How To Enable Process Accounting on Linux Last updated: Mon Jul 29 23:04:02 PDT 1996 Preamble: This document is copylefted by Albert M.C. Tam (bertie@scn.org). Permission to use, copy, distribute this document for non-commerical purposes is hereby granted, provided that the author's / editor's name and this notice appear in all copies and/or supporting documents; that this document is not modified. This document is distributed in hope that it will be useful, but WITHOUT ANY WARRANTY, either expressed or implied. While every effort has been taken to ensure the accuracy of the information documented herein, the author / editor / maintainer assumes NO RESPONSIBILITY for errors, or for damages results for the use of the information documented herein. This document describes how to enable system process accounting on a Linux host, and the usage of various process accounting commands. It is intended for users running kernel version greater than or equal to 1.3.73 (tested on kernel 2.0.7). Kernels older than 1.3.73 will need a patch in order to use the process accounting feature. Feel free to send any feedback or comments to bertie@scn.org if you find an error, or if any information is missing. I appreciate it! ---------------------------------------------------------------------------- What is Process Accounting? Process accounting is the method of recording and summarizing commands executed on Linux. The modern Linux kernel is capable of keeping process accounting records for the commands being run, the user who executed the command, the CPU time, and much more. Process accounting enables you to keep detailed accounting information for the system resources used, their allocation among users, and system monitoring. Current Status of Process Accounting under Linux Process accounting support has been integrated into the new kernels (version >= 1.3.73). If you are running an older kernel, you'll need to get some patch files. The patches are available from ftp://iguana.hut.fi/pub/linux/Kernel/process_accounting Requirements for Process Accounting on Linux Kernel Linux Kernel version greater than or equal to version 1.3.73, I recommended 2.x. The kernel source is available from ftp://tsx-11.mit.edu/pub/linux/sources/system/ Process accounting software Depending on the Linux distribution you have, you may, or may not have the accounting softwares installed on your system. The quota software source is available from ftp://alpha.gnu.ai.mit.edu/gnu/acct-6.2.tar.gz ---------------------------------------------------------------------------- Process Accounting Setup on Linux 1. Compile and install process accounting softwares You may, or may not have the process accounting softwares, depending on the Linux distribution you have. The process accounting software source is available from ftp://alpha.gnu.ai.mit.edu/gnu/acct-6.2.tar.gz 2. Modify your system init script to turn on process accounting at boot time Here's an example: # Turn process accounting on. if [ -x /sbin/accton ] then /sbin/accton /var/account/pacct echo "Process accounting turned on." fi 3. Create accounting record file "pacct" Your process accounting softwares will print out all commands executed to the file /var/account/pacct by default. To create the accounting directory: mkdir /var/account To create the accounting record file: touch /var/account/pacct This record file should be owned by root, has read-write permission for root, and read permission for anybody else: chown root /var/account/pacct chmod 0644 /var/account/pacct 4. Reboot Now reboot your system for changes you made to take effect. ---------------------------------------------------------------------------- Miscellaneous Process Accounting Commands ac ac prints out statistics about users' connect time in hours, based on the logins and logouts in the current /var/log/wtmp file. ac is also capable of printing out time totals for each day (-d option), and for each user (-p option). accton accton is used to turn on or turn off process accounting. The file is normally executed at system bootup or shutdown via system init scripts. last last goes through the /var/log/wtmp file and prints out information about connection times of users. sa sa summarizes accounting information from previously executed commands, software I/O operation times, CPU times, as recorded in the accounting record file /var/account/pacct. lastcomm lastcomm prints out the information about all previously executed commands, recorded in /var/account/pacct.