Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Finding a rogue process
Top Forums UNIX for Dummies Questions & Answers Finding a rogue process Post 302377558 by jim mcnamara on Friday 4th of December 2009 10:09:55 AM
Old 12-04-2009
Accounting would help a lot

start with the manpage
Code:
man -s 1M acct

for an overview - there is also a shell script: acctsh (1M) that kind of brings accounting features together for you.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

finding process id

is there a way to find the process id of a process because i have same process invoked several times. when i need to kill them, i get confused with the id. Thanks, sskb :( (8 Replies)
Discussion started by: sskb
8 Replies

2. UNIX for Dummies Questions & Answers

Finding out process id in a scipt

Hi, If in a shell script i write a command ls > bla & ls The output is redirected to bla and the next ls starts as first one is going on in background. I want to find the PID of the first command. Thanks in advance (2 Replies)
Discussion started by: vibhor_agarwali
2 Replies

3. Shell Programming and Scripting

finding Background Process Id

Hi Gurus, How can i find background process is completed or not. I have mentioned my scenario below. Actually Pr1 Process is running in back ground, i just want to know whether this process completed or not. I can come to know the process id by typing pid=$! but i want to trigger... (4 Replies)
Discussion started by: krk_555
4 Replies

4. Linux

Need help in finding process

Hello, Iam running a apache webserver in CentOS recenlty a hacker has attacked my server using RFI attack and did something in my server.. After that everyday at 8Pm my httpd is using about 5000 pid's actually in normal it takes only about 30 - 40 pid's. and also exim uses 2000 pid's totally my... (2 Replies)
Discussion started by: dheeraj4uuu
2 Replies

5. Shell Programming and Scripting

Finding the process id of the process using the ports

Hi Any idea how to get the process id of the process using the ports lsof -i :portnumber does not work in my machine. I am on sun Solaris SPARC. Any suggestion is highly appreciated (1 Reply)
Discussion started by: kinny
1 Replies

6. UNIX for Advanced & Expert Users

Finding process id of subsequent process

hi all, I am trying to find the process id of the subsequent process created via fork and exec calls in perl. For eg: envVarSetter dataCruncher.exe < input.txt > output.txt When I fork and exec the above command, it returns only the pid of envVarSetter and I don't know how to find the... (9 Replies)
Discussion started by: matrixmadhan
9 Replies

7. AIX

AIX 6.1 rogue process starts at boot up

We are having a bit of trouble finding where the following process is being started from at bootup. /opt/IBM/tdsV6.2db2/itma/aix526/ud/bin/kuddb2 db2tdsWe have looked in the typical areas /etc/inittab & /etc/rc.d but have had no luck finding it, any ideas? (10 Replies)
Discussion started by: j_aix
10 Replies

8. Shell Programming and Scripting

Finding process which ended another process

Hello, The scenario is as follows, I have a background process running initially for which i know the PID on machine1. I use ssh from machine 2 to execute a script in machine 1. For some reason the back ground process is terminated. I would like to know which process caused the... (6 Replies)
Discussion started by: prasbala
6 Replies

9. Shell Programming and Scripting

Finding a file process ?

Hi, I am trying to find a file that have a different name than it should be processing, the file name is ( Fifa15 ) is there a command to use? I got that file by ps -ef | grep fifa15 but how do I know what is running ? thanks a lot, I am learning unix so sorry if that is a... (2 Replies)
Discussion started by: latinooo
2 Replies

LEARN ABOUT OPENSOLARIS

acct

acct(1M)						  System Administration Commands						  acct(1M)

NAME

       acct, acctdisk, acctdusg, accton, acctwtmp, closewtmp, utmp2wtmp - overview of accounting and miscellaneous accounting commands

SYNOPSIS

       /usr/lib/acct/acctdisk

       /usr/lib/acct/acctdusg [-u filename] [-p filename]

       /usr/lib/acct/accton [filename]

       /usr/lib/acct/acctwtmp reason filename

       /usr/lib/acct/closewtmp

       /usr/lib/acct/utmp2wtmp

DESCRIPTION

       Accounting software is structured as a set of tools (consisting of both C programs and shell procedures) that can be used to build account-
       ing systems. acctsh(1M) describes the set of shell procedures built on top of the C programs.

       Connect time accounting is handled by various programs that write records into /var/adm/wtmpx,  as  described  in  utmpx(4).  The  programs
       described in acctcon(1M) convert this file into session and charging records, which are then summarized by acctmerg(1M).

       Process	accounting is performed by the system kernel. Upon termination of a process, one record per process is written to a file (normally
       /var/adm/pacct). The programs in acctprc(1M) summarize this data for charging purposes; acctcms(1M) is used  to	summarize  command  usage.
       Current process data may be examined using acctcom(1).

       Process	accounting  records and connect time accounting records (or any accounting records in the tacct format described in acct.h(3HEAD))
       can be merged and summarized into total accounting records by acctmerg (see tacct format in acct.h(3HEAD)).  prtacct  (see  acctsh(1M))	is
       used to format any or all accounting records.

       acctdisk  reads lines that contain user ID, login name, and number of disk blocks and converts them to total accounting records that can be
       merged with other accounting records. acctdisk returns an error if the input file is corrupt or improperly formatted.

       acctdusg reads its standard input (usually from find / -print) and computes disk resource consumption (including indirect blocks) by login.

       accton without arguments turns process accounting off. If filename is given, it must be the name of an existing file, to which  the  kernel
       appends process accounting records (see acct(2) and acct.h(3HEAD)).

       acctwtmp  writes a utmpx(4) record to filename. The record contains the current time and a string of characters that describe the reason. A
       record type of ACCOUNTING is assigned (see utmpx(4)) reason must be a string of 11 or fewer characters, numbers, $, or spaces. For example,
       the following are suggestions for use in reboot and shutdown procedures, respectively:

	 acctwtmp "acctg on" /var/adm/wtmpx
	 acctwtmp "acctg off" /var/adm/wtmpx

       For  each  user	currently logged on, closewtmp puts a false DEAD_PROCESS record in the /var/adm/wtmpx file. runacct (see runacct(1M)) uses
       this false DEAD_PROCESS record so that the connect accounting procedures can track the time used by users  logged  on  before  runacct  was
       invoked.

       For  each  user	currently  logged on, runacct uses utmp2wtmp to create an entry in the file /var/adm/wtmpx, created by runacct. Entries in
       /var/adm/wtmpx enable subsequent invocations of runacct to account for connect times of users currently logged in.

OPTIONS

       The following options are supported:

       -u filename    Places in filename records consisting of those filenames for which acctdusg charges no one (a potential source  for  finding
		      users trying to avoid disk charges).

       -p filename    Specifies a password file, filename. This option is not needed if the password file is /etc/passwd.

ENVIRONMENT VARIABLES

       If  any	of the LC_* variables (LC_TYPE, LC_MESSAGES, LC_TIME, LC_COLLATE, LC_NUMERIC, and LC_MONETARY) (see environ(5)) are not set in the
       environment, the operational behavior of acct for each corresponding locale category is determined by the value	of  the  LANG  environment
       variable.  If  LC_ALL  is set, its contents are used to override both the LANG and the other LC_* variables. If none of the above variables
       are set in the environment, the "C" (U.S. style) locale determines how acct behaves.

       LC_CTYPE    Determines how acct handles characters. When LC_CTYPE is set to a valid value, acct can display and handle text  and  filenames
		   containing valid characters for that locale. acct can display and handle Extended Unix Code (EUC) characters where any  charac-
		   ter can be 1, 2, or 3 bytes wide. acct can also handle EUC characters of 1, 2, or more column widths. In the "C"  locale,  only
		   characters from ISO 8859-1 are valid.

       LC_TIME	   Determines how acct handles date and time formats. In the "C" locale, date and time handling follows the U.S. rules.

FILES

       /etc/passwd	 Used for login name to user ID conversions.

       /usr/lib/acct	 Holds all accounting commands listed in sub-class 1M of this manual.

       /var/adm/pacct	 Current process accounting file.

       /var/adm/wtmpx	 History of user access and administration information..

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWaccu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       acctcom(1),  acctcms(1M),  acctcon(1M),	acctmerg(1M),  acctprc(1M), acctsh(1M), fwtmp(1M), runacct(1M), acct(2), acct.h(3HEAD), passwd(4),
       utmpx(4), attributes(5), environ(5)

SunOS 5.11							    22 Feb 1999 							  acct(1M)
All times are GMT -4. The time now is 05:07 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy