Patch Analysis results - Viewing and using

A Patch Analysis operation analyzes a server's patch configuration based on a patch catalog that is set up in BMC Server Automation. The Patch Analysis operation lists the targets that are not patched correctly and the patches they are missing. When the operation identifies target servers with incorrect patch configurations, you can remediate those servers by automatically creating a job that deploys the missing patches.

You can define a Patch Analysis operation based on an existing Patching Job or base the operation on a patch catalog that you select. Basing an operation on a patch catalog is currently limited to Windows and Linux patching.

Results of a Patch Analysis operation provide:

  • A pie chart showing the percentage of servers with:
    • Missing patches—Percentage of servers that were analyzed but lack one or more of the patches specified in the operation.
    • Fully patched—Percentage of servers that were analyzed and have all the patches specified in the operation.
    • Failed analysis—Percentage of servers where the operation did not complete successfully. 
  • Statistics about the operation's start and end time, duration, status, and number of targets fully patched. 

  • A series of tabs providing information and functionality relating to:

Patch Analysis operations run on the following platforms. When viewing results, the actions you can take are essentially the same across all platforms. Any differences are described below.

  • IBM AIX
  • Microsoft Windows
  • Oracle Solaris
  • Red Hat
  • SUSE

Targets

The Targets tab lists all target servers for the Patch Analysis operation. Select one of those targets at left and the list at right shows the patches it lacks. 

Using the Targets tab, you can run a remediation operation to deploy missing patches to target servers. A remediation operation automatically downloads and packages the missing patches and creates a Deploy operation to deploy the patches to the targets you specify.

When remediating target servers, you can deploy all missing patches to all target servers or to a single server. On Microsoft Windows, you can run a remediation operation that deploys a single patch to a single server. That capability is not available for Linux.


PatchingResultsTargets.gif

To search for targets or patches

In the Search Targets box, enter a text string of any length. The Targets list shows all unpatched targets with names that include the text string. If you leave the box blank, the page shows all unpatched targets. Search for missing patches in a similar way, using the Search Patches box.

To obtain information about a patch

In the patches list at right, find the patch for which you want information and hover your cursor over the information icon InfoIcon.gif. A popup message describes the patch.

To remediate targets

To begin remediation, choose one of the following actions:

  • To remediate all missing patches for all targets, select the Actions icon ActionsIcon.gif at the top of the Targets list and then select Remediate All Patches For All Targets
    The New Remediation dialog box opens.
  • To remediate all missing patches for one target, select a target in the list at left. Then select the Actions icon ActionsIcon.gif at the top of the patches list at right and select Remediate All Patches For This Target
    The New Remediation dialog box opens. 
  • (Windows only) To remediate one missing patch for one target, select a target in the list at left. Then, in the patches list at right, find the patch to remediate, click ActionsIcon.gif, and select Remediate Selected Patch For Target
    The New Remediation dialog box opens.

Use the New Remediation dialog box, as described in the following sections. The contents of the dialog box vary depending on whether a deploy template is available.

Basic remediation

When setting up basic remediation, you specify locations to store BLPackages and Jobs that are created automatically. The locations you choose are folders in BMC Server Automation.

PatchRemediationSimple.gif

  1. For Depot Group, use the folder icon to navigate to a depot group that can store the BLPackage created for this remediation operation.
  2. For Job Group, use the folder icon to navigate to a job group that can store the job created for this remediation operation.
  3. Click Create to save the remediation operation so it can be run later (using the Remediation Options tab), or click Execute to save the remediation operation and run it immediately.
    You can also click the Patch Summary and Target Summary tabs to see what rules are included in the remediation operation and the targets where the operation runs.

Remediation based on a deploy template

When setting up remediation based on a deploy template, you specify locations to store BLPackages and jobs that are created automatically. The locations you choose are folders in BMC Server Automation. You can also a select a deploy template, which controls the behavior of the remediation job. If the deploy template is defined as an advanced Deploy Job, you can make scheduling decisions for the remediation job. 

Deploy templates can be defined for a portal security group or the entire site

ComplianceRemediation.gif

  1. For Depot Group, use the folder icon to navigate to a depot group that can store the BLPackage created for this remediation operation.
  2. For Job Group, use the folder icon to navigate to a job group that can store the job created for this remediation operation.
  3. To specify Deploy job settings for the remediation operation, perform the following steps:
    1. Click the Deploy Template tab, which shows a list of Deploy jobs that can be used as templates for the remediation operation.

      PatchingRemediationDeployTab.gif
    2. Select a Deploy job in the list of templates.
      The Deploy job appears in the Deploy Template field. To remove a Deploy template, select the Deploy job again from the list of possible Deploy jobs. 

    3. Optionally, inspect the settings of the template by clicking Details. The portal lists settings for the selected job, such as its logging level and reboot settings. To return to the list of template jobs, click Templates.

      PatchingRemediationDeployTabSettingsTab.gif

      Note

      Many options are available for controlling the behavior of a Deploy Job (that is, a deploy template) used for remediation purposes. See here for a complete list. For instructions on using BMC Server Automation to implement those options, see Setting deploy options for remediation jobs.

    4. If you have selected a Deploy template that is defined as an Advanced Deploy job in BMC Server Automation, you can schedule the individual phases of the remediation operation (that is, simulate, stage, and commit). Take the following steps:

      1. Click the Phase schedules and Execution tab.

        PatchingRemediationDeployTabScheduleTab.gif
      2. Take any of the following actions:

        • If you do not want to schedule the phases of the remediation action, select Do not execute. 
        • If you want to schedule all phases to run sequentially, select Execute phases sequentially... and then specify a time when execution begins. After specifying a time, click Set.
        • If you want to schedule each phase individually, select Execute phases as specified below and then provide an execution time for each phase. After specifying a time for each phase, click Set.
          You can also specify that a particular phase is not scheduled.
  4. Click Create to save the remediation operation so it can be run later (using the Remediation Options tab), or click Execute to save the remediation operation and run it immediately.
    You can also click the Patch Summary and Target Summary tabs to see what rules are included in the remediation operation and the targets where the operation runs.

Back to top

Missing patches

The Missing Patches tab lists all patches that are missing on one or more target servers. Select one of those patches, and the Targets list at right shows the targets where that patch is missing.

Using the Missing Patches tab, you can run a remediation operation to deploy missing patches to target servers. A remediation operation automatically downloads and packages the missing patches and creates a Deploy operation to deploy the patches to the targets you specify.

When remediating target servers, you can deploy all missing patches to all target servers. On Microsoft Windows targets, you can run a remediation operation that deploys a missing patch to all servers where the patch is missing or to a single server.

PatchResultsMissingPatches.gif

To search for patches or targets

In the Search Patches box, enter a text string of any length. The Patches list shows all missing patches with names that include that text string. If you leave the box blank, the page shows all missing patches. Search for unpatched targets in a similar way, using the Search Targets box.

To obtain information about a patch

In the patches list, find the patch for which you want information and, hover your cursor over the information icon InfoIcon.gif. A pop-up message describes the patch.

To remediate missing patches

To begin remediation, choose one of the following actions:

  • To remediate all missing patches for all targets, select the Actions icon ActionsIcon.gif at the top of the patches list at left and then select Remediate All Patches For All Targets.
    The New Remediation dialog box opens.
  • (Windows only) To remediate all targets for one missing patch, select a patch in the patches list at left. Then, select the Actions icon ActionsIcon.gif at the top of the targets list at right and select Remediate All Targets For This Patch.
    The New Remediation dialog box opens. Note that some rules do not support remediation.
  • (Windows only) To remediate one target for one missing patch, select a patch in the patches list at left. Then, in the targets list at right, find the target to remediate, click ActionsIcon.gif, and select Remediate Selected Target For Patch
    The New Remediation dialog box opens.

Use the New Remediation dialog box, as described in the following sections. The contents of the dialog box vary depending on whether a deploy template is available.

Basic remediation

When setting up basic remediation, you specify locations to store BLPackages and Jobs that are created automatically. The locations you choose are folders in BMC Server Automation.

PatchRemediationSimple.gif

  1. For Depot Group, use the folder icon to navigate to a depot group that can store the BLPackage created for this remediation operation.
  2. For Job Group, use the folder icon to navigate to a job group that can store the job created for this remediation operation.
  3. Click Create to save the remediation operation so it can be run later (using the Remediation Options tab), or click Execute to save the remediation operation and run it immediately.
    You can also click the Patch Summary and Target Summary tabs to see what rules are included in the remediation operation and the targets where the operation runs.

Remediation based on a deploy template

When setting up remediation based on a deploy template, you specify locations to store BLPackages and jobs that are created automatically. The locations you choose are folders in BMC Server Automation. You can also a select a deploy template, which controls the behavior of the remediation job. If the deploy template is defined as an advanced Deploy Job, you can make scheduling decisions for the remediation job. 

Deploy templates can be defined for a portal security group or the entire site.

ComplianceRemediation.gif

  1. For Depot Group, use the folder icon to navigate to a depot group that can store the BLPackage created for this remediation operation.
  2. For Job Group, use the folder icon to navigate to a job group that can store the job created for this remediation operation.
  3. To specify Deploy job settings for the remediation operation, perform the following steps:
    1. Click the Deploy Template tab, which shows a list of Deploy jobs that can be used as templates for the remediation operation.

      PatchingRemediationDeployTab.gif
    2. Select a Deploy job in the list of templates.
      The Deploy job appears in the Deploy Template field. To remove a Deploy template, select the Deploy job again from the list of possible Deploy jobs. 

    3. Optionally, inspect the settings of the template by clicking Details. The portal lists settings for the selected job, such as its logging level and reboot settings. To return to the list of template jobs, click Templates.

      PatchingRemediationDeployTabSettingsTab.gif

      Note

      Many options are available for controlling the behavior of a Deploy Job (that is, a deploy template) used for remediation purposes. See here for a complete list. For instructions on using BMC Server Automation to implement those options, see Setting deploy options for remediation jobs.

    4. If you have selected a Deploy template that is defined as an Advanced Deploy job in BMC Server Automation, you can schedule the individual phases of the remediation operation (that is, simulate, stage, and commit). Take the following steps:

      1. Click the Phase schedules and Execution tab.

        PatchingRemediationDeployTabScheduleTab.gif
      2. Take any of the following actions:

        • If you do not want to schedule the phases of the remediation action, select Do not execute. 
        • If you want to schedule all phases to run sequentially, select Execute phases sequentially... and then specify a time when execution begins. After specifying a time, click Set.
        • If you want to schedule each phase individually, select Execute phases as specified below and then provide an execution time for each phase. After specifying a time for each phase, click Set.
          You can also specify that a particular phase is not scheduled.
  4. Click Create to save the remediation operation so it can be run later (using the Remediation Options tab), or click Execute to save the remediation operation and run it immediately.
    You can also click the Patch Summary and Target Summary tabs to see what rules are included in the remediation operation and the targets where the operation runs.

Back to top

Log messages

The Run Log tab lists all messages generated during a run of an operation.

PatchResultsRunLogTab.gif

To filter messages

At the top of the list, select a message type, such as Error or Warning. The Run Log list shows only messages of that type.

To search for messages

In the Search Messages box, enter a text string of any length. The list shows all log messages with names that include that text string. If you leave the box blank, the page shows all messages. 

To refresh the list of messages

Select the Actions icon ActionsIcon.gif at the top of the Run Log list and then select Refresh.

 

Back to top

Remediation operations

The Remediation Operations tab provides a list of remediation operations that you can execute and manage. A remediation operation is an automatically generated Deploy operation that can deploy patches to target servers requiring patches. You can create a remediation operation using the Missing Patches tab or the Targets tab.

PatchResultsRemediation.gif

Executing a remediation operation

In the list of remediation operations, find the row for the operation you want to run and click Execute ExecuteIcon.gif

Deleting a remediation operation

In the operations list, move your cursor over the remediation operation you want to delete and click Delete. A dialog box asks you to confirm the deletion.

Displaying detailed information about the most recent run

In the operations list, find the operation for which you want information and click View Results. A results page for the remediation operation shows the results of the Batch operation that was automatically created for remediation purposes. (The Batch operation executes one or more Deploy operations to actually deploy patches.) A drop-down list lets you choose to display one of the Deploy operations instead of the Batch operation.

PatchRemediationResults.png

Note

The Child Summary tab shows child job runs for the Batch operation that was automatically created for remediation operations. The results of these child job runs are not available until the child job runs have finished executing, even though the overall remediation job may show a status of Success and appear to be complete. In particular, there may be a lag in populating the Child Summary tab if you have scheduled phases of the remediation operation to run at different times rather than running consecutively. 

For more information on viewing results for a remediation operation, see

Displaying a history of all remediation operation runs

In the operations list, click the name of a remediation operation. The Run Results page opens and shows the history of all runs of the remediation operation. A remediation operation is a Batch operation consisting of child Deploy operations. The data reported for remediation operations is derived from Deploy job results.

OperationRunDataRemediation.gif

In the list of operation runs, the data at bottom provides:

  • Start time
  • End time
  • Duration
  • Status—Click to see detailed results for that run of the Deploy operation.

Executing a remediation operation from operation history

To execute a remediation operation while viewing operational history, click Execute ExecuteIcon.gif at top right of the operation runs page.

 

Back to top

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*