{"id":5342,"date":"2014-08-21T00:22:22","date_gmt":"2014-08-20T16:22:22","guid":{"rendered":"https:\/\/webhostinggeeks.com\/howto\/?p=5342"},"modified":"2023-04-28T09:48:17","modified_gmt":"2023-04-28T09:48:17","slug":"how-to-setup-psacct-or-acct-monitor-user-activity-in-linux","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/howto\/how-to-setup-psacct-or-acct-monitor-user-activity-in-linux\/","title":{"rendered":"How to Setup psacct or acct &#8211; Monitor User Activity in Linux"},"content":{"rendered":"<p>It is very important to know what are the activities for applications and users in linux operating system. This will very useful in later time or in case of problems. For this purpose, i would recommend <strong>psacct<\/strong> or <strong>acct<\/strong> tools to be install. <strong>psacct<\/strong> or <strong>acct<\/strong> is a free monitoring program to monitor users and applications activity on linux server. This program will display how long user accessing the server, what command are they issuing, how many processes and display logs for commands. psacct and acct are similar tool, psacct is for RPM based linux but acct is for Debian based.<\/p>\n<p>1. If you are runninng Linux CentOS or Redhat, you should use the following command to install pssacct :<\/p>\n<pre>\n[root@oss ~]# yum install psacct -y\n<\/pre>\n<p>But if you are running debian such as Ubuntu, you should install acct package instead of psacct :<\/p>\n<pre>\n[root@oss ~]# sudo apt-get install acct\n<\/pre>\n<p>2. By default psacct is disabled on Linux. We should manually start it :<\/p>\n<pre>\n[root@oss ~]# \/etc\/init.d\/psacct status\nProcess accounting is disabled.\n<\/pre>\n<pre>\n[root@oss ~]# \/etc\/init.d\/psacct start\nStarting process accounting:                               [  OK  ]\n<\/pre>\n<p>Start acct on Debian :<\/p>\n<pre>\n[root@oss ~]# sudo service acct start\n<\/pre>\n<p>3. The psacct or acct package provides several features for monitoring process activities.<\/p>\n<p>Other usage from that come in psacct or acct package :<\/p>\n<p><strong>ac<\/strong> command prints the statistics of user logins\/logouts (connect time) in hours.<br \/>\n<strong>lastcomm<\/strong> command prints the information of previously executed commands of user.<br \/>\n<strong>accton<\/strong> commands is used to turn on\/off process for accounting.<br \/>\n<strong>sa<\/strong> command summarizes information of previously executed commands.<br \/>\n<strong>last<\/strong> and <strong>lastb<\/strong> commands show listing of last logged in users.<\/p>\n<p>4. Total Connect Time :<\/p>\n<pre>\n[root@oss ~]# ac\n        total      103.61\n<\/pre>\n<p>5. Display the statistics for total login time :<\/p>\n<pre>\n[root@oss ~]# ac -d\nDec  7  total        4.15\nDec  8  total        0.01\nJul 18  total        0.01\nAug  5  total       13.19\nAug  7  total       39.29\nAug 10  total        3.33\nAug 11  total        6.41\nAug 12  total        1.84\nAug 13  total        0.22\nAug 16  total        3.30\nAug 17  total       16.56\nAug 18  total        1.99\nAug 19  total        2.77\nToday   total       10.55\n<\/pre>\n<p>6. Total login statistics of each user :<\/p>\n<pre>\n[root@oss ~]# ac -p\n        ehowstuff                            0.76\n        root                               103.00\n        total      103.76\n<\/pre>\n<p>7. Print the summary of commands that were executed by users :<\/p>\n<pre>\n[root@oss ~]# sa\n     135   12652.06re       0.00cp    11052k\n      12       3.32re       0.00cp    23715k   ***other*\n       2       2.78re       0.00cp    27072k   bash\n       2       0.00re       0.00cp    26576k   service\n       2   12645.72re       0.00cp        0k   flush-8:0*\n      29       0.00re       0.00cp     1018k   ac\n      23       0.00re       0.00cp    10197k   bash*\n      10       0.00re       0.00cp     9709k   id\n       6       0.01re       0.00cp    29328k   crond*\n       6       0.00re       0.00cp    25232k   basename\n       6       0.00re       0.00cp     1642k   lastcomm\n       5       0.01re       0.00cp    25248k   sadc\n       5       0.00re       0.00cp      981k   consoletype\n       3       0.00re       0.00cp     2076k   hostname\n       3       0.00re       0.00cp     1595k   grep\n       3       0.00re       0.00cp     1561k   tput\n       3       0.00re       0.00cp     1020k   dircolors\n       3       0.00re       0.00cp     1017k   tty\n       2       0.15re       0.00cp    16992k   sshd*\n       2       0.09re       0.00cp    25232k   tail\n       2       0.00re       0.00cp    28928k   ls\n       2       0.00re       0.00cp    26512k   service*\n       2       0.00re       0.00cp    25216k   logger\n       2       0.00re       0.00cp     1545k   sa\n<\/pre>\n<p>8. Prints the number of processes and the number of CPU minutes :<\/p>\n<pre>\n[root@oss ~]# sa -m\n                                      136   12652.06re       0.00cp    10978k\nroot                                   94   12650.94re       0.00cp    12223k\nehowstuff                              40       0.97re       0.00cp     7752k\nsshd                                    2       0.15re       0.00cp    16992k\n<\/pre>\n<p>9. Use command <strong>sa -u<\/strong> to display individual users activity :<\/p>\n<pre>\n[root@oss ~]# sa -u\nroot       0.00 cpu      981k mem accton\nroot       0.00 cpu    26288k mem touch\nroot       0.01 cpu    26576k mem psacct\nroot       0.00 cpu     1018k mem ac\nroot       0.00 cpu     1018k mem ac\nroot       0.00 cpu     1018k mem ac\nroot       0.00 cpu     1018k mem ac\nroot       0.00 cpu     1018k mem ac\nroot       0.00 cpu     1018k mem ac\nroot       0.00 cpu     1018k mem ac\nroot       0.00 cpu     1018k mem ac\nroot       0.00 cpu     1018k mem ac\nsshd       0.00 cpu    16992k mem sshd             *\nroot       0.00 cpu     2604k mem id\nroot       0.00 cpu     2826k mem bash             *\nroot       0.00 cpu     2076k mem hostname\nroot       0.00 cpu     2826k mem bash             *\nroot       0.00 cpu     1017k mem tty\nroot       0.00 cpu     1561k mem tput\nroot       0.00 cpu     2826k mem bash             *\nroot       0.00 cpu     1020k mem dircolors\nroot       0.00 cpu     2826k mem bash             *\nroot       0.00 cpu     1595k mem grep\nroot       0.00 cpu      981k mem consoletype\nroot       0.00 cpu    27040k mem bash             *\nroot       0.00 cpu    26288k mem id\nroot       0.00 cpu    27040k mem bash             *\nehowstuf   0.00 cpu     2604k mem id\nehowstuf   0.00 cpu     2826k mem bash             *\nehowstuf   0.00 cpu     2076k mem hostname\nehowstuf   0.00 cpu     2826k mem bash             *\nehowstuf   0.00 cpu     2604k mem id\nehowstuf   0.00 cpu     2826k mem bash             *\nehowstuf   0.00 cpu     2604k mem id\n<\/pre>\n<p>10. Printing sort by percentage<\/p>\n<p>The command <strong>sa -c<\/strong> will show you the highest percentage of users:<\/p>\n<pre>\n[root@oss ~]# sa -c\n     233  100.00%   12652.90re  100.00%       0.00cp  100.00%    16512k\n      22    9.44%       3.32re    0.03%       0.00cp   44.44%    19491k   ***other*\n       2    0.86%       2.78re    0.02%       0.00cp   22.22%    27072k   bash\n       3    1.29%   12646.53re   99.95%       0.00cp   11.11%        0k   flush-8:0*\n       2    0.86%       0.00re    0.00%       0.00cp   11.11%    26576k   service\n       8    3.43%       0.01re    0.00%       0.00cp    5.56%    25248k   sadc\n       2    0.86%       0.00re    0.00%       0.00cp    5.56%    26512k   run-parts\n      30   12.88%       0.00re    0.00%       0.00cp    0.00%    26512k   sh\n      29   12.45%       0.00re    0.00%       0.00cp    0.00%     1018k   ac\n      23    9.87%       0.00re    0.00%       0.00cp    0.00%    10197k   bash*\n      17    7.30%       0.00re    0.00%       0.00cp    0.00%    25232k   cat\n      12    5.15%       0.02re    0.00%       0.00cp    0.00%    29328k   crond*\n      10    4.29%       0.00re    0.00%       0.00cp    0.00%     9709k   id\n       8    3.43%       0.00re    0.00%       0.00cp    0.00%    25232k   basename\n       7    3.00%       0.00re    0.00%       0.00cp    0.00%    29079k   ls\n       6    2.58%       0.00re    0.00%       0.00cp    0.00%     1642k   lastcomm\n       6    2.58%       0.00re    0.00%       0.00cp    0.00%     1457k   sa\n       5    2.15%       0.00re    0.00%       0.00cp    0.00%      981k   consoletype\n       4    1.72%       0.00re    0.00%       0.00cp    0.00%    28064k   find\n       4    1.72%       0.00re    0.00%       0.00cp    0.00%    25216k   logger\n       3    1.29%       0.00re    0.00%       0.00cp    0.00%    26512k   sh*\n       3    1.29%       0.00re    0.00%       0.00cp    0.00%    26304k   date\n       3    1.29%       0.00re    0.00%       0.00cp    0.00%     2076k   hostname\n       3    1.29%       0.00re    0.00%       0.00cp    0.00%     1595k   grep\n       3    1.29%       0.00re    0.00%       0.00cp    0.00%     1561k   tput\n       3    1.29%       0.00re    0.00%       0.00cp    0.00%     1020k   dircolors\n       3    1.29%       0.00re    0.00%       0.00cp    0.00%     1017k   tty\n       2    0.86%       0.15re    0.00%       0.00cp    0.00%    16992k   sshd*\n       2    0.86%       0.09re    0.00%       0.00cp    0.00%    25232k   tail\n       2    0.86%       0.00re    0.00%       0.00cp    0.00%    26512k   0anacron\n       2    0.86%       0.00re    0.00%       0.00cp    0.00%    26480k   awk\n       2    0.86%       0.00re    0.00%       0.00cp    0.00%    26512k   service*\n       2    0.86%       0.00re    0.00%       0.00cp    0.00%    26512k   run-parts*\n<\/pre>\n<pre>\n\n11. Display last executed commands :\n<\/pre>\n<pre>\n[root@oss ~]# lastcomm\nsa                      root     pts\/0      0.00 secs Thu Aug 21 00:16\nsa                      ehowstuf pts\/2      0.00 secs Thu Aug 21 00:14\nsa                      root     pts\/0      0.00 secs Thu Aug 21 00:12\ncrond             SF    root     __         0.00 secs Thu Aug 21 00:10\nsadc              S     root     __         0.00 secs Thu Aug 21 00:10\nanacron            F    root     __         0.00 secs Thu Aug 21 00:01\ncrond             SF    root     __         0.00 secs Thu Aug 21 00:01\nrun-parts               root     __         0.01 secs Thu Aug 21 00:01\nlogger                  root     __         0.00 secs Thu Aug 21 00:01\nbasename                root     __         0.00 secs Thu Aug 21 00:01\nawk                     root     __         0.00 secs Thu Aug 21 00:01\n0anacron                root     __         0.00 secs Thu Aug 21 00:01\nanacron                 root     __         0.00 secs Thu Aug 21 00:01\ndate                    root     __         0.00 secs Thu Aug 21 00:01\ncat                     root     __         0.00 secs Thu Aug 21 00:01\nlogger                  root     __         0.00 secs Thu Aug 21 00:01\nbasename                root     __         0.00 secs Thu Aug 21 00:01\nrun-parts          F    root     __         0.00 secs Thu Aug 21 00:01\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ngetconf                 nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nuptime                  nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nnetstat                 nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nmount                   nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ndf                      nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nifconfig                nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nls                      nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nls                      nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nls                      nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nls                      nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nls                      nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nsh                 F    nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nfdisk                   nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nsh                 F    nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\ncrond             SF    nobody   __         0.00 secs Thu Aug 21 00:00\nnmon                    nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\nsh                 F    nobody   __         0.00 secs Thu Aug 21 00:00\nsh                      nobody   __         0.00 secs Thu Aug 21 00:00\ncat                     nobody   __         0.00 secs Thu Aug 21 00:00\nxargs                   nobody   __         0.00 secs Thu Aug 21 00:00\nrm                      nobody   __         0.00 secs Thu Aug 21 00:00\nfind                    nobody   __         0.00 secs Thu Aug 21 00:00\ncrond             SF    root     __         0.00 secs Thu Aug 21 00:00\nsadc              S     root     __         0.00 secs Thu Aug 21 00:00\npkill                   nobody   __         0.00 secs Thu Aug 21 00:00\nflush-8:0          F    root     __         0.00 secs Wed Aug 20 23:25\ncrond             SF    root     __         0.00 secs Wed Aug 20 23:53\nsa2                     root     __         0.00 secs Wed Aug 20 23:53\nrmdir                   root     __         0.00 secs Wed Aug 20 23:53\nfind                    root     __         0.00 secs Wed Aug 20 23:53\nfind                    root     __         0.00 secs Wed Aug 20 23:53\nfind                    root     __         0.00 secs Wed Aug 20 23:53\nsar                     root     __         0.02 secs Wed Aug 20 23:53\ndate                    root     __         0.00 secs Wed Aug 20 23:53\ncrond             SF    root     __         0.00 secs Wed Aug 20 23:50\nsadc              S     root     __         0.01 secs Wed Aug 20 23:50\nsa                      root     pts\/0      0.00 secs Wed Aug 20 23:47\nsa                      root     pts\/0      0.00 secs Wed Aug 20 23:45\nac                      root     pts\/0      0.00 secs Wed Aug 20 23:44\nlastcomm                root     pts\/0      0.00 secs Wed Aug 20 23:43\nac                      root     pts\/0      0.00 secs Wed Aug 20 23:41\nac                      root     pts\/0      0.00 secs Wed Aug 20 23:40\ncrond             SF    root     __         0.00 secs Wed Aug 20 23:40\nsadc              S     root     __         0.00 secs Wed Aug 20 23:40\nservice                 root     pts\/0      0.01 secs Wed Aug 20 23:39\nbasename                root     pts\/0      0.00 secs Wed Aug 20 23:39\nbasename                root     pts\/0      0.00 secs Wed Aug 20 23:39\nservice            F    root     pts\/0      0.00 secs Wed Aug 20 23:39\nconsoletype             root     pts\/0      0.00 secs Wed Aug 20 23:39\nservice                 root     pts\/0      0.01 secs Wed Aug 20 23:39\nbasename                root     pts\/0      0.00 secs Wed Aug 20 23:39\nbasename                root     pts\/0      0.00 secs Wed Aug 20 23:39\nservice            F    root     pts\/0      0.00 secs Wed Aug 20 23:39\nconsoletype             root     pts\/0      0.00 secs Wed Aug 20 23:39\ntail                  X root     pts\/0      0.00 secs Wed Aug 20 23:39\nbash               F    root     pts\/0      0.00 secs Wed Aug 20 23:39\nls                      root     pts\/0      0.00 secs Wed Aug 20 23:39\nlastcomm                root     pts\/0      0.00 secs Wed Aug 20 23:39\ncrond             SF    root     __         0.00 secs Wed Aug 20 23:30\nsadc              S     root     __         0.00 secs Wed Aug 20 23:30\nlastcomm                root     pts\/0      0.00 secs Wed Aug 20 23:27\nlastcomm                root     pts\/0      0.00 secs Wed Aug 20 23:26\nlastcomm                root     pts\/0      0.00 secs Wed Aug 20 23:26\nflush-8:0          F    root     __         0.00 secs Wed Aug 20 23:19\ncrond             SF    root     __         0.00 secs Wed Aug 20 23:20\nsadc              S     root     __         0.00 secs Wed Aug 20 23:20\nflush-8:0          F    root     __         0.02 secs Wed Aug 20 22:50\nsa                      root     pts\/0      0.00 secs Wed Aug 20 23:13\nsa                      root     pts\/0      0.00 secs Wed Aug 20 23:13\nlastcomm                root     pts\/0      0.00 secs Wed Aug 20 23:13\ncrond             SF    root     __         0.00 secs Wed Aug 20 23:10\nsadc              S     root     __         0.00 secs Wed Aug 20 23:10\nac                      root     pts\/0      0.00 secs Wed Aug 20 23:06\ncrond             SF    root     __         0.00 secs Wed Aug 20 23:01\nrun-parts               root     __         0.00 secs Wed Aug 20 23:01\nlogger                  root     __         0.00 secs Wed Aug 20 23:01\nbasename                root     __         0.00 secs Wed Aug 20 23:01\nawk                     root     __         0.00 secs Wed Aug 20 23:01\n0anacron                root     __         0.00 secs Wed Aug 20 23:01\ndate                    root     __         0.00 secs Wed Aug 20 23:01\ncat                     root     __         0.00 secs Wed Aug 20 23:01\nlogger                  root     __         0.00 secs Wed Aug 20 23:01\nbasename                root     __         0.00 secs Wed Aug 20 23:01\nrun-parts          F    root     __         0.00 secs Wed Aug 20 23:01\ncrond             SF    root     __         0.00 secs Wed Aug 20 23:00\nsadc              S     root     __         0.00 secs Wed Aug 20 23:00\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:59\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:59\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:59\nsshd              S     root     __         0.05 secs Wed Aug 20 22:57\nbash              S     root     pts\/1      0.01 secs Wed Aug 20 22:57\nsu                S     root     pts\/1      0.00 secs Wed Aug 20 22:57\nbash              S     ehowstuf pts\/1      0.03 secs Wed Aug 20 22:57\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:59\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:59\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:59\nbash               F    ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nid                      ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nbash               F    ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nconsoletype             ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\ngrep                    ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nbash               F    ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\ndircolors               ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nbash               F    ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\ntput                    ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\ntty                     ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nbash               F    ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nid                      ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nbash               F    ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nid                      ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nbash               F    ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nhostname                ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nbash               F    ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nid                      ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\nsshd              SF    sshd     __         0.00 secs Wed Aug 20 22:59\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:58\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:58\nac                      ehowstuf pts\/1      0.00 secs Wed Aug 20 22:58\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:58\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:58\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:58\nmkdir                   ehowstuf pts\/1      0.00 secs Wed Aug 20 22:58\nls                      ehowstuf pts\/1      0.00 secs Wed Aug 20 22:58\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:58\ntail                  X root     pts\/0      0.00 secs Wed Aug 20 22:58\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:58\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:58\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:58\nbash               F    ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nid                      ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nconsoletype             ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\ngrep                    ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\ndircolors               ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\ntput                    ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\ntty                     ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nid                      ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nid                      ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nhostname                ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nid                      ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    root     pts\/1      0.00 secs Wed Aug 20 22:57\nid                      root     pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    root     pts\/1      0.00 secs Wed Aug 20 22:57\nconsoletype             root     pts\/1      0.00 secs Wed Aug 20 22:57\ngrep                    root     pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    root     pts\/1      0.00 secs Wed Aug 20 22:57\ndircolors               root     pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    root     pts\/1      0.00 secs Wed Aug 20 22:57\ntput                    root     pts\/1      0.00 secs Wed Aug 20 22:57\ntty                     root     pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    root     pts\/1      0.00 secs Wed Aug 20 22:57\nhostname                root     pts\/1      0.00 secs Wed Aug 20 22:57\nbash               F    root     pts\/1      0.00 secs Wed Aug 20 22:57\nid                      root     pts\/1      0.00 secs Wed Aug 20 22:57\nsshd              SF    sshd     __         0.00 secs Wed Aug 20 22:57\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:57\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:57\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:57\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:57\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:57\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:57\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:56\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:56\nac                      root     pts\/0      0.00 secs Wed Aug 20 22:56\npsacct                  root     pts\/0      0.01 secs Wed Aug 20 22:55\ntouch                   root     pts\/0      0.00 secs Wed Aug 20 22:55\naccton            S     root     pts\/0      0.00 secs Wed Aug 20 22:55\n<\/pre>\n<p>12. Search Logs for Commands :<\/p>\n<pre>\n[root@oss ~]# lastcomm grep\ngrep                    ehowstuf pts\/2      0.00 secs Wed Aug 20 22:59\ngrep                    ehowstuf pts\/1      0.00 secs Wed Aug 20 22:57\ngrep                    root     pts\/1      0.00 secs Wed Aug 20 22:57\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>It is very important to know what are the activities for applications and users in linux operating system. This will very useful in later time or in case of problems&#8230;.<\/p>\n","protected":false},"author":6,"featured_media":5345,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[1],"tags":[1536,2109],"class_list":["post-5342","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-linux","tag-monitoring"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/5342","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=5342"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/5342\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/5345"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=5342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=5342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=5342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}