It is very important to know what are the activities for applications and users in linux operating system. This will very useful in later time or in case of problems. For this purpose, i would recommend psacct or acct tools to be install. psacct or acct is a free monitoring program to monitor users and applications activity on linux server. This program will display how long user accessing the server, what command are they issuing, how many processes and display logs for commands. psacct and acct are similar tool, psacct is for RPM based linux but acct is for Debian based.
1. If you are runninng Linux CentOS or Redhat, you should use the following command to install pssacct :
[root@oss ~]# yum install psacct -y
But if you are running debian such as Ubuntu, you should install acct package instead of psacct :
[root@oss ~]# sudo apt-get install acct
2. By default psacct is disabled on Linux. We should manually start it :
[root@oss ~]# /etc/init.d/psacct status Process accounting is disabled.
[root@oss ~]# /etc/init.d/psacct start Starting process accounting: [ OK ]
Start acct on Debian :
[root@oss ~]# sudo service acct start
3. The psacct or acct package provides several features for monitoring process activities.
Other usage from that come in psacct or acct package :
ac command prints the statistics of user logins/logouts (connect time) in hours.
lastcomm command prints the information of previously executed commands of user.
accton commands is used to turn on/off process for accounting.
sa command summarizes information of previously executed commands.
last and lastb commands show listing of last logged in users.
4. Total Connect Time :
[root@oss ~]# ac total 103.61
5. Display the statistics for total login time :
[root@oss ~]# ac -d Dec 7 total 4.15 Dec 8 total 0.01 Jul 18 total 0.01 Aug 5 total 13.19 Aug 7 total 39.29 Aug 10 total 3.33 Aug 11 total 6.41 Aug 12 total 1.84 Aug 13 total 0.22 Aug 16 total 3.30 Aug 17 total 16.56 Aug 18 total 1.99 Aug 19 total 2.77 Today total 10.55
6. Total login statistics of each user :
[root@oss ~]# ac -p ehowstuff 0.76 root 103.00 total 103.76
7. Print the summary of commands that were executed by users :
[root@oss ~]# sa 135 12652.06re 0.00cp 11052k 12 3.32re 0.00cp 23715k ***other* 2 2.78re 0.00cp 27072k bash 2 0.00re 0.00cp 26576k service 2 12645.72re 0.00cp 0k flush-8:0* 29 0.00re 0.00cp 1018k ac 23 0.00re 0.00cp 10197k bash* 10 0.00re 0.00cp 9709k id 6 0.01re 0.00cp 29328k crond* 6 0.00re 0.00cp 25232k basename 6 0.00re 0.00cp 1642k lastcomm 5 0.01re 0.00cp 25248k sadc 5 0.00re 0.00cp 981k consoletype 3 0.00re 0.00cp 2076k hostname 3 0.00re 0.00cp 1595k grep 3 0.00re 0.00cp 1561k tput 3 0.00re 0.00cp 1020k dircolors 3 0.00re 0.00cp 1017k tty 2 0.15re 0.00cp 16992k sshd* 2 0.09re 0.00cp 25232k tail 2 0.00re 0.00cp 28928k ls 2 0.00re 0.00cp 26512k service* 2 0.00re 0.00cp 25216k logger 2 0.00re 0.00cp 1545k sa
8. Prints the number of processes and the number of CPU minutes :
[root@oss ~]# sa -m 136 12652.06re 0.00cp 10978k root 94 12650.94re 0.00cp 12223k ehowstuff 40 0.97re 0.00cp 7752k sshd 2 0.15re 0.00cp 16992k
9. Use command sa -u to display individual users activity :
[root@oss ~]# sa -u root 0.00 cpu 981k mem accton root 0.00 cpu 26288k mem touch root 0.01 cpu 26576k mem psacct root 0.00 cpu 1018k mem ac root 0.00 cpu 1018k mem ac root 0.00 cpu 1018k mem ac root 0.00 cpu 1018k mem ac root 0.00 cpu 1018k mem ac root 0.00 cpu 1018k mem ac root 0.00 cpu 1018k mem ac root 0.00 cpu 1018k mem ac root 0.00 cpu 1018k mem ac sshd 0.00 cpu 16992k mem sshd * root 0.00 cpu 2604k mem id root 0.00 cpu 2826k mem bash * root 0.00 cpu 2076k mem hostname root 0.00 cpu 2826k mem bash * root 0.00 cpu 1017k mem tty root 0.00 cpu 1561k mem tput root 0.00 cpu 2826k mem bash * root 0.00 cpu 1020k mem dircolors root 0.00 cpu 2826k mem bash * root 0.00 cpu 1595k mem grep root 0.00 cpu 981k mem consoletype root 0.00 cpu 27040k mem bash * root 0.00 cpu 26288k mem id root 0.00 cpu 27040k mem bash * ehowstuf 0.00 cpu 2604k mem id ehowstuf 0.00 cpu 2826k mem bash * ehowstuf 0.00 cpu 2076k mem hostname ehowstuf 0.00 cpu 2826k mem bash * ehowstuf 0.00 cpu 2604k mem id ehowstuf 0.00 cpu 2826k mem bash * ehowstuf 0.00 cpu 2604k mem id
10. Printing sort by percentage
The command sa -c will show you the highest percentage of users:
[root@oss ~]# sa -c 233 100.00% 12652.90re 100.00% 0.00cp 100.00% 16512k 22 9.44% 3.32re 0.03% 0.00cp 44.44% 19491k ***other* 2 0.86% 2.78re 0.02% 0.00cp 22.22% 27072k bash 3 1.29% 12646.53re 99.95% 0.00cp 11.11% 0k flush-8:0* 2 0.86% 0.00re 0.00% 0.00cp 11.11% 26576k service 8 3.43% 0.01re 0.00% 0.00cp 5.56% 25248k sadc 2 0.86% 0.00re 0.00% 0.00cp 5.56% 26512k run-parts 30 12.88% 0.00re 0.00% 0.00cp 0.00% 26512k sh 29 12.45% 0.00re 0.00% 0.00cp 0.00% 1018k ac 23 9.87% 0.00re 0.00% 0.00cp 0.00% 10197k bash* 17 7.30% 0.00re 0.00% 0.00cp 0.00% 25232k cat 12 5.15% 0.02re 0.00% 0.00cp 0.00% 29328k crond* 10 4.29% 0.00re 0.00% 0.00cp 0.00% 9709k id 8 3.43% 0.00re 0.00% 0.00cp 0.00% 25232k basename 7 3.00% 0.00re 0.00% 0.00cp 0.00% 29079k ls 6 2.58% 0.00re 0.00% 0.00cp 0.00% 1642k lastcomm 6 2.58% 0.00re 0.00% 0.00cp 0.00% 1457k sa 5 2.15% 0.00re 0.00% 0.00cp 0.00% 981k consoletype 4 1.72% 0.00re 0.00% 0.00cp 0.00% 28064k find 4 1.72% 0.00re 0.00% 0.00cp 0.00% 25216k logger 3 1.29% 0.00re 0.00% 0.00cp 0.00% 26512k sh* 3 1.29% 0.00re 0.00% 0.00cp 0.00% 26304k date 3 1.29% 0.00re 0.00% 0.00cp 0.00% 2076k hostname 3 1.29% 0.00re 0.00% 0.00cp 0.00% 1595k grep 3 1.29% 0.00re 0.00% 0.00cp 0.00% 1561k tput 3 1.29% 0.00re 0.00% 0.00cp 0.00% 1020k dircolors 3 1.29% 0.00re 0.00% 0.00cp 0.00% 1017k tty 2 0.86% 0.15re 0.00% 0.00cp 0.00% 16992k sshd* 2 0.86% 0.09re 0.00% 0.00cp 0.00% 25232k tail 2 0.86% 0.00re 0.00% 0.00cp 0.00% 26512k 0anacron 2 0.86% 0.00re 0.00% 0.00cp 0.00% 26480k awk 2 0.86% 0.00re 0.00% 0.00cp 0.00% 26512k service* 2 0.86% 0.00re 0.00% 0.00cp 0.00% 26512k run-parts*
11. Display last executed commands :
[root@oss ~]# lastcomm sa root pts/0 0.00 secs Thu Aug 21 00:16 sa ehowstuf pts/2 0.00 secs Thu Aug 21 00:14 sa root pts/0 0.00 secs Thu Aug 21 00:12 crond SF root __ 0.00 secs Thu Aug 21 00:10 sadc S root __ 0.00 secs Thu Aug 21 00:10 anacron F root __ 0.00 secs Thu Aug 21 00:01 crond SF root __ 0.00 secs Thu Aug 21 00:01 run-parts root __ 0.01 secs Thu Aug 21 00:01 logger root __ 0.00 secs Thu Aug 21 00:01 basename root __ 0.00 secs Thu Aug 21 00:01 awk root __ 0.00 secs Thu Aug 21 00:01 0anacron root __ 0.00 secs Thu Aug 21 00:01 anacron root __ 0.00 secs Thu Aug 21 00:01 date root __ 0.00 secs Thu Aug 21 00:01 cat root __ 0.00 secs Thu Aug 21 00:01 logger root __ 0.00 secs Thu Aug 21 00:01 basename root __ 0.00 secs Thu Aug 21 00:01 run-parts F root __ 0.00 secs Thu Aug 21 00:01 sh nobody __ 0.00 secs Thu Aug 21 00:00 getconf nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 uptime nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 netstat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 mount nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 df nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 ifconfig nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 ls nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 ls nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 ls nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 ls nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 ls nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 sh F nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 fdisk nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 sh F nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 crond SF nobody __ 0.00 secs Thu Aug 21 00:00 nmon nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 sh F nobody __ 0.00 secs Thu Aug 21 00:00 sh nobody __ 0.00 secs Thu Aug 21 00:00 cat nobody __ 0.00 secs Thu Aug 21 00:00 xargs nobody __ 0.00 secs Thu Aug 21 00:00 rm nobody __ 0.00 secs Thu Aug 21 00:00 find nobody __ 0.00 secs Thu Aug 21 00:00 crond SF root __ 0.00 secs Thu Aug 21 00:00 sadc S root __ 0.00 secs Thu Aug 21 00:00 pkill nobody __ 0.00 secs Thu Aug 21 00:00 flush-8:0 F root __ 0.00 secs Wed Aug 20 23:25 crond SF root __ 0.00 secs Wed Aug 20 23:53 sa2 root __ 0.00 secs Wed Aug 20 23:53 rmdir root __ 0.00 secs Wed Aug 20 23:53 find root __ 0.00 secs Wed Aug 20 23:53 find root __ 0.00 secs Wed Aug 20 23:53 find root __ 0.00 secs Wed Aug 20 23:53 sar root __ 0.02 secs Wed Aug 20 23:53 date root __ 0.00 secs Wed Aug 20 23:53 crond SF root __ 0.00 secs Wed Aug 20 23:50 sadc S root __ 0.01 secs Wed Aug 20 23:50 sa root pts/0 0.00 secs Wed Aug 20 23:47 sa root pts/0 0.00 secs Wed Aug 20 23:45 ac root pts/0 0.00 secs Wed Aug 20 23:44 lastcomm root pts/0 0.00 secs Wed Aug 20 23:43 ac root pts/0 0.00 secs Wed Aug 20 23:41 ac root pts/0 0.00 secs Wed Aug 20 23:40 crond SF root __ 0.00 secs Wed Aug 20 23:40 sadc S root __ 0.00 secs Wed Aug 20 23:40 service root pts/0 0.01 secs Wed Aug 20 23:39 basename root pts/0 0.00 secs Wed Aug 20 23:39 basename root pts/0 0.00 secs Wed Aug 20 23:39 service F root pts/0 0.00 secs Wed Aug 20 23:39 consoletype root pts/0 0.00 secs Wed Aug 20 23:39 service root pts/0 0.01 secs Wed Aug 20 23:39 basename root pts/0 0.00 secs Wed Aug 20 23:39 basename root pts/0 0.00 secs Wed Aug 20 23:39 service F root pts/0 0.00 secs Wed Aug 20 23:39 consoletype root pts/0 0.00 secs Wed Aug 20 23:39 tail X root pts/0 0.00 secs Wed Aug 20 23:39 bash F root pts/0 0.00 secs Wed Aug 20 23:39 ls root pts/0 0.00 secs Wed Aug 20 23:39 lastcomm root pts/0 0.00 secs Wed Aug 20 23:39 crond SF root __ 0.00 secs Wed Aug 20 23:30 sadc S root __ 0.00 secs Wed Aug 20 23:30 lastcomm root pts/0 0.00 secs Wed Aug 20 23:27 lastcomm root pts/0 0.00 secs Wed Aug 20 23:26 lastcomm root pts/0 0.00 secs Wed Aug 20 23:26 flush-8:0 F root __ 0.00 secs Wed Aug 20 23:19 crond SF root __ 0.00 secs Wed Aug 20 23:20 sadc S root __ 0.00 secs Wed Aug 20 23:20 flush-8:0 F root __ 0.02 secs Wed Aug 20 22:50 sa root pts/0 0.00 secs Wed Aug 20 23:13 sa root pts/0 0.00 secs Wed Aug 20 23:13 lastcomm root pts/0 0.00 secs Wed Aug 20 23:13 crond SF root __ 0.00 secs Wed Aug 20 23:10 sadc S root __ 0.00 secs Wed Aug 20 23:10 ac root pts/0 0.00 secs Wed Aug 20 23:06 crond SF root __ 0.00 secs Wed Aug 20 23:01 run-parts root __ 0.00 secs Wed Aug 20 23:01 logger root __ 0.00 secs Wed Aug 20 23:01 basename root __ 0.00 secs Wed Aug 20 23:01 awk root __ 0.00 secs Wed Aug 20 23:01 0anacron root __ 0.00 secs Wed Aug 20 23:01 date root __ 0.00 secs Wed Aug 20 23:01 cat root __ 0.00 secs Wed Aug 20 23:01 logger root __ 0.00 secs Wed Aug 20 23:01 basename root __ 0.00 secs Wed Aug 20 23:01 run-parts F root __ 0.00 secs Wed Aug 20 23:01 crond SF root __ 0.00 secs Wed Aug 20 23:00 sadc S root __ 0.00 secs Wed Aug 20 23:00 ac root pts/0 0.00 secs Wed Aug 20 22:59 ac root pts/0 0.00 secs Wed Aug 20 22:59 ac root pts/0 0.00 secs Wed Aug 20 22:59 sshd S root __ 0.05 secs Wed Aug 20 22:57 bash S root pts/1 0.01 secs Wed Aug 20 22:57 su S root pts/1 0.00 secs Wed Aug 20 22:57 bash S ehowstuf pts/1 0.03 secs Wed Aug 20 22:57 ac root pts/0 0.00 secs Wed Aug 20 22:59 ac root pts/0 0.00 secs Wed Aug 20 22:59 ac root pts/0 0.00 secs Wed Aug 20 22:59 bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 id ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 consoletype ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 grep ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 dircolors ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 tput ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 tty ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 id ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 id ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 hostname ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 id ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 sshd SF sshd __ 0.00 secs Wed Aug 20 22:59 ac root pts/0 0.00 secs Wed Aug 20 22:58 ac root pts/0 0.00 secs Wed Aug 20 22:58 ac ehowstuf pts/1 0.00 secs Wed Aug 20 22:58 ac root pts/0 0.00 secs Wed Aug 20 22:58 ac root pts/0 0.00 secs Wed Aug 20 22:58 ac root pts/0 0.00 secs Wed Aug 20 22:58 mkdir ehowstuf pts/1 0.00 secs Wed Aug 20 22:58 ls ehowstuf pts/1 0.00 secs Wed Aug 20 22:58 ac root pts/0 0.00 secs Wed Aug 20 22:58 tail X root pts/0 0.00 secs Wed Aug 20 22:58 ac root pts/0 0.00 secs Wed Aug 20 22:58 ac root pts/0 0.00 secs Wed Aug 20 22:58 ac root pts/0 0.00 secs Wed Aug 20 22:58 bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 id ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 consoletype ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 grep ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 dircolors ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 tput ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 tty ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 id ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 id ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 hostname ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 id ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 bash F root pts/1 0.00 secs Wed Aug 20 22:57 id root pts/1 0.00 secs Wed Aug 20 22:57 bash F root pts/1 0.00 secs Wed Aug 20 22:57 consoletype root pts/1 0.00 secs Wed Aug 20 22:57 grep root pts/1 0.00 secs Wed Aug 20 22:57 bash F root pts/1 0.00 secs Wed Aug 20 22:57 dircolors root pts/1 0.00 secs Wed Aug 20 22:57 bash F root pts/1 0.00 secs Wed Aug 20 22:57 tput root pts/1 0.00 secs Wed Aug 20 22:57 tty root pts/1 0.00 secs Wed Aug 20 22:57 bash F root pts/1 0.00 secs Wed Aug 20 22:57 hostname root pts/1 0.00 secs Wed Aug 20 22:57 bash F root pts/1 0.00 secs Wed Aug 20 22:57 id root pts/1 0.00 secs Wed Aug 20 22:57 sshd SF sshd __ 0.00 secs Wed Aug 20 22:57 ac root pts/0 0.00 secs Wed Aug 20 22:57 ac root pts/0 0.00 secs Wed Aug 20 22:57 ac root pts/0 0.00 secs Wed Aug 20 22:57 ac root pts/0 0.00 secs Wed Aug 20 22:57 ac root pts/0 0.00 secs Wed Aug 20 22:57 ac root pts/0 0.00 secs Wed Aug 20 22:57 ac root pts/0 0.00 secs Wed Aug 20 22:56 ac root pts/0 0.00 secs Wed Aug 20 22:56 ac root pts/0 0.00 secs Wed Aug 20 22:56 psacct root pts/0 0.01 secs Wed Aug 20 22:55 touch root pts/0 0.00 secs Wed Aug 20 22:55 accton S root pts/0 0.00 secs Wed Aug 20 22:55
12. Search Logs for Commands :
[root@oss ~]# lastcomm grep grep ehowstuf pts/2 0.00 secs Wed Aug 20 22:59 grep ehowstuf pts/1 0.00 secs Wed Aug 20 22:57 grep root pts/1 0.00 secs Wed Aug 20 22:57
1 Comment
Hi,
when i executed lastcomm sdiff, i could output is popping multiple times instead of a single display, please help me on this?
[root@qns01 ~]# lastcomm sdiff
sdiff root pts/0 0.00 secs Mon Aug 3 07:52
sdiff root pts/0 0.00 secs Mon Aug 3 07:52
sdiff root pts/0 0.00 secs Mon Aug 3 07:52
sdiff root pts/0 0.00 secs Mon Aug 3 07:52