Rocky_Linux_8
Sponsored Link

Psacct : Enable process accounting2021/08/26
 
Install psacct to enable process accounting.
Histories of commands are kept in users' own history file, however, they are possible to edit or delete by users themselves, but psacct keeps all users' history files owned by root.
[1] Install and enable psacct.
[root@dlp ~]#
dnf -y install psacct
[root@dlp ~]#
systemctl enable --now psacct
[2] Output histories of commands by lastcomm command like follows.
[root@dlp ~]#
lastcomm 

su               S     root     ttyS0      0.01 secs Sun Aug  8 13:04
bash             S     rocky    ttyS0      0.02 secs Sun Aug  8 13:04
su               S     rocky    ttyS0      0.01 secs Sun Aug  8 13:05
.....
.....
systemd-tty-ask  S     root     ttyS0      0.00 secs Sun Aug  8 13:04
systemd-cgroups        root     __         0.00 secs Sun Aug  8 13:04
accton           S     root     __         0.00 secs Sun Aug  8 13:04
# specify a user

[root@dlp ~]#
lastcomm --user rocky 

bash             S     rocky     ttyS0     0.02 secs Sun Aug  8 13:04
su               S     rocky     ttyS0     0.01 secs Sun Aug  8 13:05
systemctl              rocky     ttyS0     0.00 secs Sun Aug  8 13:05
.....
.....
hostname               rocky     ttyS0     0.00 secs Sun Aug  8 13:04
bash              F    rocky     ttyS0     0.00 secs Sun Aug  8 13:04
id                     rocky     ttyS0     0.00 secs Sun Aug  8 13:04
# specify a command

[root@dlp ~]#
lastcomm --command su 

su               S     root     ttyS0      0.01 secs Sun Aug  8 13:04
su               S     rocky    ttyS0      0.01 secs Sun Aug  8 13:05
su               S     rocky    ttyS0      0.01 secs Sun Aug  8 13:05
[3] To output login time from [/var/log/wtmp] log, it's possible to use [ac] command which is included psacct package.
# by daily

[root@dlp ~]#
ac -d 

.....
.....
Jul 18  total        0.00
Jul 24  total        0.21
Aug  4  total        0.01
Today   total        3.68
# by user

[root@dlp ~]#
ac -p 

        rocky                                0.26
        root                                 3.63
        redhat                               0.01
        total        3.90
# by daily + user

[root@dlp ~]#
ac -d -p 

.....
.....
Jul 18  total        0.00
        root                                 0.21
Jul 24  total        0.21
        root                                 0.01
Aug  4  total        0.01
        rocky                                0.26
        root                                 3.41
        redhat                               0.01
Today   total        3.69
# show errors

[root@dlp ~]#
ac -d --complain 

/var/log/wtmp:1: problem: time warp (Thu Jan  1 09:00:00 1970 -> Thu Jul 18 15:51:53 2021)
/var/log/wtmp:8: problem: missing login record for `tty1'
Jul 18  total        0.00
/var/log/wtmp:19: problem: missing login record for `tty1'
/var/log/wtmp:28: problem: missing login record for `tty1'
/var/log/wtmp:38: problem: missing login record for `tty1'
Jul 24  total        0.21
/var/log/wtmp:48: problem: missing login record for `tty1'
Aug  4  total        0.01
.....
.....
/var/log/wtmp:194: problem: missing login record for `tty1'
/var/log/wtmp:207: problem: missing login record for `ttyS0'
Today   total        3.70
Matched Content