Skepko
(Egor)
June 23, 2026, 7:58am
1
Hello,
We currently use the standard Windows Update check, which generates a warning when 8 updates are pending and a critical alert when 10 updates are pending.
In addition, I would like to create a separate check that only triggers a warning or critical alert if the system has not installed any Windows updates for more than 100 days.
I was thinking of setting the threshold interval to 100 days. That way, the check would only generate a warning or critical alert if no Windows updates have been installed within the last 100 days.
bberg
June 23, 2026, 10:26am
2
At least in the linux server world i am doing a check_uptime, to notify me when there hasnt been a kernel update for quite some time.
Here is the documentation of the check:
Invoke-IcingaCheckUpdates
As you can see there is no Parameter to check for that.
But the windows eventlog can help with the task:
PS C:\WINDOWS\system32> Invoke-IcingaCheckEventlog `
-LogName 'System' `
-IncludeSource @('Microsoft-Windows-WindowsUpdateClient') `
-IncludeEventId @(19) `
-After '100d' `
-DisableTimeCache `
-Critical '@0:0' `
-Verbosity 2
If you use Icinga director don’t use the @() or '' as the powershell director config should take care of that.
@0:0 means that only 0 is critical so the check alerts only if the query returns 0 update events
This should work but currently doesn’t work as expected see here.
opened 11:10AM - 27 Jun 26 UTC
I tried out my proposal on Windows Event Logs and it behaves strange on "no foun… d event"
https://community.icinga.com/t/windows-update-check/15515/3?u=moreamazingnick
<img width="897" height="317" alt="Image" src="https://github.com/user-attachments/assets/c352a94c-0e3b-4b9a-9752-3aac81023efb" />
The first command is the right one eventid 19, if there is no event with that in the last x days alert CRITICAL, else report OK
For the second command I used a wrong eventid by (16) which results in 0 found events. but the Powershell check reports INFO with exitcode 0
Best Regards
Nicolas
cstein
(Lord Hepipud)
June 30, 2026, 12:01pm
4
Thank you for the post! This is possible as of today, we fixed the EventLog behavior with v1.15.0