Kristin Thomas - Converted document from HTML to DocBook v4.1 (SGML)
2001-02-09
Revision History | ||
---|---|---|
Revision 1.1 | 2001-02-09 | Revised by: KET |
Revision 1.0 | 1997-08-08 | Revised by: AMCT |
This document is copylefted by Albert M.C. Tam (bertie@scn.org). Permission to use, copy, distribute this document for non-commerical purposes is hereby granted, provided that the author's/editor's name and this notice appear in all copies and/or supporting documents and provided that this document is not modified. This document is distributed in hope that it will be useful, but WITHOUT ANY WARRANTY, either expressed or implied. While every effort has been taken to ensure the accuracy of the information documented herein, the author/editor/maintainer assumes NO RESPONSIBILITY for errors, or for damages resulting for the use of the information documented herein.
This document describes how to enable system process accounting on a Linux host and the usage of various process accounting commands. It is intended for users running kernel versions greater than or equal to 1.3.73 (tested on RedHat™ 4.1 kernel 2.0.27). Kernels older than 1.3.73 may need a patch in order to use the process accounting feature.
Feel free to send any feedback or comments to bertie@scn.org if you find an error, or if any information is missing. I appreciate it.
Process accounting is the method of recording and summarizing commands executed on Linux. The modern Linux kernel is capable of keeping process accounting records for the commands being run, the user who executed the command, the CPU time, and much more.
Process accounting enables you to keep detailed accounting information for the system resources used, their allocation among users, and system monitoring.
Process accounting support has been integrated into the newer kernels (version >= 1.3.73). If you are running an older kernel, you may need some patch files. The patches are available from ftp://iguana.hut.fi/pub/linux/Kernel/process_accounting
A Linux kernel version greater than or equal to version 1.3.73 is required, and I recommended 2.x. The kernel source is available from http://sunsite.unc.edu/pub/Linux/kernel/v2.0
Depending on the Linux distribution you have, you may not have the process accounting software package installed on your system. If you don't have it, try downloading the package from http://sunsite.unc.edu/pub/Linux/system/admin/quota-acct-modified.tgz
Compile and install process accounting software.
The process accounting software package is available from http://sunsite.unc.edu/pub/Linux/system/admin/quota-acct-modified.tgz
Modify your system init script and turn on process accounting at boot time.
Here's an example:
# Turn process accounting on. if [ -x /sbin/accton ] then /sbin/accton /var/log/pacct echo "Process accounting turned on." fi |
Create accounting record file "pacct."
Your process accounting software will print out all commands executed to the file /var/log/pacct by default.
To create the accounting record file:
touch /var/log/pacct |
This record file should be owned by root, and it has read-write permission for root and read permission for anybody else:
chown root /var/log/pacct chmod 0644 /var/log/pacct |
Reboot.
Now reboot your system for changes you made to take effect.
ac prints out statistics about users' connection times in hours based on the logins and logouts in the current /var/log/wtmp file. ac is also capable of printing out time totals for each day (-d option), and for each user (-p option).
accton is used to turn on or turn off process accounting. The file is normally executed at system bootup or shutdown via system init scripts.
last goes through the /var/log/wtmp file and prints out information about users' connection times.
sa summarizes accounting information from previously executed commands, software I/O operation times, and CPU times, as recorded in the accounting record file /var/account/pacct.
lastcomm prints out the information about all previously executed commands, recorded in /var/account/pacct.