The Package Upgrade Agent plugin allows you to monitor the number of days since your server was last updated and how many packages (either security on non-security related) are waiting to be installed. However it does require additional configuration if you want to be able to use the “Security-related packages waiting to be updated” and “Non-security-related packages waiting to be updated” metrics. To set up support for these metrics, the following is needed in the /etc/sudoers folder.
On Red Hat/CentOS:
Defaults:panopta-agent !requiretty
panopta-agent ALL=(ALL) NOPASSWD: /usr/bin/yum, /usr/bin/zgrep
On Ubuntu/Debian:
panopta-agent ALL=(ALL) NOPASSWD: /usr/bin/apt-get
To add a package upgrade agent resource to your server first see Add FortiMonitor Agent checks if you have not already.
First select Linux from the monitoring catalog.
The metric drop-down will have either one or three options, depending on whether you chose to add the additional configuration.
-
Check for Package Installation
-
Days since the last package update was run
-
Non-security-related package waiting to be updated
-
Security-related packages waiting to be updated
If you choose to change your alert thresholds for this resource, please remember that this resource returns a value in days.
If you would like to inspect the Package Upgrades plugin in more detail you can find the python script for it in /usr/lib/panopta-agent/plugins/package_upgrade.py.