SYS_ACCT(9) Accounting Framework SYS_ACCT(9)NAME
sys_acct - enable/disable process accounting
SYNOPSIS
long sys_acct(const char __user * name);
ARGUMENTS
name
file name for accounting records or NULL to shutdown accounting
DESCRIPTION
Returns 0 for success or negative errno values for failure.
sys_acct is the only system call needed to implement process accounting. It takes the name of the file where accounting records should be
written. If the filename is NULL, accounting will be shutdown.
COPYRIGHT Kernel Hackers Manual 2.6. July 2010 SYS_ACCT(9)
Check Out this Related Man Page
acct(2) System Calls Manual acct(2)NAME
acct() - enable or disable process accounting
SYNOPSIS DESCRIPTION
The system call enables or disables the system's process accounting routine. If the routine is enabled, an accounting record is written on
an accounting file for each process that terminates. Termination can be caused by one of two things: an call or a signal (see exit(2) and
signal(5)). The calling process must have the privilege to use this call.
path points to a path name naming the accounting file. The accounting file format is described in acct(4).
The accounting routine is enabled if path is nonzero and no errors occur during the system call. It is disabled if path is zero and no
errors occur during the system call.
When the amount of free space on the file system containing the accounting file falls below a configurable threshold, the system prints a
message on the console and disables process accounting. Another message is printed and the process accounting is re-enabled when the space
reaches a second configurable threshold.
If the size of the process accounting file reaches a configurable limit, records for processes terminating after that point will be
silently lost. However, in that case the command would still sense that process accounting is still enabled. This loss of records can be
prevented with the command. and are described in acctsh(1M)).
Security Restrictions
Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about
privileged access on systems that support fine-grained privileges.
RETURN VALUE
returns the following values:
Successful completion.
Failure.
is set to indicate the error.
ERRORS
If fails, is set to one of the following values.
The file named by
path is not an ordinary file.
An attempt is being made to enable accounting when it is already enabled.
path points to an illegal address. The reliable detection of this error is implementation dependent.
Too many symbolic links were encountered in translating the path name.
The accounting file path name exceeds
bytes, or the length of a component of the path name exceeds bytes while is in effect.
One or more components of the accounting file path name do not exist.
A component of the path prefix is not a directory.
The calling process does not possess the
privilege.
The named file resides on a read-only file system.
path points to a text file which is currently open.
SEE ALSO acct(1M), acctsh(1M), exit(2), acct(4), privileges(5), signal(5).
STANDARDS CONFORMANCE acct(2)