Implementing System Process Accounting
psacct package provides the process accounting service in addition to
the following utilities that you can use to monitor process activities:
- ac
-
Displays connection times in hours for a user as recorded in the
wtmpfile (by default,/var/log/wtmp). - accton
-
Turns on process accounting to the specified file. If you don't specify a file name argument, process accounting is stopped. The default system accounting file is
/var/account/pacct. - lastcomm
-
Displays information about any commands recorded in the system accounting file.
- sa
-
Summarizes information about any commands recorded in the system accounting file.
Note:
Ensure that the file system has enough space to store the system accounting and
wtmp files to monitor process activity. Monitoring the size of the log
files and truncating them if needed is considered good security practice.
For more information, see the ac(1),
accton(8), lastcomm(1), and
sa(8) manual pages.