How to check when yum update was last run

package-management update yum nagios

Is there a canonical way to find out the last time that yum update was run on a system?

Our set up is that we have staging servers that run automatic updates, and provided they don't fall over, we will manually update our production servers about once a month (barring critical updates). (I say manually, ideally I want to manually trigger an update across all of them, but that's another issue).

But you get busy, tasks slip etc. So I want to set up a nagios check that will start bothering us if we've left it too long.

Searching the web hasn't got me very far. Poking around the system, the best thing I've found so far would be something like:

grep Updated /var/log/yum.log | tail -1 | cut -d' ' -f 1-2

which gives me something like Mar 12 which I can then convert into a date. There are a few minor complications about whether the date is this year or last year, and I'd also need to check /var/log/yum.log.1 in case of checking immediately after a logrotate. But that is just scripting details.

This can of course be 'fooled' by an update to a single package rather than a general update.

So is there a more canonical way to see when yum update was run?

Edit: I've now written a Nagios NRPE plugin that uses the idea I put forward in the question. You can grab it from https://github.com/aptivate/check_yum_last_update


Solution 1:

The yum history option allows the user to view what has happened in past transactions. To make it more simple you can grep Update from yum history 

# yum  history
Loaded plugins: fastestmirror, refresh-packagekit
ID     | Login user               | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
    41 | root <root>              | 2012-04-27 20:17 | Install        |   19   
    40 | root <root>              | 2011-11-20 10:09 | Install        |   10   
    39 | root <root>              | 2011-11-20 08:14 | Install        |    1 E<
    38 | root <root>              | 2011-11-19 15:46 | Update         |    1

Solution 2:

I think the only way you can be absolutely sure is by running psacct.

This will allow you to run lastcomm yum. If you parse this, you will know who ran it and when.

Solution 3:

I am guessing you are pointing a set of 'Dev' servers to a Dev yum repo?

You could do the auto upgrade in a cron/puppet/chef script, which upon success, writes to a file. (say /etc/yum_last)

Then you could use yum check-update periodically in cron/other on the Dev servers to see if any updates are available. If this command says > 0 number of updates are available, you compare the current date with the timestamp of file you create when you last did a auto yum upgrade.

If this date difference grows in days, you can have Nagios alert.

You can also look at Pulp if it fits your needs.

Related

Exclude a specific repo from YUM Update
Get postfix to forward root's mail
Reduce firewall rules by half - one iptables rule for tcp and udp
How can I customize the default settings when deploying Google Chrome for Business?
Where did my RAM go?
Powershell module 'servermanager' not found on Windows 10
How to print the last line of a gz compressed file in the command line?
Linux hard drive serial number as non-root
How can I make my web server reachable via IPv6 on the AWS platform?
How can I use netsh to find a rule using a pattern
Can anybody explain why to use Asterisk PBX rather than standard PBX from Matrix or Siemens [closed]
How do I configure nginx to return 429 http code when rate limiting?