HOW TO ENABLE PROCESS ACCOUNTING ON LINUX



   _Last updated: Fri Aug 8 09:25:58 HKT 1997_


        Preamble: This document is copylefted by Albert M.C. Tam
        (bertie@scn.org). Permission to use, copy, distribute this document for
        non-commerical purposes is hereby granted, provided that the author's /
        editor's name and this notice appear in all copies and/or supporting
        documents; that this document is not modified. This document is
        distributed in hope that it will be useful, but WITHOUT ANY WARRANTY,
        either expressed or implied. While every effort has been taken to
        ensure the accuracy of the information documented herein, the author /
        editor / maintainer assumes NO RESPONSIBILITY for errors, or for
        damages results for the use of the information documented herein.



   This document describes how to enable system process accounting on a
   Linux host, and the usage of various process accounting commands. It
   is intended for users running kernel version greater than or equal to
   1.3.73 (recently tested on RedHat 4.1 kernel 2.0.27). Kernels older
   than 1.3.73 may need a patch in order to use the process accounting
   feature.

   Feel free to send any feedback or comments to bertie@scn.org if you
   find an error, or if any information is missing. I appreciate it.


     _________________________________________________________________



What is Process Accounting?



   Process accounting is the method of recording and summarizing commands
   executed on Linux. The modern Linux kernel is capable of keeping
   process accounting records for the commands being run, the user who
   executed the command, the CPU time, and much more.

   Process accounting enables you to keep detailed accounting information
   for the system resources used, their allocation among users, and
   system monitoring.

Current Status of Process Accounting under Linux



   Process accounting support has been integrated into the newer kernels
   (version >= 1.3.73). If you are running an older kernel, you may need
   some patch files. The patches are available from

   ftp://iguana.hut.fi/pub/linux/Kernel/process_accounting



Requirements for Process Accounting on Linux



   _Kernel_

   Linux Kernel version greater than or equal to version 1.3.73, I
   recommended 2.x. The kernel source is available from

   http://sunsite.unc.edu/pub/Linux/kernel/v2.0



   _Process accounting software_

   Depending on the Linux distribution you have, you may, or may not have
   the process accounting software package installed on your system. If
   you don't have it, try downloading the package from

   http://sunsite.unc.edu/pub/Linux/system/admin/quota-acct-modified.tgz



     _________________________________________________________________



Process Accounting Setup on Linux



   _1. Compile and install process accounting softwares_

   The process accounting software package is available from

   http://sunsite.unc.edu/pub/Linux/system/admin/quota-acct-modified.tgz



   _2. Modify your system init script and turn on process accounting at
   boot time _

   Here's an example:


        # Turn process accounting on.
        if [ -x /sbin/accton ]
        then
                /sbin/accton /var/log/pacct
                echo "Process accounting turned on."
        fi



   _3. Create accounting record file "pacct"_

   Your process accounting softwares will print out all commands executed
   to the file /var/log/pacct by default.

   To create the accounting record file:


        touch /var/log/pacct



   This record file should be owned by root, has read-write permission
   for root, and read permission for anybody else:

        chown root /var/log/pacct
        chmod 0644 /var/log/pacct



   _4. Reboot_

   Now reboot your system for changes you made to take effect.


     _________________________________________________________________



Miscellaneous Process Accounting Commands



   _ac_

   ac prints out statistics about users' connection time in hours, based
   on the logins and logouts in the current /var/log/wtmp file. ac is
   also capable of printing out time totals for each day (-d option), and
   for each user (-p option).

   _accton_

   accton is used to turn on or turn off process accounting. The file is
   normally executed at system bootup or shutdown via system init
   scripts.

   _last_

   last goes through the /var/log/wtmp file and prints out information
   about connection times of users.

   _sa_

   sa summarizes accounting information from previously executed
   commands, software I/O operation times, CPU times, as recorded in the
   accounting record file /var/account/pacct.

   _lastcomm_

   lastcomm prints out the information about all previously executed
   commands, recorded in /var/account/pacct.