Psacct : Enable process accounting2021/03/08 |
Install psacct to enable process accounting.
Histories of commands are kept in users' own history file but they are possible to edit or delete by users themselves, but psacct keeps all users' history files owned by root. |
|
[1] | Install and enable psacct. |
[root@dlp ~]#
[root@dlp ~]# dnf -y install psacct systemctl enable --now psacct
|
[2] | Output histories of commands by lastcomm command like follows. |
[root@dlp ~]# lastcomm su S root ttyS0 0.01 secs Sun Mar 7 13:04 bash S cent ttyS0 0.02 secs Sun Mar 7 13:04 su S cent ttyS0 0.01 secs Sun Mar 7 13:05 ..... ..... systemd-tty-ask S root ttyS0 0.00 secs Sun Mar 7 13:04 systemd-cgroups root __ 0.00 secs Sun Mar 7 13:04 accton S root __ 0.00 secs Sun Mar 7 13:04 # specify a user [root@dlp ~]# lastcomm --user cent bash S cent ttyS0 0.02 secs Sun Mar 7 13:04 su S cent ttyS0 0.01 secs Sun Mar 7 13:05 systemctl cent ttyS0 0.00 secs Sun Mar 7 13:05 ..... ..... hostname cent ttyS0 0.00 secs Sun Mar 7 13:04 bash F cent ttyS0 0.00 secs Sun Mar 7 13:04 id cent ttyS0 0.00 secs Sun Mar 7 13:04 # specify a command [root@dlp ~]# lastcomm --command su su S root ttyS0 0.01 secs Sun Mar 7 13:04 su S cent ttyS0 0.01 secs Sun Mar 7 13:05 su S cent ttyS0 0.01 secs Sun Mar 7 13:05 |
[3] | To output login time from [/var/log/wtmp] log, it's possible to use [ac] command which is included psacct package. |
# by daily [root@dlp ~]# ac -d ..... ..... Feb 18 total 0.00 Feb 24 total 0.21 Mar 4 total 0.01 Today total 3.68 # by user [root@dlp ~]# ac -p cent 0.26 root 3.63 redhat 0.01 total 3.90 # by daily + user [root@dlp ~]# ac -d -p ..... ..... Feb 18 total 0.00 root 0.21 Feb 24 total 0.21 root 0.01 Mar 4 total 0.01 cent 0.26 root 3.41 redhat 0.01 Today total 3.69 # show errors [root@dlp ~]# ac -d --complain /var/log/wtmp:1: problem: time warp (Thu Jan 1 09:00:00 1970 -> Thu Feb 18 15:51:53 2021) /var/log/wtmp:8: problem: missing login record for `tty1' Feb 18 total 0.00 /var/log/wtmp:19: problem: missing login record for `tty1' /var/log/wtmp:28: problem: missing login record for `tty1' /var/log/wtmp:38: problem: missing login record for `tty1' Feb 24 total 0.21 /var/log/wtmp:48: problem: missing login record for `tty1' Mar 4 total 0.01 ..... ..... /var/log/wtmp:194: problem: missing login record for `tty1' /var/log/wtmp:207: problem: missing login record for `ttyS0' Today total 3.70 |
Sponsored Link |
|