Suggestion for sostat
41 views
Skip to first unread message
Shane Castle
Jun 24, 2015, 7:42:56 AM6/24/15
to securit...@googlegroups.com
Doug, how do you feel about adding a line like this somewhere in the
sostat scripts:
dpkg-query -W -f='${Package;-60}\t${Version}\n' | fgrep --color=never
securityonion
(That's all one line of course.)
This would allow the update level to be reported in sostat. If you added
a small package that was essentially null except for a version level
that was always incremented somehow with every mod to the SO components
(and of course modified and included), you'd only have to query the
level for that one package. This might be a problem for test packages
and other things installed from the test repository, though. Hmm, you
could just add the word 'test' to the version for packages that are in
test mode, and change the version slightly on release so that production
versions would always replace test versions.
Sorry if this is a bit vague. I'm thinking about this while typing.
Just thinking it might help with the agonizing information gathering
when trying to help people who are reporting issues.
--
Mit besten Grüßen
Shane Castle
sostat scripts:
dpkg-query -W -f='${Package;-60}\t${Version}\n' | fgrep --color=never
securityonion
(That's all one line of course.)
This would allow the update level to be reported in sostat. If you added
a small package that was essentially null except for a version level
that was always incremented somehow with every mod to the SO components
(and of course modified and included), you'd only have to query the
level for that one package. This might be a problem for test packages
and other things installed from the test repository, though. Hmm, you
could just add the word 'test' to the version for packages that are in
test mode, and change the version slightly on release so that production
versions would always replace test versions.
Sorry if this is a bit vague. I'm thinking about this while typing.
Just thinking it might help with the agonizing information gathering
when trying to help people who are reporting issues.
--
Mit besten Grüßen
Shane Castle
Doug Burks
Jun 24, 2015, 5:05:43 PM6/24/15
to securit...@googlegroups.com
Hi Shane,
Yes, I've thought about something like this before.
How about something like this?
tail /var/log/apt/history.log
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Yes, I've thought about something like this before.
How about something like this?
tail /var/log/apt/history.log
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Shane Castle
Jun 25, 2015, 2:09:06 AM6/25/15
to securit...@googlegroups.com
Yeah, that works. But I'd modify it just a little bit to improve
readability:
tail /var/log/apt/history.log | fmt -s
At the very least it'd tell us when the admin last updated and that'd be
easy to correlate with change dates. And the command line would always
be "apt-get -y dist-upgrade" if soup is used, and unlikely to be that if
not.
On 24.06.2015 23:05, Doug Burks wrote:
> How about something like this?
> tail /var/log/apt/history.log
readability:
tail /var/log/apt/history.log | fmt -s
At the very least it'd tell us when the admin last updated and that'd be
easy to correlate with change dates. And the command line would always
be "apt-get -y dist-upgrade" if soup is used, and unlikely to be that if
not.
On 24.06.2015 23:05, Doug Burks wrote:
> How about something like this?
> tail /var/log/apt/history.log
Doug Burks
Jun 25, 2015, 7:21:07 AM6/25/15
to securit...@googlegroups.com
I've created the following issue:
sostat: show last update #763
https://github.com/Security-Onion-Solutions/security-onion/issues/763
Please feel free to submit a pull request! :)
https://github.com/Security-Onion-Solutions/securityonion-sostat
sostat: show last update #763
https://github.com/Security-Onion-Solutions/security-onion/issues/763
Please feel free to submit a pull request! :)
https://github.com/Security-Onion-Solutions/securityonion-sostat
Reply all
Reply to author
Forward
0 new messages