Psacct : Enable process accounting2021/08/26 |
Install psacct to enable process accounting.
Histories of commands are kept in users' own history file, however, they are possible to edit or delete by users themselves, but psacct keeps all users' history files owned by root. |
|
[1] | Install and enable psacct. |
[root@dlp ~]#
[root@dlp ~]# dnf -y install psacct systemctl enable --now psacct
|
[2] | Output histories of commands by lastcomm command like follows. |
[root@dlp ~]# lastcomm su S root ttyS0 0.01 secs Sun Aug 8 13:04 bash S rocky ttyS0 0.02 secs Sun Aug 8 13:04 su S rocky ttyS0 0.01 secs Sun Aug 8 13:05 ..... ..... systemd-tty-ask S root ttyS0 0.00 secs Sun Aug 8 13:04 systemd-cgroups root __ 0.00 secs Sun Aug 8 13:04 accton S root __ 0.00 secs Sun Aug 8 13:04 # specify a user [root@dlp ~]# lastcomm --user rocky bash S rocky ttyS0 0.02 secs Sun Aug 8 13:04 su S rocky ttyS0 0.01 secs Sun Aug 8 13:05 systemctl rocky ttyS0 0.00 secs Sun Aug 8 13:05 ..... ..... hostname rocky ttyS0 0.00 secs Sun Aug 8 13:04 bash F rocky ttyS0 0.00 secs Sun Aug 8 13:04 id rocky ttyS0 0.00 secs Sun Aug 8 13:04 # specify a command [root@dlp ~]# lastcomm --command su su S root ttyS0 0.01 secs Sun Aug 8 13:04 su S rocky ttyS0 0.01 secs Sun Aug 8 13:05 su S rocky ttyS0 0.01 secs Sun Aug 8 13:05 |
[3] | To output login time from [/var/log/wtmp] log, it's possible to use [ac] command which is included psacct package. |
# by daily [root@dlp ~]# ac -d ..... ..... Jul 18 total 0.00 Jul 24 total 0.21 Aug 4 total 0.01 Today total 3.68 # by user [root@dlp ~]# ac -p rocky 0.26 root 3.63 redhat 0.01 total 3.90 # by daily + user [root@dlp ~]# ac -d -p ..... ..... Jul 18 total 0.00 root 0.21 Jul 24 total 0.21 root 0.01 Aug 4 total 0.01 rocky 0.26 root 3.41 redhat 0.01 Today total 3.69 # show errors [root@dlp ~]# ac -d --complain /var/log/wtmp:1: problem: time warp (Thu Jan 1 09:00:00 1970 -> Thu Jul 18 15:51:53 2021) /var/log/wtmp:8: problem: missing login record for `tty1' Jul 18 total 0.00 /var/log/wtmp:19: problem: missing login record for `tty1' /var/log/wtmp:28: problem: missing login record for `tty1' /var/log/wtmp:38: problem: missing login record for `tty1' Jul 24 total 0.21 /var/log/wtmp:48: problem: missing login record for `tty1' Aug 4 total 0.01 ..... ..... /var/log/wtmp:194: problem: missing login record for `tty1' /var/log/wtmp:207: problem: missing login record for `ttyS0' Today total 3.70 |
Sponsored Link |
|