Rocky Linux 10
Sponsored Link

Psacct : Enable process accounting2025/07/21
 

Install psacct to enable process accounting.
Histories of commands are kept in users' own history file but they are possible to edit or delete by users themselves, but psacct keeps all users' history files owned by root.

[1] Install and enable psacct.
[root@dlp ~]#
dnf -y install psacct
[root@dlp ~]#
systemctl enable --now psacct
[2] Output histories of commands by lastcomm command like follows.
[root@dlp ~]#
lastcomm 

basename               root     stderr     0.00 secs Sun Jul 20 10:25
readlink               root     stderr     0.00 secs Sun Jul 20 10:25
sed                    root     stderr     0.00 secs Sun Jul 20 10:25
bash              F    root     stderr     0.00 secs Sun Jul 20 10:25
locale                 root     stderr     0.00 secs Sun Jul 20 10:25
tty                    root     stderr     0.00 secs Sun Jul 20 10:25
bash              F    root     stderr     0.00 secs Sun Jul 20 10:25
tr                     root     stderr     0.00 secs Sun Jul 20 10:25
cat                    root     stderr     0.00 secs Sun Jul 20 10:25
bash              F    root     stderr     0.00 secs Sun Jul 20 10:25
tr                     root     stderr     0.00 secs Sun Jul 20 10:25
.....
.....
# specify a user

[root@dlp ~]#
lastcomm --user rocky 

(sd-pam)         SF  X rocky    __         0.00 secs Sun Jul 20 10:23
systemd          S     rocky    __         0.06 secs Sun Jul 20 10:23
bash             S     rocky    stderr     0.01 secs Sun Jul 20 10:23
yes                  X rocky    stderr     0.65 secs Sun Jul 20 10:25
grub2-set-bootf  S     rocky    __         0.00 secs Sun Jul 20 10:25
man                    rocky    stderr     0.00 secs Sun Jul 20 10:24
less                   rocky    stderr     0.02 secs Sun Jul 20 10:24
man               F    rocky    stderr     0.00 secs Sun Jul 20 10:24
nroff                  rocky    stderr     0.00 secs Sun Jul 20 10:24
groff                  rocky    stderr     0.00 secs Sun Jul 20 10:24
.....
.....
# specify a command

[root@dlp ~]#
lastcomm --command su 

su               S     root     stderr     0.00 secs Sun Jul 20 10:26
su               S     rocky    stderr     0.00 secs Sun Jul 20 10:26
[3] To output login time from [/var/log/wtmp] log, it's possible to use [ac] command which is included psacct package.
# by daily

[root@dlp ~]#
ac -d 

Dec 14  total        0.01
Dec 19  total        0.01
Dec 20  total        0.04
Today   total        0.89
# by user

[root@dlp ~]#
ac -p 

        rocky                                0.04
        root                                 0.89
        redhat                               0.03
        total        0.95
# by daily + user

[root@dlp ~]#
ac -d -p 

        root                                 0.01
Dec 14  total        0.01
        root                                 0.01
Dec 19  total        0.01
        root                                 0.04
Dec 20  total        0.04
        rocky                                0.04
        root                                 0.84
        redhat                               0.03
Today   total        0.90
# show errors

[root@dlp ~]#
ac -d --complain 

/var/log/wtmp:1: problem: time warp (Thu Jan  1 09:00:00 1970 -> Sat Dec 14 18:39:49 2024)
/var/log/wtmp:8: problem: missing login record for `tty1'
Dec 14  total        0.01
/var/log/wtmp:18: problem: missing login record for `tty1'
Dec 19  total        0.01
/var/log/wtmp:28: problem: missing login record for `tty1'
Dec 20  total        0.04
/var/log/wtmp:41: problem: missing login record for `ttyS0'
/var/log/wtmp:45: problem: missing login record for `tty1'
Today   total        0.91
Matched Content