02-28-2006
You would need to have process accounting enabled to do this.
Have a look at the documentation for acct.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi,
I need a clarification.
Is there any difference between AIX box and Sun Solaris box?
The bzip command with -c option works in AIX box and the same does not work in Sun Solaris box.
Can anyone please explain if there is an implementation difference in both these boxes for the shell... (1 Reply)
Discussion started by: nisha4680
1 Replies
2. AIX
hi all,
the audit /etc/security/audit/config file is only referring one user at a time. how do you specify all users to be monitored?
I've tried ALL = general but got error when invoke "audit start".
thanks (1 Reply)
Discussion started by: itik
1 Replies
3. Solaris
How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not.
Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies
4. AIX
Is there a tool or application the will audit users activity? I've tryed to use audit the comes with AIX but to gathers so much information it is near impossible to see what they are doing. I just want to monitor logins and and files they create or change. (9 Replies)
Discussion started by: daveisme
9 Replies
5. Solaris
can you please share what you use to audit what files are deleted, when files are deleted and who deleted them?
thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
6. Solaris
Hi Friends
I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there.
Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies
7. UNIX for Advanced & Expert Users
Hi,
I would like to know if there is anyway that I can pinpoint the user before/after he connects to the root? Also, I'm trying to find out what are the commands he inputs under root access. (6 Replies)
Discussion started by: pointgetter0
6 Replies
8. Shell Programming and Scripting
Hi,
I have Sun solaris x64 box in which i need to set a Environment variable for all the users in the box. This Environment varible is used by the application on the box.
Could any one please help me in setting the Environment variable.
Thanks,
Firestar (6 Replies)
Discussion started by: firestar
6 Replies
9. Shell Programming and Scripting
I remote to many DMZ boxes every day to run batch file that allows me to create users. I create users in 17 DMZ boxes every day which takes a lot of my time.
Is there any script that would do this job from my local computer?
Thank you for your help! (3 Replies)
Discussion started by: idiazza
3 Replies
10. Solaris
Dear All,
I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers.
After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies
ACCT(2) BSD System Calls Manual ACCT(2)
NAME
acct -- enable or disable process accounting
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
int
acct(const char *file);
DESCRIPTION
The acct() system call enables or disables the collection of system accounting records. If the argument file is a null pointer, accounting
is disabled. If file is an existing pathname (null-terminated), record collection is enabled and for every process initiated which termi-
nates under normal conditions an accounting record is appended to file. Abnormal conditions of termination are reboots or other fatal system
problems. Records for processes which never terminate cannot be produced by acct().
For more information on the record structure used by acct(), see <sys/acct.h> and acct(5).
This call is permitted only to the super-user.
NOTES
Accounting is automatically disabled when the file system the accounting file resides on runs out of space; it is enabled when space once
again becomes available. The values controlling this behaviour can be modified using the following sysctl(8) variables:
kern.acct_chkfreq Specifies the frequency (in seconds) with which free disk space should be checked.
kern.acct_resume The percentage of free disk space above which process accounting will resume.
kern.acct_suspend The percentage of free disk space below which process accounting will suspend.
RETURN VALUES
On error -1 is returned. The file must exist and the call may be exercised only by the super-user.
ERRORS
The acct() system call will fail if one of the following is true:
[EPERM] The caller is not the super-user.
[ENOTDIR] A component of the path prefix is not a directory.
[ENAMETOOLONG] A component of a pathname exceeded 255 characters, or an entire path name exceeded 1023 characters.
[ENOENT] The named file does not exist.
[EACCES] Search permission is denied for a component of the path prefix, or the path name is not a regular file.
[ELOOP] Too many symbolic links were encountered in translating the pathname.
[EROFS] The named file resides on a read-only file system.
[EFAULT] The file argument points outside the process's allocated address space.
[EIO] An I/O error occurred while reading from or writing to the file system.
SEE ALSO
acct(5), accton(8), sa(8)
HISTORY
The acct() function appeared in Version 7 AT&T UNIX.
BSD
April 17, 2004 BSD