Ad Widget

**Razique** · 31-12-2010, 12:47

Hi,
here is the error I have :

Code:

W: Unable to read /etc/apt/sources.list.d/security.sources.list - FileExists (2: Aucun fichier ou dossier de ce type)
W: Unable to read /etc/apt/sources.list.d/security.sources.list/ - FileExists (2: Aucun fichier ou dossier de ce type)
0

Here is the command :
apt-get update &> /dev/null; aptitude -o Dir::Etc::sourcelist=/etc/apt/sources.list.d/updates.sources.list -o Dir::Etc::sourceparts=/etc/apt/sources.list.d/updates.sources.list search '~U' | wc -l

I used explicitely the word 'security', so I've seen that even manually, the command doesn't work.
Best regards,
Razique

EDIT:
nevermind, I figured out that I need to move the security sources from /etc/apt/source.list to /apt/sources.list.d/security.sources.list

Thanks

**ILIV** · 22-11-2012, 12:01

Originally posted by tberton

Check for Debian updates and security updates. On value different from 0, a trigger is activated.

Add to zabbix_agentd.conf:

Code:

UserParameter=debian_updates[*],apt-get update &> /dev/null; aptitude -o Dir::Etc::sourcelist=/etc/apt/sources.list.d/$1.sources.list -o Dir::Etc::sourceparts=/etc/apt/sources.list.d/$1.sources.list search '~U' | wc -l

Use the sources.list.d folder for apt repositories.
Example for security updates:

Code:

$ cat /apt/sources.list.d/security.sources.list 
deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main
$

Example for general updates:

Code:

$ cat /apt/sources.list.d/debian.sources.list 
deb http://volatile.debian.org/debian-volatile lenny/volatile main
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main
$

Can be extended to monitor other apt repositories through the sources.list.d folder.

Thanks for sharing this. However, there's one problem about this approach that I, well, don't seem to like at all. Running apt-get results in it trying to use those list files, which are essentially duplicates of already existing list file and that leads to apt throwing out a warning message:

$ sudo apt-get update
...
W: Duplicate sources.list entry $URL
W: You may want to run apt-get update to correct these problems

Not cool. Instead, we can store security and other repositories in two separate files that won't be automatically picked up by apt-get/aptitude unless we pass -o option to it.

Code:

# Place security and other repositories in separate control list files:
host@admin:~$ sudo sh -c 'grep ^deb /etc/apt/sources.list |grep securi > /etc/apt/sources.security.list'
host@admin:~$ sudo sh -c 'grep ^deb /etc/apt/sources.list |grep -v securi > /etc/apt/sources.normal.list'

# Count security updates only
host@admin:~$ apt-get -s dist-upgrade -o Dir::Etc::SourceList=/etc/apt/sources.security.list |grep "^Inst"  | wc -l

# Count normal updates only (on Ubuntu this may include security updates due to the fact 
# that they're pushed to $release-updates repository as well)
host@admin:~$ apt-get -s dist-upgrade -o Dir::Etc::SourceList=/etc/apt/sources.normal.list |grep "^Inst"  | wc -l

So, UserParameter could look like this now:

Code:

UserParameter=debian_updates[*],apt-get update &> /dev/null; apt-get -s dist-upgrade -o Dir::Etc::SourceList=/etc/apt/sources.$1.list |grep "^Inst" |wc -l

**Colttt** · 22-11-2012, 13:44

Code:

apt-get install update-notifier-common

only security-updates:

Code:

/usr/lib/update-notifier/apt-check --human-readable|grep "security update"|cut -d " " -f1

**ILIV** · 22-11-2012, 13:50

Originally posted by Shad0w

Code:

apt-get install update-notifier-common

only security-updates:

Code:

/usr/lib/update-notifier/apt-check --human-readable|grep "security update"|cut -d " " -f1

Which does the work too, but never shows you what those packages are. There's -p flag, of course, but the output is limited to only package name, like libcap2, omitting any extra information such as repository this package is coming from, version numbers, etc. Which can be helpful for staying informed and scripting purposes

**Colttt** · 22-11-2012, 13:57

you right but the i think the goal of this thread was "Has debian updates? yes/no, and when yes how many?" or?

**ILIV** · 22-11-2012, 18:10

Originally posted by Shad0w

you right but the i think the goal of this thread was "Has debian updates? yes/no, and when yes how many?" or?

Thanks, I like this even better.

Advantage of using apt-check is that it can be run as zabbix user without having to configure sudo. Whereas in the example suggested by OP, and improved on by myself, apt-get update would require root privileges. However, if apt-get update is run nightly say via cron job you could away with it altogether.

To make this one UserParameter to tackle both normal and security updates:

Code:

UserParameter=debian_updates[*],/usr/lib/update-notifier/apt-check --human-readable | grep $1 | cut -d " " -f1

Item's key would then be

Code:

debian_updates[package]
debian_updates[security]

for normal and security updates respectively.

**ufocek** · 19-04-2013, 10:34

Originally posted by ILIV

Thanks, I like this even better.

Advantage of using apt-check is that it can be run as zabbix user without having to configure sudo. Whereas in the example suggested by OP, and improved on by myself, apt-get update would require root privileges. However, if apt-get update is run nightly say via cron job you could away with it altogether.

To make this one UserParameter to tackle both normal and security updates:

Code:

UserParameter=debian_updates[*],/usr/lib/update-notifier/apt-check --human-readable | grep $1 | cut -d " " -f1

Item's key would then be

Code:

debian_updates[package]
debian_updates[security]

for normal and security updates respectively.

Someone have a debian squeeze and this template with UserParameter works, because if I use this code:

Code:

debian_updates[*],/usr/lib/update-notifier/apt-check --human-readable | grep $1 | cut -d " " -f1

all the time I get "0"

Solved: I have PL locale, so I must changed wors and now It's works very well.

**ILIV** · 19-04-2013, 11:03

Originally posted by ufocek

Someone have a debian squeeze and this template with UserParameter works, because if I use this code:

Code:

debian_updates[*],/usr/lib/update-notifier/apt-check --human-readable | grep $1 | cut -d " " -f1

all the time I get "0"

Solved: I have PL locale, so I must changed wors and now It's works very well.

Dobra

Just make sure you grep whatever apt-check shows you on the screen.

**ufocek** · 19-04-2013, 14:49

Originally posted by ILIV

Dobra

Just make sure you grep whatever apt-check shows you on the screen.

Now, I know :-) I put the correct polish words and works.

**Piitr** · 25-05-2013, 18:52

wrong topic, sorry.

**Stompro** · 09-05-2014, 21:01

Another Method, parse apt-get dist-upgrade with Sed

I know this is an old thread, I just wanted to post another method for monitoring Debian Updates from Zabbix.

Let me know if someone sees a problem with this.

This UserParameter just parses the apt-get dist-upgrade -s (simulate) command and looks for the line that says how many updated packages there are.

I leave off an apt-get update because that command can take a while to run, I would need to increase my timeouts to use it. I would rather just run apt-get update via cron on a regular schedule.

Code:

UserParameter=system.sw.debianupdates,apt-get dist-upgrade -s  |sed -n 's/^\([0-9]\+\) upgraded.*/\1/p'

This has the following advantages

No extra packages needed on a debian base system.
Can be run by any user since it is in simulation mode
Gives a count of the number of packages that need to be updated, in case you want to track that.
You can use a trigger to notify you when updates >0.

You can also grab a list of the packages that need to be updated, in case you want the alert to show what needs updating.

Code:

UserParameter=system.sw.debianupdates-list,apt-get dist-upgrade -s  |sed -n 's/^Inst \(.*\) (.*/\1,/p' | tr '\n' ' '

**nasomers** · 29-12-2016, 17:06

Hey guys,

I'd like to use this package/update monitoring and have configured everything as described here but I'm finding the following in the agent log

Code:

active check "system.sw.debianupdates-list" is not supported: Unsupported item key

Any idea why? Thanks!

**Chaly** · 19-07-2020, 13:27

I google'd a lot about monitoring my apt status today and didn't find a solution. Best match was this thread.
Below I put together my solution based on the replies and help I found.

As update-monitor-notifier doesnt seem to be supported by current Debian distributions this may be a Ubuntu-only-solution now:
Requirements: linux with Zabbix Agent 2 (may work using Agent1, you need to customize step 2), apt, support of update-notifier-common (step1).

Install update-monitor-notifier as this is no longer pre-installed in some distributions
Code:
```
sudo apt-get update && sudo apt-get install update-notifier-common
```

Extend your Zabbix Agent 2 config

Create a new Zabbix Agent 2 config file

Code:

sudo vi /etc/zabbix/zabbix_agent2.d/90-ubuntu-updates.conf

Place the new command in your config file, safe and quit:

Code:

UserParameter=ubuntu_updates[*],/usr/lib/update-notifier/apt-check --human-readable | grep $1 | cut -d " " -f1

Restart Zabbix Agent 2
Code:
```
sudo systemctl restart zabbix-agent2
```

Head to your Zabbix Server webfrontend to Configuration->Templates and import the attached template
I atttached a full template to this post. It includes 1 application, 2 items, each item with a trigger.
The template uses a host group called "Linux servers", this isn't setup by default and you may want to change this.
Assign the template to your server.
Repeat steps 1,2,4 for every Ubuntu server in your network

Attached Files

zbx50_tmpl_ubuntu_updates.xml (3.3 KB, 89 views)

**Chaly** · 19-07-2020, 13:47

This may be a lttile bit offtopic.However, update-notifier-common isn't supported by current Debian releases.
I manually downloaded and install a Ubuntu Package (amd64 in my case) using

Code:

wget

and

Code:

dpkg -i

I found the latest release here: https://ubuntu.pkgs.org/16.04/ubuntu...8_all.deb.html

(This is no step-by-step guide. This shouldn't harm your system, however, only do this if you're not all new to linux systems...)

Ad Widget

Monitoring Debian updates

Monitoring Debian updates

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment