How to check when yum update was last run

Question

Is there a canonical way to find out the last time that yum update was run on a system?

Our set up is that we have staging servers that run automatic updates, and provided they don't fall over, we will manually update our production servers about once a month (barring critical updates). (I say manually, ideally I want to manually trigger an update across all of them, but that's another issue).

But you get busy, tasks slip etc. So I want to set up a nagios check that will start bothering us if we've left it too long.

Searching the web hasn't got me very far. Poking around the system, the best thing I've found so far would be something like:

grep Updated /var/log/yum.log | tail -1 | cut -d' ' -f 1-2

which gives me something like Mar 12 which I can then convert into a date. There are a few minor complications about whether the date is this year or last year, and I'd also need to check /var/log/yum.log.1 in case of checking immediately after a logrotate. But that is just scripting details.

This can of course be 'fooled' by an update to a single package rather than a general update.

So is there a more canonical way to see when yum update was run?

Edit: I've now written a Nagios NRPE plugin that uses the idea I put forward in the question. You can grab it from https://github.com/aptivate/check_yum_last_update

Answer 1

The yum history option allows the user to view what has happened in past transactions. To make it more simple you can grep Update from yum history

# yum  history
Loaded plugins: fastestmirror, refresh-packagekit
ID     | Login user               | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
    41 | root <root>              | 2012-04-27 20:17 | Install        |   19   
    40 | root <root>              | 2011-11-20 10:09 | Install        |   10   
    39 | root <root>              | 2011-11-20 08:14 | Install        |    1 E<
    38 | root <root>              | 2011-11-19 15:46 | Update         |    1 

Answer 2

I think the only way you can be absolutely sure is by running psacct.

This will allow you to run lastcomm yum. If you parse this, you will know who ran it and when.

Answer 3

I am guessing you are pointing a set of 'Dev' servers to a Dev yum repo?

You could do the auto upgrade in a cron/puppet/chef script, which upon success, writes to a file. (say /etc/yum_last)

Then you could use yum check-update periodically in cron/other on the Dev servers to see if any updates are available. If this command says > 0 number of updates are available, you compare the current date with the timestamp of file you create when you last did a auto yum upgrade.

If this date difference grows in days, you can have Nagios alert.

You can also look at Pulp if it fits your needs.

Answer 4

The following command lists recently installed or updated RPM packages:

rpm -qa --last  | head

It may includes packages installed outside YUM too. This command can also run without root privilege.

Answer 5

You can query this info directly from the Yum History SQLite DB with root privileges using this statement:

SELECT datetime( max(dt_end), 'unixepoch', 'localtime') FROM trans WHERE cmdline LIKE '%update%'

The SQLite file to query has 2 likely locations:

• /var/lib/dnf/history.sqlite
• /var/lib/yum/history.sqlite

Example: https://bigfix.me/relevance/details/3022966

Related: https://unix.stackexchange.com/questions/224627/find-last-time-yum-update-was-run