# Missing Emerge log entries.[SOLVED]

## spidark

Hi all.

I just ran rkhunter , and it came up with a few warnings.

```

File: /bin/login

File: /bin/groups

File: /bin/passwd

File: /bin/su

File: /sbin/nologin

File: /usr/bin/lastlog

File: /usr/sbin/groupadd

More warnings, but ill keep it short.

```

All the above belongs to the sys-apps/shadow-4.6

All have the same modification times.

```

Current file modification time: 1537023616 (15-Sep-2018 17:00:16)

Stored file modification time : 1525391550 (04-May-2018 01:52:30)

```

There is no recorded data of this install, when checking logs within elogv.

```
* sys-auth/polkit-0.113-r4 - 09/15/2018                                                                                            │

│ * app-antivirus/clamav-0.100.1 - 09/15/2018                                                                                        │

│ * app-admin/sudo-1.8.23-r2 - 09/15/2018                                                                                            │

│ * app-admin/sudo-1.8.23-r2 - 09/15/2018    
```

However running genlop -t shadow does.

```
* sys-apps/shadow

     Sat Sep 15 17:00:23 2018 >>> sys-apps/shadow-4.6

       merge time: 42 seconds.
```

I have a unset PORT_LOGDIR, so if i'm not mistaken things defaults to /var/log/portage/elog Directory.

There no sys-apps/shadow-4.6 in that directory.

The Same story as above goes for the package net-misc/iputils-20171016_pre

which rkhunter gave a warning on the following file.

```

File: /bin/ping

Current file modification time: 1537023148 (15-Sep-2018 16:52:28)

Stored file modification time : 1536700098 (11-Sep-2018 23:08:18)

* net-misc/iputils

     Tue Sep 11 23:08:22 2018 >>> net-misc/iputils-20171016_pre

       merge time: 7 seconds.

     Sat Sep 15 16:52:34 2018 >>> net-misc/iputils-20171016_pre

       merge time: 10 seconds.

```

I cant remember installing iputils, and i cant remember doing that twice  :Sad: 

Maybe i'm just getting old  :Wink: 

Ok Here are the Outputs of qcheck shadow and iputils

as Normal user.

```

$ qcheck shadow

Checking sys-apps/shadow-4.6 ...

 PERM 4711: /usr/bin/gpasswd

 PERM 4711: /usr/bin/chfn

 PERM 4711: /usr/bin/newgidmap

 PERM 4711: /usr/bin/expiry

 PERM 4711: /usr/bin/chsh

 PERM 4711: /usr/bin/newgrp

 PERM 4711: /usr/bin/newuidmap

 PERM 4711: /usr/bin/chage

 PERM 4711: /bin/passwd

 PERM 4711: /bin/su

 PERM  600: /etc/default/useradd

  * 640 out of 651 files are good (Unable to digest 11 files)

Checking virtual/shadow-0 ...

  * 0 out of 0 file are good

$ qcheck iputils

Checking net-misc/iputils-20171016_pre ...

 PERM  711: /bin/arping

 PERM  711: /bin/ping

  * 13 out of 15 files are good (Unable to digest 2 files)

```

And as root

```
Checking sys-apps/shadow-4.6 ...

  * 651 out of 651 files are good

Checking virtual/shadow-0 ...

  * 0 out of 0 file are good

Checking net-misc/iputils-20171016_pre ...

  * 15 out of 15 files are good

```

Any ideas ?

Thanks in advance.

----------

## NeddySeagoon

spidark,

Both shadow and iproute2 are free with the stage3 tarball, so you would only have emerged them yourself if there were new versions or you changed USE flags.

----------

## spidark

 *NeddySeagoon wrote:*   

> spidark,
> 
> Both shadow and iproute2 are free with the stage3 tarball, so you would only have emerged them yourself if there were new versions or you changed USE flags.

 

Hi NeddySeagoon.

Thanks for your reply  :Very Happy: 

Yes i know these packages comes within stage3 tarball, and i had no reason to install them manually.

So ruling me out as the installer. and leaving only room for updates.

There's no records of them in my world file, correct me if i'm wrong.

Manual installs gets recorded to world ? 

What i don't understand is why there's no entry of iputils (not iproute) and shadow in my logs,

I remember installing Network Manager which has iputils as a dep.

I know  i have added the network manager use flag to pull in NetworkManager package.

Not sure is this rebuilds iputils package, because none of my useflag effects iputils package.

Let say portage did rebuild iputils.

But still the date does not check

```
sudo genlop -t networkmanager

Password: 

 * net-misc/networkmanager

     Wed Sep 12 16:37:17 2018 >>> net-misc/networkmanager-1.10.10

       merge time: 1 minute and 51 seconds.

* These packages depend on iputils:

net-misc/networkmanager-1.10.10 (net-misc/iputils)

                                (net-misc/iputils[arping(+)])

Warning: The file properties have changed:

File: /bin/ping

Current inode: 1444722    Stored inode: 1441865

Current file modification time: 1537023148 (15-Sep-2018 16:52:28)

Stored file modification time : 1536700098 (11-Sep-2018 23:08:18)

$ equery b /bin/ping

 * Searching for /bin/ping ... 

net-misc/iputils-20171016_pre (/bin/ping)

```

Same story for the Shadow package.

No entry logs, no where, or i'm looking into the wrong places.

```
$ equery d shadow

 * These packages depend on shadow:

mail-mta/nullmailer-2.0-r1 (virtual/shadow)

net-misc/openssh-7.7_p1-r9 (userland_GNU ? virtual/shadow)

virtual/shadow-0 (!prefix ? >=sys-apps/shadow-4.1)

$ sudo genlop -t net-misc/openssh

 * net-misc/openssh

     Wed Sep 12 00:29:01 2018 >>> net-misc/openssh-7.7_p1-r9

       merge time: 1 minute and 8 seconds.

```

Lets say openssh was updated, and portage for some unknown reason decided to rebuild shadow as a dep.

Again the dates does not check.

Shouldn't there be a rebuild log somewhere ?

Where does genlop gets it info from ? 

Thats whats bugging me.

Thaks again Neddy  :Wink: 

----------

## NeddySeagoon

spidark,

What is the timestamp on /var/log/emerge.log ?

What is the time of the very first entry in  /var/log/emerge.log. It should be the time you ran emerge for the first time on this install, unless the log has been rotated.

There is only one log for emerges, it records them all.

world records packages you install but not these packages dependances. They may change and are calculated every time you emerge world.

When dependencies change, you get orphans left installed. That why you need --depclean as a part of your update process. 

Look around in /var/db/pkg/ but take great care not to edit anything. This is how portage knows what you have installed and the settings used at install time.

I'm not sure if /var/db/pkg/ is provided in the stage3 or not. I think it probably is since portage needs to know how the stage3 was built.

In turn, that means you can have packages (from the stage3) that are older than your install date.

----------

## freke

elogv only logs packages wich is triggered by the classes set in /etc/portage/make.conf?

ie. I have 

```
PORTAGE_ELOG_SYSTEM="save mail"

PORTAGE_ELOG_CLASSES="warn error log qa"
```

So many packages aren't logged there.

genlop should be using /var/log/emerge.log afaik

----------

## spidark

Hi Neddy,

I'm definitely getting old and Paranoid  :Embarassed:   My bad.

 *NeddySeagoon wrote:*   

> 
> 
> What is the timestamp on /var/log/emerge.log ?

 

```
1536702056: Started emerge on: Sep 11, 2018 21:40:56

1536702056:  *** emerge --newuse --update --ask --deep @world
```

I remember that one.

Here comes the getting old and paranoid Part.

Can't remember these  :Wink: 

Shadow

```
1537023575: Started emerge on: Sep 15, 2018 16:59:35

1537023575:  *** emerge --oneshot --ask --verbose sys-apps/shadow

1537023581:  >>> emerge (1 of 1) sys-apps/shadow-4.6 to /

```

Iputils

```

1536698629: Started emerge on: Sep 11, 2018 22:43:49

1536698629:  *** emerge --newuse --update --ask --deep --with-bdeps=y --verbose @world

which caused this

1536700095:  >>> emerge (71 of 153) net-misc/iputils-20171016_pre to /

and

1537023134: Started emerge on: Sep 15, 2018 16:52:13

1537023134:  *** emerge --oneshot --ask --verbose net-misc/iputils

1537023144:  >>> emerge (1 of 1) net-misc/iputils-20171016_pre to /

```

Can't remember those  :Embarassed: 

 *freke wrote:*   

> elogv only logs packages wich is triggered by the classes set in /etc/portage/make.conf?
> 
> ie. I have
> 
> Code:	
> ...

 

Freke mine differs, but i'm going to look into that.  :Wink: 

```
PORTAGE_ELOG_CLASSES="warn error log"

PORTAGE_ELOG_SYSTEM="save"

```

Neddy And Freke,

Sorry for wasting your precious time, but i'm truly glad you guys helped  :Smile: 

Thanks Guys.

This one Solved.  :Wink: 

----------

## Anon-E-moose

PORTAGE_ELOG_SYSTEM="echo save save_summary"

PORTAGE_ELOG_CLASSES="*"

----------

## freke

The mail part in PORTAGE_ELOG_SYSTEM reuqires additional setup.

```
PORTAGE_ELOG_SYSTEM

          Please see /usr/share/portage/config/make.conf.example for elog documentation.
```

Dunno if everything is kept in elogv if * is selected as a class?

----------

## Anon-E-moose

AFAIK everything gets logged. 

From /usr/share/portage/config/make.conf.example

```
# logging related variables:

# PORTAGE_ELOG_CLASSES: selects messages to be logged, possible values are:

#                          info, warn, error, log, qa, *

#PORTAGE_ELOG_CLASSES="log warn error"
```

----------

## spidark

 *Anon-E-moose wrote:*   

> AFAIK everything gets logged. 
> 
> From /usr/share/portage/config/make.conf.example
> 
> ```
> ...

 

Trying This Setup

```

PORTAGE_ELOG_SYSTEM="save_summary:log,warn,error,qa echo"

PORTAGE_ELOG_CLASSES="warn error logi qa"

```

----------

