with which we will see you from the monitoring, something like 'Windows Update’ It can be worth it to us.
• Template: Normally, Select 'generic-active-service-custom'.
• Check Command: Select from the list of commands, 'check_nrpe'.
• Args: Here we must fill in the alias that we define in the INI file, in this document we will pass through NRPE the check 'check_updates'.

“Save” and with this we will check the pending Updates on the machine to which we associate this service!

And well, if we export the Centreon data and restart the engine, we will be able to “Monitoring” > “Status Details” check the number of patches and control it from that console, we can now link this same service to the rest of the Windows machines and check each server we have!