What is sysstat in my system logs?
Hello. We have noticed this is running daily:
sudo lnav /var/log/syslog
May 29 10:40:45 dev-test-123 systemd[1]: sysstat-collect.service: Deactivated successfully.
May 29 10:40:45 dev-test-123 systemd[1]: Finished system activity accounting tool.
May 29 10:42:48 dev-test-123 systemd[1]: Starting Download data for packages that failed at package install time...
May 29 10:42:48 dev-test-123 systemd[1]: Started Session 2345 of User admin.
May 29 10:42:48 dev-test-123 systemd[1]: update-notifier-download.service: Deactivated successfully.
May 29 10:42:48 dev-test-123 systemd[1]: Finished Download data for packages that failed at package install time.
It is not clear for us why this "download" thing is happening. Is there any potential vulnerability this may take?
1 Reply
I can see that some of the logs you posted are all related to sysstat, a performance monitoring tool for Linux. Sysstat is a legitimate service that is built into many Unix systems, and can be installed manually if it isn't. If you would like more information on sysstat, the official sysstat website, or the sysstat github, are both great resources.
In regards to the specific output in your logs, I went and checked the logs on one of my systems to compare. The first two lines appear to just be normal status from the sysstat processes.
May 29 10:40:45 dev-test-123 systemd[1]: sysstat-collect.service: Deactivated successfully.
May 29 10:40:45 dev-test-123 systemd[1]: Finished system activity accounting tool.
Lines 3-6 appear to be from the update notifier, a built in Unix tool for download reporting in cases like this. It looks like it was just checking for any updates, and downloaded additional packaged data.
May 29 10:42:48 dev-test-123 systemd[1]: Starting Download data for packages that failed at package install time...
May 29 10:42:48 dev-test-123 systemd[1]: Started Session 2345 of User admin.
May 29 10:42:48 dev-test-123 systemd[1]: update-notifier-download.service: Deactivated successfully.
May 29 10:42:48 dev-test-123 systemd[1]: Finished Download data for packages that failed at package install time.
This shouldn't be any worry about vulnerabilities, and is just the system automatically downloading and installing data for it's packages. It's certainly good to be on the lookout for things like this in your logs however, and was a good catch. If you are ever worried about your system being compromised, we have a great community post that helps break down a lot of options to look into issues or secure your system.
If you have any additional questions, you can open a ticket through the Cloud Manager to have us help you directly.