3

I'm currently diagnosing a problem that started about a week ago on my laptop (running Ubunutu). The exact issue is not relevant though.

Because I was already running several locally built kernel versions and still accepting regular ubuntu package updates, it would have been useful to have a log to refer to of when each new deb package was installed and also the kernel version I was running on each boot up. This would have helped me figure out what change to the system caused the problem to start occuring.

So my question is does such an auditing tool (for a linux distro) that is able to keep a log of all OS package installs/updates/removals and the kernel version thats used each time the machine boots? I does specifically need to be under an open-source license and reasonably straight forward to setup and run, for an experienced Linux user but one who is not a full-time sysadmin - this is on a developer laptop not a large server after all.

Improve this question

2 Answers 2

Reset to default
4

To track the packages that are installed, updated and removed on an Ubuntu system, there is the /var/log/dpkg.log file which list all the operations done.

To track the version of the kernel used at boot time, you can see this with the last command. An exemple of output of last :

benoit pts/1 :0 Sat Mar 15 21:24 - 21:38 (00:13) reboot system boot 3.11.0-18-generi Sat Mar 15 21:09 - 10:26 (4+13:17) benoit pts/1 :0 Thu Mar 13 20:59 - 21:03 (00:03) benoit pts/1 :0 Thu Mar 13 20:38 - 20:52 (00:14)

You see the version of the kernel used to boot in the third column.

As last takes its information from the /var/log/wtmp file which may be rotated (like any other log files), you can retrieve older information by using the command like this :

$ last -f /var/log/wtmp.1

To display the information contained in /var/log/wtmp.1.

Of course, the process logrotate can be adapted to retain more archives of log files. See /etc/logrotate.conf and the files under /etc/logrotate.d directory to increase the number of archived log files to keep.

Improve this answer
-1

I think you can do this with Tripwire.

Improve this answer
1
  • sorry I was not specific enough: I'm after an oss tool and something that is relatively straight forward to setup Commented Mar 20, 2014 at 4:22

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.