Fortinet black logo

User Guide

Package Upgrades

24.1.0
Copy Link
Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:341218
Download PDF

Package Upgrades

The Package Upgrade Agent plugin allows you to monitor the number of days since your server was last updated and how many packages (either security on non-security related) are waiting to be installed. However it does require additional configuration if you want to be able to use the “Security-related packages waiting to be updated” and “Non-security-related packages waiting to be updated” metrics. To set up support for these metrics, the following is needed in the /etc/sudoers folder.

On Red Hat/CentOS:

Defaults:panopta-agent !requiretty
panopta-agent ALL=(ALL) NOPASSWD: /usr/bin/yum, /usr/bin/zgrep

On Ubuntu/Debian:

panopta-agent ALL=(ALL) NOPASSWD: /usr/bin/apt-get

The package_upgrade plugin is disabled by default in the panopta_agent.cfg file as seen here:
plugin_blacklist = package_upgrade

To enable this package_ugrade plugin you will need to remove package_upgrade from the plugin_blacklist .

See the plugin_blacklist documentation for more details about the plugin_blacklist.

To add a package upgrade agent resource to your server first see Add FortiMonitor Agent checks if you have not already.

First select Linux from the monitoring catalog.

The metric drop-down will have either one or three options, depending on whether you chose to add the additional configuration.

  • Check for Package Installation

  • Days since the last package update was run

  • Non-security-related package waiting to be updated

  • Security-related packages waiting to be updated

If you choose to change your alert thresholds for this resource, please remember that this resource returns a value in days.

If you would like to inspect the Package Upgrades plugin in more detail you can find the python script for it in /usr/lib/panopta-agent/plugins/package_upgrade.py.

Package Upgrades

The Package Upgrade Agent plugin allows you to monitor the number of days since your server was last updated and how many packages (either security on non-security related) are waiting to be installed. However it does require additional configuration if you want to be able to use the “Security-related packages waiting to be updated” and “Non-security-related packages waiting to be updated” metrics. To set up support for these metrics, the following is needed in the /etc/sudoers folder.

On Red Hat/CentOS:

Defaults:panopta-agent !requiretty
panopta-agent ALL=(ALL) NOPASSWD: /usr/bin/yum, /usr/bin/zgrep

On Ubuntu/Debian:

panopta-agent ALL=(ALL) NOPASSWD: /usr/bin/apt-get

The package_upgrade plugin is disabled by default in the panopta_agent.cfg file as seen here:
plugin_blacklist = package_upgrade

To enable this package_ugrade plugin you will need to remove package_upgrade from the plugin_blacklist .

See the plugin_blacklist documentation for more details about the plugin_blacklist.

To add a package upgrade agent resource to your server first see Add FortiMonitor Agent checks if you have not already.

First select Linux from the monitoring catalog.

The metric drop-down will have either one or three options, depending on whether you chose to add the additional configuration.

  • Check for Package Installation

  • Days since the last package update was run

  • Non-security-related package waiting to be updated

  • Security-related packages waiting to be updated

If you choose to change your alert thresholds for this resource, please remember that this resource returns a value in days.

If you would like to inspect the Package Upgrades plugin in more detail you can find the python script for it in /usr/lib/panopta-agent/plugins/package_upgrade.py.