CentOS 8
Sponsored Link

Psacct : Monitor Activity2019/12/17

 
Install psacct to monitor User Activity.
Histories of commands are kept in users' own history file but they are possible to edit or delete by users themselves, but psacct keeps all users' history files owned by root.
[1] Install psacct.
[root@dlp ~]#
dnf -y install psacct
[root@dlp ~]#
systemctl enable --now psacct
[2] Output histories of commands by lastcomm command like follows.
[root@dlp ~]#
lastcomm

lastcomm               root     ttyS0      0.04 secs Tue Dec 15 16:17
man                    root     ttyS0      0.00 secs Tue Dec 15 16:16
less                   root     ttyS0      0.03 secs Tue Dec 15 16:16
.....
.....
systemd-tty-ask  S     root     ttyS0      0.00 secs Tue Dec 15 15:54
systemd-cgroups  S     root     __         0.00 secs Tue Dec 15 15:54
accton           S     root     __         0.00 secs Tue Dec 15 15:54

# specify a user

[root@dlp ~]#
lastcomm --user cent

(sd-pam)         SF  X cent     __         0.00 secs Tue Dec 15 16:08
systemd          S     cent     __         0.06 secs Tue Dec 15 16:08
systemctl              cent     __         0.00 secs Tue Dec 15 16:08
.....
.....
hostname               cent     ttyS0      0.00 secs Tue Dec 15 15:54
bash              F    cent     ttyS0      0.00 secs Tue Dec 15 15:54
id                     cent     ttyS0      0.00 secs Tue Dec 15 15:54

# specify a command

[root@dlp ~]#
lastcomm --command su

su               S     cent     ttyS0      0.00 secs Tue Dec 15 15:55
su               S     cent     ttyS0      0.00 secs Tue Dec 15 15:54
[3] To output login time from [/var/log/wtmp] log, it's possible to use [ac] command which is included psacct package.
# by daily

[root@dlp ~]#
ac -d

.....
.....
Nov 12  total        0.00
Nov 29  total        0.05
Today   total        6.73

# by user

[root@dlp ~]#
ac -p

        cent                                 0.00
        root                                 6.82
        total        6.82
# by daily + user

[root@dlp ~]#
ac -d -p

.....
.....
Oct 23  total        0.00
        root                                 0.00
Nov 12  total        0.00
        root                                 0.05
Nov 29  total        0.05
        cent                                 0.00
        root                                 6.73
Today   total        6.73

# show errors

[root@dlp ~]#
ac -d --complain

/var/log/wtmp:1: problem: time warp (Thu Jan  1 09:00:00 1970 -> Sat Oct 12 22:40:13 2019)
/var/log/wtmp:7: problem: missing login record for `tty1'
Nov 12  total        0.00
/var/log/wtmp:65: problem: missing login record for `tty1'
/var/log/wtmp:75: problem: missing login record for `tty1'
Nov 29  total        0.05
/var/log/wtmp:85: problem: missing login record for `tty1'
Today   total        6.77
Matched Content