HOW TO ENABLE PROCESS ACCOUNTING ON LINUX _Last updated: Fri Aug 8 09:25:58 HKT 1997_ Preamble: This document is copylefted by Albert M.C. Tam (bertie@scn.org). Permission to use, copy, distribute this document for non-commerical purposes is hereby granted, provided that the author's / editor's name and this notice appear in all copies and/or supporting documents; that this document is not modified. This document is distributed in hope that it will be useful, but WITHOUT ANY WARRANTY, either expressed or implied. While every effort has been taken to ensure the accuracy of the information documented herein, the author / editor / maintainer assumes NO RESPONSIBILITY for errors, or for damages results for the use of the information documented herein. This document describes how to enable system process accounting on a Linux host, and the usage of various process accounting commands. It is intended for users running kernel version greater than or equal to 1.3.73 (recently tested on RedHat 4.1 kernel 2.0.27). Kernels older than 1.3.73 may need a patch in order to use the process accounting feature. Feel free to send any feedback or comments to bertie@scn.org if you find an error, or if any information is missing. I appreciate it. _________________________________________________________________ What is Process Accounting? Process accounting is the method of recording and summarizing commands executed on Linux. The modern Linux kernel is capable of keeping process accounting records for the commands being run, the user who executed the command, the CPU time, and much more. Process accounting enables you to keep detailed accounting information for the system resources used, their allocation among users, and system monitoring. Current Status of Process Accounting under Linux Process accounting support has been integrated into the newer kernels (version >= 1.3.73). If you are running an older kernel, you may need some patch files. The patches are available from ftp://iguana.hut.fi/pub/linux/Kernel/process_accounting Requirements for Process Accounting on Linux _Kernel_ Linux Kernel version greater than or equal to version 1.3.73, I recommended 2.x. The kernel source is available from http://sunsite.unc.edu/pub/Linux/kernel/v2.0 _Process accounting software_ Depending on the Linux distribution you have, you may, or may not have the process accounting software package installed on your system. If you don't have it, try downloading the package from http://sunsite.unc.edu/pub/Linux/system/admin/quota-acct-modified.tgz _________________________________________________________________ Process Accounting Setup on Linux _1. Compile and install process accounting softwares_ The process accounting software package is available from http://sunsite.unc.edu/pub/Linux/system/admin/quota-acct-modified.tgz _2. Modify your system init script and turn on process accounting at boot time _ Here's an example: # Turn process accounting on. if [ -x /sbin/accton ] then /sbin/accton /var/log/pacct echo "Process accounting turned on." fi _3. Create accounting record file "pacct"_ Your process accounting softwares will print out all commands executed to the file /var/log/pacct by default. To create the accounting record file: touch /var/log/pacct This record file should be owned by root, has read-write permission for root, and read permission for anybody else: chown root /var/log/pacct chmod 0644 /var/log/pacct _4. Reboot_ Now reboot your system for changes you made to take effect. _________________________________________________________________ Miscellaneous Process Accounting Commands _ac_ ac prints out statistics about users' connection time in hours, based on the logins and logouts in the current /var/log/wtmp file. ac is also capable of printing out time totals for each day (-d option), and for each user (-p option). _accton_ accton is used to turn on or turn off process accounting. The file is normally executed at system bootup or shutdown via system init scripts. _last_ last goes through the /var/log/wtmp file and prints out information about connection times of users. _sa_ sa summarizes accounting information from previously executed commands, software I/O operation times, CPU times, as recorded in the accounting record file /var/account/pacct. _lastcomm_ lastcomm prints out the information about all previously executed commands, recorded in /var/account/pacct.