Hello.
I would like to know how i can see if a linux server need to be update.
I've install and test prtg mini-probe. And it's working on the probe.
The mini-probe can monitoring other linux server or i have to install the mini-probe on each linux server ?
We have more than hundred linux server so i need to find a solution.
Article Comments
Is there any solution to this? We use the windows update sensor and it works great. We have a large number of linux boxes in our enterprise, and it would be nice to monitor when they have outstanding security updates. Please advise.
Dec, 2017 - Permalink
Hello Andrew,
Not really. In Windows there are certain Powershell commands available that are being used in the sensor to retrieve those details. With Linux, not so much, basically all you find around that topic leads to apt-get update and apt-get upgrade, but nothing that just performs the query and presents it in some sort of overview of missing/required updates and if so the output is quite hard to parse in order to represent the data like in a sensor for example.
Kind regards,
Erhard
Dec, 2017 - Permalink
Hello Linux lovers,
Both yum and dnf for RedHat 7/8 (and CentOS 7/8) can take the argument "check-update" which returns the exit code of 100 if there are available updates, 0 for no available updates and 1 if an error occurs. Wrapping this in a small shellscript and use the SSH Script Advanced probe can let you monitor this with PRTG. Adding a small script (excuse my bad BASH skills) as proof of concept.
Be aware that the scanning interval of course have to be changed since it is quiet a heavy probe, and that the timeout have to be much higher, maybe several minutes depending on your install base and external connectivity.
Also, this gobbles up probes, one per server to check.
#!/bin/bash
dnf -q check-update > /dev/null
RET=$?
echo "<prtg>
<result>
<channel>Updates available</channel>"
if [ $RET -eq 0 ]; then
echo " <value>0</value>"
fi
if [ $RET -eq 100 ]; then
echo " <value>1</value>"
echo " <warning>1</warning>"
fi
echo " </result>"
echo "</prtg>"
Feb, 2020 - Permalink
Hello,
we have implemented a solution like from the prtg script world https://www.paessler.com/script-world/all/all/all?stats=all&fulltext=yum&newOnly=false&scroll=0&key=1582742563531
So our PRTG instance is connection via SSH to the box and checks via "yum check-update | wc -l" to count the number of updates
after that we use the threshold of 200 packages to set to warn (new release available) it is also possible via "rpm -someOption" to get the date of the last installed /updated package. And if the date is to far just alarm via threshold :) you could also combine this with the ssh advance sensor.
(Does only need to rune every day one time or even in a week so no real performance issues for PRTG or the system you monitor)
regards Michele
(always available for interesting Monitoring tasks :) )
Feb, 2020 - Permalink
Hi,
this is rather an easy job, but i´m lost at last, PRTG does not understand me, maybe anyone can help? I´m new to PRTG, coming from the Nagios-Corner, lots of common, lots of differences... So, on my monitored Linux machines, there is already the package "monitoring-plugins-basic" installed, so why don´t use that? check_apt does the job fine, as we can see
/usr/lib/nagios/plugins/check_apt APT OK: 0 packages available for upgrade (0 critical updates). |available_upgrades=0;;;0 critical_updates=0;;;0
Fine...
Now using ssh-script sensor on that, and prtg throws an error, what was expected...
Antwort nicht wohlgeformt: "APT OK: 0 packages available for upgrade (0 critical updates). |available_upgrades=0;;;0 critical_updates=0;;;0 "
PRTG awaits a number, not a text. So, trying to be clever and formatting the output a bit...
/usr/lib/nagios/plugins/check_apt |cut -d ' ' -f 3 0
Thats what we want!
But on the ssh-script sensor, the result is
Antwort nicht wohlgeformt: "0 " (Code: PE132)
And that where I am lost...what am I doing wrong?
Regards
Jun, 2020 - Permalink
Hi there,
Please note that PRTG's return cannot be read because it is not in the correct format. PRTG does not know if "0 " is the value or the message. Therefore a specific format must be used which is described in the web interface under Setup > PRTG API > Custom Sensors. The script should look like this:
| returncode:value:message |
Following returncodes are possible:
0 OK 1 WARNING 2 System Error (e.g. a network/socket error) 3 Protocol Error (e.g. web server returns a 404) 4 Content Error (e.g. a web page does not contain a required word)
Kind regards
Felix Wiesneth - Team Tech Support
Jun, 2020 - Permalink
Hi Felix,
thanks for your fast reply and the hint. I got this running now :)
Prerequisites: monitoring-plugins-basic installed on target system, your script executable in /var/prtg/scripts (mine is called updates.sh)
#!/bin/sh #returncode:value:message #0 OK #1 WARNING #2 System Error (e.g. a network/socket error) #3 Protocol Error (e.g. web server returns a 404) #4 Content Error (e.g. a web page does not contain a required word) UPDATES=`/usr/lib/nagios/plugins/check_apt |cut -d ' ' -f 3` echo "0:$UPDATES:Update(s) verfügbar"
Works fine on Debian and Ubuntu. Feel free to use and improve
Regards
Jun, 2020 - Permalink
Hi there,
I'm happy to hear that it is now working. Thank you for sharing.
Kind regards
Felix Wiesneth - Team Tech Support
Jun, 2020 - Permalink
I've been working on this and wanted a bit more than just update numbers, but also whether a reboot was required. I liked the solution above but didn't like the dependency on the Nagios plugin - it's just another dependency. Turns out Ubuntu has this functionality built-in because it uses it for the MoTD notification.
This should work on Ubuntu 18 and 20, and maybe works on recent Debian as well, but I haven't tested it.
This is what I came up with, and it needs putting into /var/prtg/scriptsxml
#!/bin/bash
# Get overall number of updates and write to variable
numupdates=`/usr/lib/update-notifier/apt-check 2>&1 |cut -d ';' -f 1`
# Get number of security updates and write to variable
numsecupdates=`/usr/lib/update-notifier/apt-check 2>&1 |cut -d ';' -f 2`
# Find out if reboot is required
if [ -f /var/run/reboot-required ]; then
needsreboot="1"
else
needsreboot="0"
fi
###########################
# Define PRTG variables
# secLimitMaxError - an upper error limit for the **security** updates. The sensor is set to Down status if this value is exceeded
secLimitMaxError="0"
# secLimitErrorMsg - error message to be displayed in PRTG when **security** updates are required.
secLimitErrorMsg="Please run apt update to install security updates"
# updLimitMaxError - an upper error limit for the **standard** updates. The sensor is set to Down status if this value is exceeded
updLimitMaxError="10"
# updLimitMaxWarning - an upper warning lmit for the standard updates. The sensor is set to Warning status if this value is exceeded
updLimitMaxWarning="5"
# updLimitErrorMsg - error message to be displayed in PRTG when **standard** updates are required
updLimitErrorMsg="Please run apt upgrade to install updates"
# updLimitWarningMsg - warning message to be displayed in PRTG when standard updates are required, below MaxError but above MaxWarning
updLimitWarningMsg="Non-critical updates required, please run apt upgrade soon to install"
# LimitMode - enfoce limits (1) or not (0) in the PRTG channel
LimitMode="1"
# rebootLimitErrorMsg - the message displayed when a reboot is required
rebootLimitErrorMsg="Please reboot the server"
##########################
# output to stdout
# debug output for easy testing, normally commented out
# echo "$numupdates:Update(s) available\n$numsecupdates:Security update(s) available"
# echo "$needsreboot"
# real output as xml with line breaks conforming to PRTG standards - https://www.paessler.com/manuals/prtg/custom_sensors#advanced_elements
echo -e "<prtg>\n<result>\n<channel>Available updates</channel>\n<value>$numupdates</value>\n<unit>Count</unit>\n<LimitMaxError>$updLimitMaxError</LimitMaxError>\n<LimitMaxWarning>$updLimitMaxWarning</LimitMaxWarning>\n<LimitErrorMsg>$updLimitErrorMsg</LimitErrorMsg>\n<LimitWarningMsg>$updLimitWarningMsg</LimitWarningMsg>\n<LimitMode>$LimitMode</LimitMode>\n</result>\n<result>\n<channel>Available security updates</channel>\n<value>$numsecupdates</value>\n<unit>Count</unit>\n<LimitMaxError>$secLimitMaxError</LimitMaxError>\n<LimitErrorMsg>$secLimitErrorMsg</LimitErrorMsg>\n<LimitMode>$LimitMode</LimitMode>\n</result>\n<result>\n<channel>Reboot required</channel>\n<value>$needsreboot</value>\n<unit>Count</unit>\n<LimitMaxError>0</LimitMaxError>\n<LimitErrorMsg>$rebootLimitErrorMsg</LimitErrorMsg>\n<LimitMode>$LimitMode</LimitMode>\n</result>\n</prtg>"
Nov, 2021 - Permalink
Hi there,
Thank you for sharing your solution.
Kind regards
Felix Wiesneth - Team Tech Support
Nov, 2021 - Permalink
Hi there,
I don't have an out of the box solution for this. With the Windows Update Powershell sensor what we do is performing a query that returns details about missing updates. I am not aware if such a query can be performed in Linux, maybe someone else can chip in on this.
Kind regards,
Erhard
Jul, 2017 - Permalink