Solved: RPM detection

catch_mili · ‎03-08-2013

How to detect if new rpm installed in Centos OS using Splunk. OR
How should I monitor rpm -qa in Splunk.

MuS · ‎03-08-2013

Hi catch_mili

like in your Solaris question ... it's the same here: how would you detect a newly installed RPM in CentOS and then provide it into splunk.

for example:

you can get with rpm -qa a full list of installed RPM and with rpm -qi <RPM Name> you can get the install date. With this you can build a scripted input.

cheers,
MuS

View solution in original post

MuS · ‎03-08-2013

Hi catch_mili

like in your Solaris question ... it's the same here: how would you detect a newly installed RPM in CentOS and then provide it into splunk.

for example:

you can get with rpm -qa a full list of installed RPM and with rpm -qi <RPM Name> you can get the install date. With this you can build a scripted input.

cheers,
MuS

dwaddle · ‎05-29-2013

RPM gives you one additional option too, the --queryformat option, which can give you additional data, like the install time. An example is as such:

rpm --queryformat "%{NAME} %{VERSION} %{INSTALLTIME}\n" -qa

blebit · ‎01-16-2015

hi dwaddle,
how to convert install time into readable format ?
thanks

MuS · ‎01-16-2015

although this is completely un-related to Splunk I provide an answer here 😉

rpm --queryformat "%{NAME} %{VERSION} %{INSTALLTIME:date}\n" -qa

found here http://www.nbtnet.newboundary.com/support/docs/ppm/ppm/ppm_6_3/general_unix/ppm0362.htm after one single google search 🙂

catch_mili · ‎03-12-2013

Hi MuS, Thanks.

blebit · ‎01-16-2015

hi MuS,
can you tell how this script would be please?
Thank you

MuS · ‎01-16-2015

This is not possible, since i don't know your environment nor your requirement.

RPM detection

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!