CentOS Stream 8
Sponsored Link

Psacct : Enable process accounting
2021/03/08
 
Install psacct to enable process accounting.
Histories of commands are kept in users' own history file but they are possible to edit or delete by users themselves, but psacct keeps all users' history files owned by root.
[1] Install and enable psacct.
[root@dlp ~]#
dnf -y install psacct
[root@dlp ~]#
systemctl enable --now psacct
[2] Output histories of commands by lastcomm command like follows.
[root@dlp ~]#
lastcomm

su               S     root     ttyS0      0.01 secs Sun Mar  7 13:04
bash             S     cent     ttyS0      0.02 secs Sun Mar  7 13:04
su               S     cent     ttyS0      0.01 secs Sun Mar  7 13:05
.....
.....
systemd-tty-ask  S     root     ttyS0      0.00 secs Sun Mar  7 13:04
systemd-cgroups        root     __         0.00 secs Sun Mar  7 13:04
accton           S     root     __         0.00 secs Sun Mar  7 13:04

# specify a user

[root@dlp ~]#
lastcomm --user cent

bash             S     cent     ttyS0      0.02 secs Sun Mar  7 13:04
su               S     cent     ttyS0      0.01 secs Sun Mar  7 13:05
systemctl              cent     ttyS0      0.00 secs Sun Mar  7 13:05
.....
.....
hostname               cent     ttyS0      0.00 secs Sun Mar  7 13:04
bash              F    cent     ttyS0      0.00 secs Sun Mar  7 13:04
id                     cent     ttyS0      0.00 secs Sun Mar  7 13:04

# specify a command

[root@dlp ~]#
lastcomm --command su

su               S     root     ttyS0      0.01 secs Sun Mar  7 13:04
su               S     cent     ttyS0      0.01 secs Sun Mar  7 13:05
su               S     cent     ttyS0      0.01 secs Sun Mar  7 13:05
[3] To output login time from [/var/log/wtmp] log, it's possible to use [ac] command which is included psacct package.
# by daily

[root@dlp ~]#
ac -d

.....
.....
Feb 18  total        0.00
Feb 24  total        0.21
Mar  4  total        0.01
Today   total        3.68

# by user

[root@dlp ~]#
ac -p

        cent                                 0.26
        root                                 3.63
        redhat                               0.01
        total        3.90

# by daily + user

[root@dlp ~]#
ac -d -p

.....
.....
Feb 18  total        0.00
        root                                 0.21
Feb 24  total        0.21
        root                                 0.01
Mar  4  total        0.01
        cent                                 0.26
        root                                 3.41
        redhat                               0.01
Today   total        3.69

# show errors

[root@dlp ~]#
ac -d --complain

/var/log/wtmp:1: problem: time warp (Thu Jan  1 09:00:00 1970 -> Thu Feb 18 15:51:53 2021)
/var/log/wtmp:8: problem: missing login record for `tty1'
Feb 18  total        0.00
/var/log/wtmp:19: problem: missing login record for `tty1'
/var/log/wtmp:28: problem: missing login record for `tty1'
/var/log/wtmp:38: problem: missing login record for `tty1'
Feb 24  total        0.21
/var/log/wtmp:48: problem: missing login record for `tty1'
Mar  4  total        0.01
.....
.....
/var/log/wtmp:194: problem: missing login record for `tty1'
/var/log/wtmp:207: problem: missing login record for `ttyS0'
Today   total        3.70
Matched Content