-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2021-07-24 a las 16:18 -0400, DennisG escribió:
On 7/24/21 3:18 PM, Dave Howorth wrote:
On Sat, 24 Jul 2021 19:49:26 +0200 "Carlos E. R." <> wrote:
On 24/07/2021 19.42, Darryl Gregorash wrote:
It seems odd that there is apparently no way to tell when and how a package was installed. It seems like that would be a basic audit requirement. Kind of like sudo can let you see who did what.
/var/log/zypp/history does provide some indication in that it logs an event when you start YaST, so it would be interesting to see the bits of log from around the time that the package was installed. Perhaps somebody who knows more would be able to tell us what to look for?
Zypper-log [PID] provides very granular detail.
minas-tirith:~ # zypper-log --help Usage: zypper-log [-h] [-l FILE] [-r N] [-d YYYY[-MM[-DD]]] [PID] This tool helps you to access the zypper logfile '/var/log/zypper.log'. Run this command without any arguments to get a list of your zypper runs. Provide the PID of a zypper run as an argument to query the log for this run. Positional arguments: PID Get log for this PID Optional arguments: -h, --help show this help message and exit -l FILE Read only this file -r N Read N rotated logfiles -d YYYY[-MM[-DD]] Get runs for this date minas-tirith:~ # What is "PID"? How do I obtain it? The man page does not say what is PID, but at least I know how to obtain it: second column in this listing: minas-tirith:~ # zypper-log ================================================================================ Collect from /var/log/zypper.log ... TIME PID VER CMD 2020-11-08 12:18 1569 1.14.40 /usr/bin/zypper -n purge-kernels 2021-04-06 19:44 1564 1.14.42 /usr/bin/zypper -n purge-kernels 2021-05-11 22:59 15716 1.14.42 zypper lr --details 2021-05-11 23:06 16205 1.14.42 zypper ref 2021-05-11 23:06 16215 1.14.42 zypper ref 2021-05-12 00:54 1493 1.14.43 /usr/bin/zypper -n purge-kernels 2021-05-13 22:56 13929 1.14.43 zypper lr 2021-07-04 13:00 1501 1.14.45 /usr/bin/zypper -n purge-kernels 2021-07-07 02:43 27099 1.14.45 zypper ps 2021-07-20 11:31 18102 1.14.46 zypper lr --details 2021-07-20 12:05 1503 1.14.46 /usr/bin/zypper -n purge-kernels 2021-07-22 01:51 19473 1.14.46 zypper versioncmp 2.2.7 1.6 2021-07-22 01:58 21114 1.14.46 zypper versioncmp 2.2.7 1.6 2021-07-23 00:08 11731 1.14.46 zypper patch 2021-07-23 10:59 1621 1.14.46 /usr/bin/zypper -n purge-kernels 2021-07-23 14:02 9604 1.14.46 zypper se nvme 2021-07-23 14:03 9696 1.14.46 zypper --disable-repositories --xmlout --non-interactive products -i 2021-07-24 12:55 21789 1.14.46 zypper in nvme-cli 2021-07-24 13:00 22332 1.14.46 zypper rm nvme-cli zypper-search-packages-plugin minas-tirith:~ # The date I want is 2020-11-08, so PID is 1569, or earlier. The resulting log has 1204 lines. No mention of "zypper-s" in that log. I think the log of interest is not included, it was earlier, at 00:26 But we already know it was a zypper dup, an automated package install. - -- Cheers Carlos E. R. (from openSUSE Leap 15.2 x86_64 (Minas Tirith)) -----BEGIN PGP SIGNATURE----- iJIEAREIADoWIQQt/vKEw5659AgM/X2NrxRtxRYzXAUCYPx9xRwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJEI2vFG3FFjNc6goA/R1xh7/sSyEMcfoY7c3K rh++Vr49AyDVXCTB2vaTU5fMAP9umufF0/TaSCuAQ1So5EiPNMKrvIlf3PdYS+Db cGopKA== =TeEN -----END PGP SIGNATURE-----