Linux systems: Scraping up information about apt updates

Where can you find information on Linux updates performed with apt commands? Check the /var/log/apt directory.

Linux systems: Scraping up information about apt updates
Jacob von der Lippe (CC BY-SA 2.0)

When you use the apt command to install new packages or run routine upgrades on your Debian-based Linux system, you might wonder where information about your activities are being recorded.

For one, your history file probably retains information on the commands that you use, though history files like ~/.bash_history will only keep the most recent commands that you've run — depending on your $HISTSIZE setting — and generally will not include dates and times. There is, however, another place to find information about apt commands and that place is /var/log/apt.

The /var/log/apt directory contains a number of log files — the history.log file, plus a series of older versions of the file named history.log.1.gz, history.log.2.gz, history.log.3,gz and so on. Each of these logs will contain information on apt commands that have been run within a particular timeframe.

-rw-r--r-- 1 root root  8165 Jan 17 13:26 history.log
-rw-r--r-- 1 root root  2088 Dec 26 15:48 history.log.1.gz
-rw-r--r-- 1 root root  2105 Nov 30 06:48 history.log.2.gz
-rw-r--r-- 1 root root 21150 Oct 31 06:45 history.log.3.gz
-rw-r--r-- 1 root root  3700 Oct  3 18:13 history.log.4.gz
-rw-r--r-- 1 root root  2544 Aug 31 06:05 history.log.5.gz
-rw-r--r-- 1 root root  2788 Jul 27 15:42 history.log.6.gz
-rw-r--r-- 1 root root  2910 Jun 28  2018 history.log.7.gz
-rw-r--r-- 1 root root 29216 May 31  2018 history.log.8.gz

As you can see, these log files are relatively small and quite a few generations of the file are retained. All but the current log are gzipped to save disk space. The file dates illustrate that the logs are in this example system rolled over approximately once a month.

What's in a history.log file?

A good deal of the information in /var/log/apt's history.log files describe the packages that were updated when a system upgrade was performed. This record from Jan. 10 shows the command that was run (apt upgrade), the user who ran the upgrade command, and the list of upgraded source packages.

Start-Date: 2019-01-10  07:19:33
Commandline: apt upgrade
Requested-By: jdoe (1234)
Upgrade: libreoffice-style-breeze:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18
.10.2), libreoffice-math:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2), l
ibpangoft2-1.0-0:amd64 (1.42.4-3, 1.42.4-3ubuntu1), gedit:amd64 (3.30.2-0ubuntu0
.18.10.1, 3.30.2-0ubuntu0.18.10.2), gir1.2-mutter-3:amd64 (3.30.2-1~ubuntu18.10.
1, 3.30.2-1~ubuntu18.10.2), python3-software-properties:amd64 (0.96.27, 0.96.27.
1), libreoffice-gtk3:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2), libre
office-core:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2), libasound2-dat
a:amd64 (1.1.6-1ubuntu1, 1.1.6-1ubuntu1.2), gir1.2-pango-1.0:amd64 (1.42.4-3, 1.
42.4-3ubuntu1), libmutter-3-0:amd64 (3.30.2-1~ubuntu18.10.1, 3.30.2-1~ubuntu18.1
0.2), software-properties-gtk:amd64 (0.96.27, 0.96.27.1), python3-uno:amd64 (1:6
.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2), mutter-common:amd64 (3.30.2-1~ubuntu
18.10.1, 3.30.2-1~ubuntu18.10.2), libreoffice-style-galaxy:amd64 (1:6.1.2-0ubunt
u1.1, 1:6.1.3-0ubuntu0.18.10.2), libreoffice-base-core:amd64 (1:6.1.2-0ubuntu1.1
, 1:6.1.3-0ubuntu0.18.10.2), libpangoxft-1.0-0:amd64 (1.42.4-3, 1.42.4-3ubuntu1)
, libreoffice-ogltrans:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2), lib
reoffice-impress:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2), libreoffi
ce-style-elementary:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2), nautil
us:amd64 (1:3.26.4-0ubuntu7, 1:3.26.4-0ubuntu7.1), libnautilus-extension1a:amd64
 (1:3.26.4-0ubuntu7, 1:3.26.4-0ubuntu7.1), libpangocairo-1.0-0:amd64 (1.42.4-3,
1.42.4-3ubuntu1), psmisc:amd64 (23.1-1build1, 23.1-1ubuntu1.1), libreoffice-styl
e-colibre:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2), ure:amd64 (6.1.2
-0ubuntu1.1, 6.1.3-0ubuntu0.18.10.2), gnome-shell-common:amd64 (3.30.1-2ubuntu1.
18.10.1, 3.30.1-2ubuntu1.18.10.2), libreoffice-writer:amd64 (1:6.1.2-0ubuntu1.1,
 1:6.1.3-0ubuntu0.18.10.2), libreoffice-common:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.
3-0ubuntu0.18.10.2), gedit-common:amd64 (3.30.2-0ubuntu0.18.10.1, 3.30.2-0ubuntu
0.18.10.2), libasound2:amd64 (1.1.6-1ubuntu1, 1.1.6-1ubuntu1.2), fonts-opensymbo
l:amd64 (2:102.10+LibO6.1.2-0ubuntu1.1, 2:102.10+LibO6.1.3-0ubuntu0.18.10.2), li
breoffice-pdfimport:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2), uno-li
bs3:amd64 (6.1.2-0ubuntu1.1, 6.1.3-0ubuntu0.18.10.2), nautilus-data:amd64 (1:3.2
6.4-0ubuntu7, 1:3.26.4-0ubuntu7.1), gnome-shell:amd64 (3.30.1-2ubuntu1.18.10.1,
3.30.1-2ubuntu1.18.10.2), libreoffice-style-tango:amd64 (1:6.1.2-0ubuntu1.1, 1:6
.1.3-0ubuntu0.18.10.2), libreoffice-help-en-us:amd64 (1:6.1.2-0ubuntu1, 1:6.1.3-
0ubuntu0.18.10.2), libreoffice-gnome:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0
.18.10.2), libreoffice-calc:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2)
, libpango-1.0-0:amd64 (1.42.4-3, 1.42.4-3ubuntu1), libreoffice-draw:amd64 (1:6.
1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2), libreoffice-avmedia-backend-gstreamer
:amd64 (1:6.1.2-0ubuntu1.1, 1:6.1.3-0ubuntu0.18.10.2), mutter:amd64 (3.30.2-1~ub
untu18.10.1, 3.30.2-1~ubuntu18.10.2), software-properties-common:amd64 (0.96.27,
 0.96.27.1)
End-Date: 2019-01-10  07:20:04

We can also tell from the start and end times that this upgrade took less than a minute to run, starting at 07:19:33 and ending at 07:20:04.

You may also see a number of unattended upgrades noted in the file — like this one:

Start-Date: 2019-01-11  06:58:34
Commandline: /usr/bin/unattended-upgrade
Upgrade: libexiv2-14:amd64 (0.25-4, 0.25-4ubuntu0.1)
End-Date: 2019-01-11  06:58:35

Unattended upgrades will happen only if they have been configured to run on the system. Check the /etc/apt/apt.conf.d/50unattended-upgrades file on your system to determine if this is the case. A section of configuration commands like what is shown below would indicate that automatic security updates have been enabled:

// Note that in Ubuntu security updates may pull in new dependencies
// from non-security sources (e.g. chromium). By allowing the release
// pocket these get automatically pulled in.
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
        "${distro_id}ESM:${distro_codename}";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};

If unattended upgrades are not set up on your system, you can set them up with this command:

$ sudo apt install unattended-upgrades

The // characters turn many of the lines in this configuration file into comments. As is, only security updates will be automatically installed. ESM in the configuation lines shown above refers to "extended security maintenance".

Command history and dates

You can insert dates and times into your command history file if you use commands shown below. The second command makes this change a permanent part of your startup routine, so you can have that information added to your history file routinely.

$ export HISTTIMEFORMAT="%Y-%m-%d %T "
$ export HISTTIMEFORMAT="%Y-%m-%d %T " > ~/.bash_history

If you make these changes, date/time information will be added to your history file. Here's an example of what that should look like:

#1547757540
figlet "That's all, folks!"

That #1547757540 shown above represents the date and time that the command was run. Viewing this information with the history command, the date and time will be displayed depending on the format setting you selected.

 881  2019-01-17 15:39:00 figlet "That's all, folks!"

That's all, folks!

Recovering information on when system upgrades were done and when packages were added to a system can be a bit time-consuming. In addition, that information — both in your command history and in the system log files — is somewhat short-lived. Your command history may be available for only a few days (depending on how many commands you use on a daily basis), and your system log files will probably last only some number of months. That's why it's good to also check the /var/log/apt directory.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Now read: Getting grounded in IoT