low-cost patch management & reporting

[Matt Morgan]

On top of yum, we would like some kind of reporting tool that tells
us, quickly and easily, that yum is working and new packages are being
installed regularly on many desktops. So that a network admin could
query some db, or run some app, that can answer the question "are all
these computers, from IP address 10.x.x.1 to 10.x.y.254, up to date
with the latest patches from yum?" Basically, we want to be able to
check, across many computers at once, that yum is working properly.

I can think of a few possible ways to handle this. For example, maybe
setting up Nessus to scan for vulnerabilities would work; or maybe
setting up yum logging to write to a syslog server and then run a
script that analyzes and writes a report from the logs. But I'm hoping
somebody's already solved this some better way.

I realize that there are expensive ways to do this, like Patchlink
(which is also part of Novell Zenworks), but I'm primarily interested
in much cheaper ways. Free is good but probably not required. Anybody
have a suggestion for a simple way to handle this?

Thanks,
Matt