Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: PID with a log/history perspective.
Top Forums UNIX for Dummies Questions & Answers PID with a log/history perspective. Post 302483765 by Perderabo on Tuesday 28th of December 2010 11:13:42 AM
Old 12-28-2010
Process accounting can do this. It's a chore to set up. It also puts quite a load on the system since records must be written to disk for every process. It also consumes a lot of disk space but these days disk space is cheap. The reports are voluminous. I did once back in the 80's and quickly shut it down. Not too many folks run with it on.

Here is a link to some instructions on some versions of unix:
Step 1: Set up UNIX accounting

And a link for Linux:
Enabling Process Accounting on Linux HOWTO
This User Gave Thanks to Perderabo For This Post:
dipanchandra
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

login history log file?

hi, i am the administrator of my sun solaris 8 server. i want to keep a log file for users who have login. example: in the end of the day, i want to open file that tells me during these days, what user, from which IP address, and from what time to time has login. please tell me how should... (4 Replies)
Discussion started by: champion
4 Replies

2. Programming

printing ppid,child pid,pid

question: for the below program i just printed the value for pid, child pid and parent pid why does it give me 6 values? i assume ppid is 28086 but can't figure out why there are 5 values printed instead of just two! can someone comment on that! #include<stdio.h> #define DIM 8 int... (3 Replies)
Discussion started by: a25khan
3 Replies

3. UNIX for Dummies Questions & Answers

Session PID & socket connection pid

1. If I use an software application(which connects to the database in the server) in my local pc, how many PID should be registered? Would there be PID for the session and another PID for socket connection? 2. I noticed (through netstat) that when I logged in using the my software application,... (1 Reply)
Discussion started by: pcx26
1 Replies

4. AIX

history log

is there's a way i can capture my senior administrator history on aix? he make his history (sh_history) to another owner (not his own) so that his history will not be captured. is there's a global history of some kind in aix that i could look into. thanks, vene (3 Replies)
Discussion started by: venerayan
3 Replies

5. UNIX for Dummies Questions & Answers

User History and commnad log

Dear All I had a UNIX ( Sun solaris ) os. There are many user on that server. Now i want to find during last week who had log in to the sever and which commnad are executed by them? I also want to from which IP they had log in to the server. Is there any log file generated for user in... (5 Replies)
Discussion started by: jaydeep_sadaria
5 Replies

6. UNIX for Dummies Questions & Answers

Need to get pid of a process and have to store the pid in a variable

Hi, I need to get the pid of a process and have to store the pid in a variable and i want to use this value(pid) of the variable for some process. Please can anyone tell me how to get the pid of a process and store it in a variable. please help me on this. Thanks in advance, Amudha (7 Replies)
Discussion started by: samudha
7 Replies

7. UNIX for Advanced & Expert Users

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (3 Replies)
Discussion started by: linuxadmin
3 Replies

8. UNIX for Dummies Questions & Answers

History to Another file [local user history , but root access]

Hi all, My need is : 1. To know who , when , which command used. 2. Local user should not delete this information. I mean , with an example , i can say i have a user user1 i need to give all the following permissions to user1, : a. A specific directory other than his home... (1 Reply)
Discussion started by: sriky86
1 Replies

LEARN ABOUT LINUX

acct

ACCT(5) 						     Linux Programmer's Manual							   ACCT(5)

NAME

       acct - process accounting file

SYNOPSIS

       #include <sys/acct.h>

DESCRIPTION

       If  the	kernel is built with the process accounting option enabled (CONFIG_BSD_PROCESS_ACCT), then calling acct(2) starts process account-
       ing, for example:

	   acct("/var/log/pacct");

       When process accounting is enabled, the kernel writes a record to the accounting file as each  process  on  the	system	terminates.   This
       record contains information about the terminated process, and is defined in <sys/acct.h> as follows:

	   #define ACCT_COMM 16

	   typedef u_int16_t comp_t;

	   struct acct {
	       char ac_flag;	       /* Accounting flags */
	       u_int16_t ac_uid;       /* Accounting user ID */
	       u_int16_t ac_gid;       /* Accounting group ID */
	       u_int16_t ac_tty;       /* Controlling terminal */
	       u_int32_t ac_btime;     /* Process creation time
					  (seconds since the Epoch) */
	       comp_t	 ac_utime;     /* User CPU time */
	       comp_t	 ac_stime;     /* System CPU time */
	       comp_t	 ac_etime;     /* Elapsed time */
	       comp_t	 ac_mem;       /* Average memory usage (kB) */
	       comp_t	 ac_io;        /* Characters transferred (unused) */
	       comp_t	 ac_rw;        /* Blocks read or written (unused) */
	       comp_t	 ac_minflt;    /* Minor page faults */
	       comp_t	 ac_majflt;    /* Major page faults */
	       comp_t	 ac_swaps;     /* Number of swaps (unused) */
	       u_int32_t ac_exitcode;  /* Process termination status
					  (see wait(2)) */
	       char	 ac_comm[ACCT_COMM+1];
				       /* Command name (basename of last
					  executed command; null-terminated) */
	       char	 ac_pad[X];    /* padding bytes */
	   };

	   enum {	   /* Bits that may be set in ac_flag field */
	       AFORK = 0x01,	       /* Has executed fork, but no exec */
	       ASU   = 0x02,	       /* Used superuser privileges */
	       ACORE = 0x08,	       /* Dumped core */
	       AXSIG = 0x10	       /* Killed by a signal */
	   };

       The comp_t data type is a floating-point value consisting of a 3-bit, base-8 exponent, and a 13-bit mantissa.  A value, c, of this type can
       be converted to a (long) integer as follows:

	   v = (c & 0x1fff) << (((c >> 13) & 0x7) * 3);

       The ac_utime, ac_stime, and ac_etime fields measure time in "clock ticks"; divide these values by sysconf(_SC_CLK_TCK) to convert  them	to
       seconds.

   Version 3 Accounting File Format
       Since  kernel 2.6.8, an optional alternative version of the accounting file can be produced if the CONFIG_BSD_PROCESS_ACCT_V3 option is set
       when building the kernel.  With this option is set, the records written to the accounting file contain additional fields, and the width	of
       c_uid  and  ac_gid  fields  is  widened	from  16 to 32 bits (in line with the increased size of UID and GIDs in Linux 2.4 and later).  The
       records are defined as follows:

	   struct acct_v3 {
	       char	 ac_flag;      /* Flags */
	       char	 ac_version;   /* Always set to ACCT_VERSION (3) */
	       u_int16_t ac_tty;       /* Controlling terminal */
	       u_int32_t ac_exitcode;  /* Process termination status */
	       u_int32_t ac_uid;       /* Real user ID */
	       u_int32_t ac_gid;       /* Real group ID */
	       u_int32_t ac_pid;       /* Process ID */
	       u_int32_t ac_ppid;      /* Parent process ID */
	       u_int32_t ac_btime;     /* Process creation time */
	       float	 ac_etime;     /* Elapsed time */
	       comp_t	 ac_utime;     /* User CPU time */
	       comp_t	 ac_stime;     /* System time */
	       comp_t	 ac_mem;       /* Average memory usage (kB) */
	       comp_t	 ac_io;        /* Characters transferred (unused) */
	       comp_t	 ac_rw;        /* Blocks read or written
					  (unused) */
	       comp_t	 ac_minflt;    /* Minor page faults */
	       comp_t	 ac_majflt;    /* Major page faults */
	       comp_t	 ac_swaps;     /* Number of swaps (unused) */
	       char	 ac_comm[ACCT_COMM]; /* Command name */
	   };

VERSIONS

       The acct_v3 structure is defined in glibc since version 2.6.

CONFORMING TO

       Process accounting originated on BSD.  Although it is present on most systems, it is  not  standardized,  and  the  details  vary  somewhat
       between systems.

NOTES

       Records in the accounting file are ordered by termination time of the process.

       In  kernels  up	to  and including 2.6.9, a separate accounting record is written for each thread created using the NPTL threading library;
       since Linux 2.6.10, a single accounting record is written for the entire process on termination of the last thread in the process.

       The proc/sys/kernel/acct file, described in proc(5), defines settings that control the behavior of process accounting when disk space  runs
       low.

SEE ALSO

       lastcomm(1), acct(2), accton(8), sa(8)

COLOPHON

       This  page is part of release 3.27 of the Linux man-pages project.  A description of the project, and information about reporting bugs, can
       be found at http://www.kernel.org/doc/man-pages/.

Linux								    2008-06-15								   ACCT(5)
All times are GMT -4. The time now is 10:10 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy