Psacct : Enable process accounting2022/06/28 |
|
Install psacct to enable process accounting.
Histories of commands are kept in users' own history file but they are possible to edit or delete by users themselves, but psacct keeps all users' history files owned by root. |
|
| [1] | Install and enable psacct. |
|
[root@dlp ~]#
[root@dlp ~]# dnf -y install psacct systemctl enable --now psacct
|
| [2] | Output histories of commands by lastcomm command like follows. |
|
[root@dlp ~]# lastcomm systemd-hostnam S root __ 0.04 secs Tue Jun 28 15:22 lastcomm root ttyS0 0.00 secs Tue Jun 28 15:22 su S root ttyS0 0.00 secs Tue Jun 28 15:22 ..... ..... systemctl S root ttyS0 0.00 secs Tue Jun 28 15:21 systemd-tty-ask S root ttyS0 0.00 secs Tue Jun 28 15:21 accton S root __ 0.00 secs Tue Jun 28 15:21 # specify a user [root@dlp ~]# lastcomm --user cent bash S cent ttyS0 0.01 secs Tue Jun 28 15:22 node X cent ttyS0 0.65 secs Tue Jun 28 15:22 ls cent ttyS0 0.00 secs Tue Jun 28 15:22 ..... ..... bash F cent ttyS0 0.00 secs Tue Jun 28 15:22 hostnamectl cent ttyS0 0.00 secs Tue Jun 28 15:22 id cent ttyS0 0.00 secs Tue Jun 28 15:22 # specify a command [root@dlp ~]# lastcomm --command su su S redhat ttyS0 0.00 secs Tue Jun 28 15:24 su root ttyS0 0.00 secs Tue Jun 28 15:23 su S cent ttyS0 0.00 secs Tue Jun 28 15:23 |
| [3] | To output login time from [/var/log/wtmp] log, it's possible to use [ac] command which is included psacct package. |
|
# by daily [root@dlp ~]# ac -d ..... ..... Jun 8 total 0.15 Jun 13 total 0.00 Jun 27 total 0.11 Today total 2.06 # by user [root@dlp ~]# ac -p
cent 0.26
root 3.63
redhat 0.01
total 3.90
# by daily + user [root@dlp ~]# ac -d -p
.....
.....
Feb 18 total 0.00
root 0.21
Feb 24 total 0.21
root 0.01
Mar 4 total 0.01
cent 0.26
root 3.41
redhat 0.01
Today total 3.69
# show errors [root@dlp ~]# ac -d --complain /var/log/wtmp:1: problem: time warp (Thu Jan 1 09:00:00 1970 -> Thu Feb 18 15:51:53 2021) /var/log/wtmp:8: problem: missing login record for `tty1' Feb 18 total 0.00 /var/log/wtmp:19: problem: missing login record for `tty1' /var/log/wtmp:28: problem: missing login record for `tty1' /var/log/wtmp:38: problem: missing login record for `tty1' Feb 24 total 0.21 /var/log/wtmp:48: problem: missing login record for `tty1' Mar 4 total 0.01 ..... ..... /var/log/wtmp:194: problem: missing login record for `tty1' /var/log/wtmp:207: problem: missing login record for `ttyS0' Today total 3.70 |
| Sponsored Link |