Hi list,
I have the following entries, below, in today's log file (for yesterday, 10th May).
I don't run the automated yum-updated and didn't run a yum update yesterday, and no packages were installed. Obviously the entries are old.
I was wondering if anyone could offer an explanation?
Thanks,
Ned
--------------------- yum Begin ------------------------
Packages Installed: lzo.i386 1.08-4.2.el5.rf libmad.i386 0.15.1b-4.el5.rf lame.i386 3.97-1.el5.rf faac.i386 1.25-2.el5.rf mplayer.i386 1.0-0.34.rc1try2.el5.rf giflib.i386 4.1.3-7.1.el5.1 xvidcore.i386 1.1.2-1.el5.rf mplayerplug-in.i386 3.40-1.el5.rf openal.i386 0.0.8-2.el5.rf kernel-devel.i686 2.6.18-8.1.3.el5 xorg-x11-server-sdk.i386 1.1.1-48.13.0.1.el5 dkms.noarch 2.0.13-1.el5.rf lirc.i386 0.6.6-4.el5.rf libdvdnav.i386 0.1.10-3.el5.rf aalib.i386 1.4.0-5.el5.rf perl-libwww-perl.noarch 5.805-1.1.1 libmpcdec.i386 1.2.2-2.el5.rf x264.i386 0.0.0-0.3.20061214.el5.rf mplayer-fonts.noarch 1.1-3.0.rf libmp4v2.i386 1.5.0.1-3.el5.rf
Packages Updated: libX11-devel.i386 1.0.3-8.0.1.el5 xorg-x11-apps.i386 7.1-4.0.1.el5 kernel-headers.i386 2.6.18-8.1.3.el5 vim-enhanced.i386 2:7.0.109-3.el5.3 cups.i386 1:1.2.4-11.5.1.el5 firefox.i386 1.5.0.10-2.el5.centos freetype-devel.i386 2.2.1-17.el5 evolution.i386 2.8.0-33.0.1.el5 libX11.i386 1.0.3-8.0.1.el5 yelp.i386 2.16.0-14.0.1.el5 spamassassin.i386 3.1.8-2.el5 postgresql-libs.i386 8.1.9-1.el5 vim-minimal.i386 2:7.0.109-3.el5.3 vim-common.i386 2:7.0.109-3.el5.3 devhelp.i386 0.12-10.0.1.el5 cups-libs.i386 1:1.2.4-11.5.1.el5 freetype.i386 2.2.1-17.el5
---------------------- yum End -------------------------
Last 25 packages installed/updated as reported by RPM:
$ rpm -qa --last | head -n 25 kernel-headers-2.6.18-53.1.19.el5 Fri 09 May 2008 06:45:18 PM BST kernel-2.6.18-53.1.19.el5 Fri 09 May 2008 06:41:23 PM BST kernel-devel-2.6.18-53.1.19.el5 Fri 09 May 2008 06:40:49 PM BST flash-plugin-9.0.124.0-1.el5.rf Wed 07 May 2008 01:18:16 AM BST xine-lib-1.1.12-1.el5.rf Wed 07 May 2008 01:17:56 AM BST perl-BerkeleyDB-0.34-1.el5.rf Wed 07 May 2008 01:17:53 AM BST p7zip-plugins-4.57-1.el5.rf Fri 25 Apr 2008 12:57:38 AM BST p7zip-4.57-1.el5.rf Fri 25 Apr 2008 12:57:35 AM BST gnome-screensaver-2.16.1-5.el5_1.1 Thu 24 Apr 2008 05:03:23 AM BST amavisd-new-2.5.4-1.el5.rf Wed 23 Apr 2008 07:14:03 PM BST clamd-0.93-2.el5.rf Wed 23 Apr 2008 07:14:01 PM BST clamav-0.93-2.el5.rf Wed 23 Apr 2008 07:13:59 PM BST clamav-db-0.93-2.el5.rf Wed 23 Apr 2008 07:13:58 PM BST ncompress-4.2.4-47 Wed 23 Apr 2008 07:13:57 PM BST perl-Archive-Zip-1.16-1.2.1 Wed 23 Apr 2008 07:13:56 PM BST nomarch-1.4-1.el5.rf Wed 23 Apr 2008 07:13:55 PM BST freeze-2.5.0-1.2.el5.rf Wed 23 Apr 2008 07:13:55 PM BST lha-1.14i-19.2.2.el5.rf Wed 23 Apr 2008 07:13:54 PM BST perl-Convert-TNEF-0.17-3.2.el5.rf Wed 23 Apr 2008 07:13:53 PM BST perl-MIME-tools-5.420-2.el5.rf Wed 23 Apr 2008 07:13:52 PM BST perl-Convert-UUlib-1.051-1.2.el5.rf Wed 23 Apr 2008 07:13:51 PM BST perl-Convert-BinHex-1.119-2.2.el5.rf Wed 23 Apr 2008 07:13:51 PM BST arc-5.21o-1.el5.rf Wed 23 Apr 2008 07:13:50 PM BST perl-MailTools-2.02-1.el5.rf Wed 23 Apr 2008 07:13:49 PM BST zoo-2.10-2.2.el5.rf Wed 23 Apr 2008 07:13:47 PM BST
On Sun, May 11, 2008 at 2:26 AM, Ned Slider ned@unixmail.co.uk wrote:
Hi list,
I have the following entries, below, in today's log file (for yesterday, 10th May).
--------------------- yum Begin ------------------------
Packages Installed: lzo.i386 1.08-4.2.el5.rf libmad.i386 0.15.1b-4.el5.rf lame.i386 3.97-1.el5.rf faac.i386 1.25-2.el5.rf
How odd. Do you see them in /var/log/yum.log as well?
Akemi
Akemi Yagi wrote:
On Sun, May 11, 2008 at 2:26 AM, Ned Slider ned@unixmail.co.uk wrote:
Hi list,
I have the following entries, below, in today's log file (for yesterday, 10th May).
--------------------- yum Begin ------------------------
Packages Installed: lzo.i386 1.08-4.2.el5.rf libmad.i386 0.15.1b-4.el5.rf lame.i386 3.97-1.el5.rf faac.i386 1.25-2.el5.rf
How odd. Do you see them in /var/log/yum.log as well?
Akemi
No, /var/log/yum.log matches the output from rpm --last as expected, apart from the recent kernel update which I always install manually with rpm.
Akemi Yagi wrote:
On Sun, May 11, 2008 at 2:26 AM, Ned Slider ned@unixmail.co.uk wrote:
Hi list,
I have the following entries, below, in today's log file (for yesterday, 10th May).
--------------------- yum Begin ------------------------
Packages Installed: lzo.i386 1.08-4.2.el5.rf libmad.i386 0.15.1b-4.el5.rf lame.i386 3.97-1.el5.rf faac.i386 1.25-2.el5.rf
How odd. Do you see them in /var/log/yum.log as well?
Akemi
Ah, I lied!
I think I see the problem. These are entries from /var/log/yum.log for 10th May 2007, exactly 1 year ago:
May 10 14:59:36 Updated: libX11.i386 1.0.3-8.0.1.el5 May 10 14:59:37 Updated: freetype.i386 2.2.1-17.el5 May 10 14:59:44 Updated: firefox.i386 1.5.0.10-2.el5.centos May 10 14:59:44 Updated: cups-libs.i386 1:1.2.4-11.5.1.el5 May 10 14:59:57 Updated: devhelp.i386 0.12-10.0.1.el5 May 10 14:59:59 Installed: perl-libwww-perl.noarch 5.805-1.1.1 May 10 15:00:02 Updated: spamassassin.i386 3.1.8-2.el5 May 10 15:00:34 Updated: evolution.i386 2.8.0-33.0.1.el5 May 10 15:00:35 Updated: freetype-devel.i386 2.2.1-17.el5 May 10 15:00:37 Updated: libX11-devel.i386 1.0.3-8.0.1.el5 May 10 15:00:38 Updated: xorg-x11-apps.i386 7.1-4.0.1.el5 May 10 15:00:42 Updated: cups.i386 1:1.2.4-11.5.1.el5 May 10 15:00:44 Updated: kernel-headers.i386 2.6.18-8.1.3.el5 May 10 15:01:08 Updated: yelp.i386 2.16.0-14.0.1.el5 May 10 15:01:16 Installed: kernel-devel.i686 2.6.18-8.1.3.el5 May 10 16:40:06 Installed: giflib.i386 4.1.3-7.1.el5.1 May 10 16:40:07 Installed: x264.i386 0.0.0-0.3.20061214.el5.rf May 10 16:40:09 Installed: libmp4v2.i386 1.5.0.1-3.el5.rf May 10 16:40:10 Installed: faac.i386 1.25-2.el5.rf May 10 16:40:11 Installed: libmad.i386 0.15.1b-4.el5.rf May 10 16:40:12 Installed: mplayer-fonts.noarch 1.1-3.0.rf May 10 16:40:13 Installed: openal.i386 0.0.8-2.el5.rf May 10 16:40:14 Installed: lame.i386 3.97-1.el5.rf May 10 16:40:15 Installed: libdvdnav.i386 0.1.10-3.el5.rf May 10 16:40:17 Installed: aalib.i386 1.4.0-5.el5.rf May 10 16:40:17 Installed: libmpcdec.i386 1.2.2-2.el5.rf May 10 16:40:19 Installed: xvidcore.i386 1.1.2-1.el5.rf May 10 16:40:22 Installed: lirc.i386 0.6.6-4.el5.rf May 10 16:40:23 Installed: lzo.i386 1.08-4.2.el5.rf May 10 16:40:30 Installed: mplayer.i386 1.0-0.34.rc1try2.el5.rf May 10 16:40:31 Installed: mplayerplug-in.i386 3.40-1.el5.rf May 10 19:44:52 Installed: xorg-x11-server-sdk.i386 1.1.1-48.13.0.1.el5 May 10 20:04:13 Installed: dkms.noarch 2.0.13-1.el5.rf May 10 23:02:10 Updated: vim-common.i386 2:7.0.109-3.el5.3 May 10 23:02:21 Updated: postgresql-libs.i386 8.1.9-1.el5 May 10 23:02:22 Updated: vim-minimal.i386 2:7.0.109-3.el5.3 May 10 23:02:22 Updated: vim-enhanced.i386 2:7.0.109-3.el5.3
So it looks like the log just pulled entries matching 10th May but the year is missing/wrong.
Is this a bug maybe?
Ned
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Ned Slider Sent: Sunday, May 11, 2008 5:27 AM To: CentOS mailing list Subject: [CentOS] Today's log - yum entries
Hi list,
I have the following entries, below, in today's log file (for yesterday, 10th May).
I don't run the automated yum-updated and didn't run a yum update yesterday, and no packages were installed. Obviously the entries are old.
I was wondering if anyone could offer an explanation?
Thanks,
Ned
--------------------- yum Begin ------------------------
Packages Installed: lzo.i386 1.08-4.2.el5.rf libmad.i386 0.15.1b-4.el5.rf lame.i386 3.97-1.el5.rf faac.i386 1.25-2.el5.rf mplayer.i386 1.0-0.34.rc1try2.el5.rf giflib.i386 4.1.3-7.1.el5.1 xvidcore.i386 1.1.2-1.el5.rf mplayerplug-in.i386 3.40-1.el5.rf openal.i386 0.0.8-2.el5.rf kernel-devel.i686 2.6.18-8.1.3.el5 xorg-x11-server-sdk.i386 1.1.1-48.13.0.1.el5 dkms.noarch 2.0.13-1.el5.rf lirc.i386 0.6.6-4.el5.rf libdvdnav.i386 0.1.10-3.el5.rf aalib.i386 1.4.0-5.el5.rf perl-libwww-perl.noarch 5.805-1.1.1 libmpcdec.i386 1.2.2-2.el5.rf x264.i386 0.0.0-0.3.20061214.el5.rf mplayer-fonts.noarch 1.1-3.0.rf libmp4v2.i386 1.5.0.1-3.el5.rf
Packages Updated: libX11-devel.i386 1.0.3-8.0.1.el5 xorg-x11-apps.i386 7.1-4.0.1.el5 kernel-headers.i386 2.6.18-8.1.3.el5 vim-enhanced.i386 2:7.0.109-3.el5.3 cups.i386 1:1.2.4-11.5.1.el5 firefox.i386 1.5.0.10-2.el5.centos freetype-devel.i386 2.2.1-17.el5 evolution.i386 2.8.0-33.0.1.el5 libX11.i386 1.0.3-8.0.1.el5 yelp.i386 2.16.0-14.0.1.el5 spamassassin.i386 3.1.8-2.el5 postgresql-libs.i386 8.1.9-1.el5 vim-minimal.i386 2:7.0.109-3.el5.3 vim-common.i386 2:7.0.109-3.el5.3 devhelp.i386 0.12-10.0.1.el5 cups-libs.i386 1:1.2.4-11.5.1.el5 freetype.i386 2.2.1-17.el5
---------------------- yum End -------------------------
Last 25 packages installed/updated as reported by RPM:
$ rpm -qa --last | head -n 25 kernel-headers-2.6.18-53.1.19.el5 Fri 09 May 2008 06:45:18 PM BST kernel-2.6.18-53.1.19.el5 Fri 09 May 2008 06:41:23 PM BST kernel-devel-2.6.18-53.1.19.el5 Fri 09 May 2008 06:40:49 PM BST flash-plugin-9.0.124.0-1.el5.rf Wed 07 May 2008 01:18:16 AM BST xine-lib-1.1.12-1.el5.rf Wed 07 May 2008 01:17:56 AM BST perl-BerkeleyDB-0.34-1.el5.rf Wed 07 May 2008 01:17:53 AM BST p7zip-plugins-4.57-1.el5.rf Fri 25 Apr 2008 12:57:38 AM BST p7zip-4.57-1.el5.rf Fri 25 Apr 2008 12:57:35 AM BST gnome-screensaver-2.16.1-5.el5_1.1 Thu 24 Apr 2008 05:03:23 AM BST amavisd-new-2.5.4-1.el5.rf Wed 23 Apr 2008 07:14:03 PM BST clamd-0.93-2.el5.rf Wed 23 Apr 2008 07:14:01 PM BST clamav-0.93-2.el5.rf Wed 23 Apr 2008 07:13:59 PM BST clamav-db-0.93-2.el5.rf Wed 23 Apr 2008 07:13:58 PM BST ncompress-4.2.4-47 Wed 23 Apr 2008 07:13:57 PM BST perl-Archive-Zip-1.16-1.2.1 Wed 23 Apr 2008 07:13:56 PM BST nomarch-1.4-1.el5.rf Wed 23 Apr 2008 07:13:55 PM BST freeze-2.5.0-1.2.el5.rf Wed 23 Apr 2008 07:13:55 PM BST lha-1.14i-19.2.2.el5.rf Wed 23 Apr 2008 07:13:54 PM BST perl-Convert-TNEF-0.17-3.2.el5.rf Wed 23 Apr 2008 07:13:53 PM BST perl-MIME-tools-5.420-2.el5.rf Wed 23 Apr 2008 07:13:52 PM BST perl-Convert-UUlib-1.051-1.2.el5.rf Wed 23 Apr 2008 07:13:51 PM BST perl-Convert-BinHex-1.119-2.2.el5.rf Wed 23 Apr 2008 07:13:51 PM BST arc-5.21o-1.el5.rf Wed 23 Apr 2008 07:13:50 PM BST perl-MailTools-2.02-1.el5.rf Wed 23 Apr 2008 07:13:49 PM BST zoo-2.10-2.2.el5.rf Wed 23 Apr 2008 07:13:47 PM BST ----------------------------
Ned, a good place to start is the SELinux Logs and users on the machine and blank logfiles with nothing in them.
John _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
John wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Ned Slider Sent: Sunday, May 11, 2008 5:27 AM To: CentOS mailing list Subject: [CentOS] Today's log - yum entries
Hi list,
I have the following entries, below, in today's log file (for yesterday, 10th May).
I don't run the automated yum-updated and didn't run a yum update yesterday, and no packages were installed. Obviously the entries are old.
I was wondering if anyone could offer an explanation?
Ned, a good place to start is the SELinux Logs and users on the machine and blank logfiles with nothing in them.
John
Hi John,
SELinux is not running here, and I'm the only real user.
Hi,
On Sun, May 11, 2008 at 5:26 AM, Ned Slider ned@unixmail.co.uk wrote:
I have the following entries, below, in today's log file (for yesterday, 10th May).
I don't run the automated yum-updated and didn't run a yum update yesterday, and no packages were installed. Obviously the entries are old.
I was wondering if anyone could offer an explanation?
Syslog does not print the year on log lines. Once I saw some strange behaviour similar to yours. I had a script that grep'd the logs for yesterday's date and sent it to me by e-mail. One day, I saw several SSH attempts from IPs that were empty, and IPs being resolved to names that were not the right ones. Then I logged in to the machine, looked at /var/log/secure and realized what happened. The logs were over one year old now. Maybe check /var/log/yum.log to see if that is what happened.
By the way, you say "today's log file", but to what log file are you referring? The output you show is not from /var/log/yum.log, is it some post processing?
HTH, Filipe
Filipe Brandenburger wrote:
Hi,
On Sun, May 11, 2008 at 5:26 AM, Ned Slider ned@unixmail.co.uk wrote:
I have the following entries, below, in today's log file (for yesterday, 10th May).
I don't run the automated yum-updated and didn't run a yum update yesterday, and no packages were installed. Obviously the entries are old.
I was wondering if anyone could offer an explanation?
Syslog does not print the year on log lines. Once I saw some strange behaviour similar to yours. I had a script that grep'd the logs for yesterday's date and sent it to me by e-mail. One day, I saw several SSH attempts from IPs that were empty, and IPs being resolved to names that were not the right ones. Then I logged in to the machine, looked at /var/log/secure and realized what happened. The logs were over one year old now. Maybe check /var/log/yum.log to see if that is what happened.
By the way, you say "today's log file", but to what log file are you referring? The output you show is not from /var/log/yum.log, is it some post processing?
HTH, Filipe
Yes, you're absolutely right Filipe, I just noticed it myself.
The logs are from syslog?? emailed to root each day. When I checked /var/log/yum.log as Akemi suggested, indeed there were matching entries for 10 May, but from 2007 without the year present, so it looks like syslog parsed /var/log/yum.log and returned anything matching '10 may'.
Thanks for your help!
Ned
Filipe Brandenburger wrote:
Hi,
On Sun, May 11, 2008 at 5:26 AM, Ned Slider ned@unixmail.co.uk wrote:
I have the following entries, below, in today's log file (for yesterday, 10th May).
I don't run the automated yum-updated and didn't run a yum update yesterday, and no packages were installed. Obviously the entries are old.
I was wondering if anyone could offer an explanation?
Syslog does not print the year on log lines. Once I saw some strange behaviour similar to yours. I had a script that grep'd the logs for yesterday's date and sent it to me by e-mail. One day, I saw several SSH attempts from IPs that were empty, and IPs being resolved to names that were not the right ones. Then I logged in to the machine, looked at /var/log/secure and realized what happened. The logs were over one year old now. Maybe check /var/log/yum.log to see if that is what happened.
I fixed that problem for yum by editing /etc/logrotate.d/yum and changing "size 30k" to "size 10k". For CentOS, a 10 kilobyte log file is enough to hold several months of yum activity, but small enough that the file will be rotated before a year passes. You might also explore the "monthly" or "yearly" options in logrotate. Right now I don't recall what I didn't like about using those with the yum logs.
Hi,
On Sun, May 11, 2008 at 10:24 AM, Robert Nichols rnicholsNOSPAM@comcast.net wrote:
I fixed that problem for yum by editing /etc/logrotate.d/yum and changing "size 30k" to "size 10k". For CentOS, a 10 kilobyte log file is enough to hold several months of yum activity, but small enough that the file will be rotated before a year passes.
As we wanted to make sure we solved the problem, and for all the logs, we inserted a new cron that ran logrotate with the -f parameter on a specific day of the year:
0 0 11 5 * /usr/sbin/logrotate -f /etc/logrotate.conf
I'm not sure we used midnight as the time, and the day was different for every machine. Thinking about it now, maybe it should be done twice a year.
0 0 11 5,11 * /usr/sbin/logrotate -f /etc/logrotate.conf
Anyway, you get the general idea.
Filipe
Robert Nichols wrote:
Filipe Brandenburger wrote:
Hi,
On Sun, May 11, 2008 at 5:26 AM, Ned Slider ned@unixmail.co.uk wrote:
I have the following entries, below, in today's log file (for yesterday, 10th May).
I don't run the automated yum-updated and didn't run a yum update yesterday, and no packages were installed. Obviously the entries are old.
I was wondering if anyone could offer an explanation?
Syslog does not print the year on log lines. Once I saw some strange behaviour similar to yours. I had a script that grep'd the logs for yesterday's date and sent it to me by e-mail. One day, I saw several SSH attempts from IPs that were empty, and IPs being resolved to names that were not the right ones. Then I logged in to the machine, looked at /var/log/secure and realized what happened. The logs were over one year old now. Maybe check /var/log/yum.log to see if that is what happened.
I fixed that problem for yum by editing /etc/logrotate.d/yum and changing "size 30k" to "size 10k". For CentOS, a 10 kilobyte log file is enough to hold several months of yum activity, but small enough that the file will be rotated before a year passes. You might also explore the "monthly" or "yearly" options in logrotate. Right now I don't recall what I didn't like about using those with the yum logs.
Thanks for that Bob. My yum.log was 28K so I've knocked the size setting down to 20K and will see how that goes.
Thanks again,
Ned
-
Akemi Yagi -
Filipe Brandenburger -
John -
Ned Slider -
Robert Nichols