Introduction
Acct is an open source tool for monitoring a users activity on Linux system. It is a most important task for every system administrator to monitor all the activity by all users and processes that they are running. This will help him to analyze and identify problems of any kind.
This tool runs in the background and tracks the user activity on a system and the resources consumed by services such as MySQL, Apache, FTP, SSH etc. This tool helps you to find out how long a user is accessing the server, what command are they issuing, how many processes and displays logs for commands.
In this tutorial, we will learn how to install and use acct on Ubuntu-14.04.
Requirements
- A server runing Ubuntu-14.04.
Installing Acct
By default acct package is available in Ubuntu-14.04 repository. You can install it by running the following command:
sudo apt-get install acct
Output:
Get:1 http://in.archive.ubuntu.com/ubuntu/ trusty/main acct amd64 6.5.5-1ubuntu5 [80.6 kB]
Fetched 80.6 kB in 11s (6,760 B/s)
Selecting previously unselected package acct.
(Reading database ... 271064 files and directories currently installed.)
Preparing to unpack .../acct_6.5.5-1ubuntu5_amd64.deb ...
Unpacking acct (6.5.5-1ubuntu5) ...
Processing triggers for man-db (2.6.7.1-1) ...
Processing triggers for doc-base (0.10.5) ...
Processing 1 added doc-base file...
Registering documents with scrollkeeper...
Processing triggers for install-info (5.2.0.dfsg.1-2) ...
Processing triggers for ureadahead (0.100.0-16) ...
ureadahead will be reprofiled on next reboot
Setting up acct (6.5.5-1ubuntu5) ...
Turning on process accounting, file set to '/var/log/account/pacct'.
* Done.
Processing triggers for ureadahead (0.100.0-16) ...
Once acct is installed, start the acct service with the following command:
sudo /etc/init.d/acct start
Output:
Turning on process accounting, file set to '/var/log/account/pacct'.
* Done.
Displaying the Statistics of the Total Connect Time of Users
If you want to gather information of total connect time of users, just run the following command:
ac
Output:
total 90.02
You can also gather information day wise with option -d.
ac -d
Output:
Oct 7 total 0.14
Oct 9 total 6.35
Oct 10 total 9.65
Oct 13 total 2.10
Oct 14 total 10.95
Oct 15 total 15.20
Oct 17 total 15.06
Oct 18 total 12.57
Today total 18.22
Using -p switch, you can get the total login time of each user in hours:
ac -p
Output:
vyom 90.30
hitesh 20.10
lokesh 50.00
raj 10.00
total 170.40
To get the total login time of user vyom, run the following command:
ac vyom
Output:
total 90.68
Display the day-wise total login time of user vyom, run the following command:
ac -d vyom
Output:
Oct 7 total 0.14
Oct 9 total 6.35
Oct 10 total 9.65
Oct 13 total 2.10
Oct 14 total 10.95
Oct 15 total 15.20
Oct 17 total 15.06
Oct 18 total 12.57
Today total 18.76
Print All Users Activity
The sa command is used to print the information about all the command executed by the user’s:
sa
Output:
11250 42.15re 0.04cp 0avio 5051k
18 32.39re 0.04cp 0avio 4514k ***other*
4 0.02re 0.00cp 0avio 5253k dpkg
7 0.00re 0.00cp 0avio 4490k language-option
5 1.72re 0.00cp 0avio 3568k fping
2 2.00re 0.00cp 0avio 20912k sendmail-msp
11088 0.00re 0.00cp 0avio 4922k preload*
26 0.00re 0.00cp 0avio 68266k smbd*
12 2.00re 0.00cp 0avio 1110k sh
12 0.00re 0.00cp 0avio 1144k sendmail*
9 0.00re 0.00cp 0avio 2611k grep
8 0.00re 0.00cp 0avio 1081k run-parts
7 0.00re 0.00cp 0avio 1111k language-valida
7 0.00re 0.00cp 0avio 1089k locale
6 0.00re 0.00cp 0avio 2862k tr
5 0.00re 0.00cp 0avio 6388k bash*
5 0.00re 0.00cp 0avio 1086k ac
4 2.01re 0.00cp 0avio 6444k cron*
3 0.00re 0.00cp 0avio 1111k acct
3 0.00re 0.00cp 0avio 25696k sendmail-mta*
3 0.00re 0.00cp 0avio 2864k touch
3 0.00re 0.00cp 0avio 2856k basename
3 0.00re 0.00cp 0avio 2271k rm
3 0.00re 0.00cp 0avio 2269k cat
3 0.00re 0.00cp 0avio 700k accton
2 2.00re 0.00cp 0avio 1144k sendmail
2 0.00re 0.00cp 0avio 2154k sed
You can use -u switch to print individual users activity on system:
sa -u
Output:
root 0.00 cpu 1050k mem 0 io accton
root 0.00 cpu 1111k mem 0 io acct
root 0.00 cpu 1111k mem 0 io invoke-rc.d
root 0.00 cpu 1111k mem 0 io acct.postinst
root 0.00 cpu 1111k mem 0 io ureadahead.post
root 0.15 cpu 6528k mem 0 io dpkg
root 0.00 cpu 2864k mem 0 io touch
root 0.00 cpu 1111k mem 0 io sh
root 0.00 cpu 26272k mem 0 io apt-get *
root 0.00 cpu 4828k mem 0 io dpkg
root 0.00 cpu 4828k mem 0 io dpkg
root 0.00 cpu 4828k mem 0 io dpkg
root 2.09 cpu 12658k mem 0 io apt-get
Printing Number of Processes
You can use -m switch with sa command to print the total number of processes and CPU minutes.
sa -m
Output:
13457 46.67re 0.05cp 0avio 5052k
root 13361 37.93re 0.04cp 0avio 5068k
vyom 54 0.03re 0.01cp 0avio 2432k
smmsp 36 6.00re 0.00cp 0avio 3063k
smokeping 6 2.71re 0.00cp 0avio 3568k
You can print the highest percentage of users using -c switch:
sa -c
Output:
16283 100.00% 91.14re 100.00% 0.06cp 100.00% 0avio 5055k
15 0.09% 68.25re 74.89% 0.04cp 71.60% 0avio 4620k ***other*
7 0.04% 1.80re 1.98% 0.01cp 19.34% 0avio 2294k sa
4 0.02% 0.02re 0.02% 0.00cp 4.53% 0avio 5253k dpkg
7 0.04% 0.00re 0.00% 0.00cp 2.42% 0avio 4490k language-option
7 0.04% 3.04re 3.34% 0.00cp 0.91% 0avio 3568k fping
2 0.01% 2.00re 2.20% 0.00cp 0.60% 0avio 20912k sendmail-msp
2 0.01% 0.00re 0.00% 0.00cp 0.60% 0avio 4496k dhclient-script
16086 98.79% 0.00re 0.00% 0.00cp 0.00% 0avio 4922k preload*
38 0.23% 0.00re 0.00% 0.00cp 0.00% 0avio 68268k smbd*
12 0.07% 2.00re 2.20% 0.00cp 0.00% 0avio 1110k sh
12 0.07% 0.00re 0.00% 0.00cp 0.00% 0avio 1144k sendmail*
10 0.06% 0.00re 0.00% 0.00cp 0.00% 0avio 1080k run-parts
9 0.06% 0.00re 0.00% 0.00cp 0.00% 0avio 2611k grep
7 0.04% 0.00re 0.00% 0.00cp 0.00% 0avio 1111k language-valida
7 0.04% 0.00re 0.00% 0.00cp 0.00% 0avio 1089k locale
6 0.04% 0.00re 0.00% 0.00cp 0.00% 0avio 2862k tr
5 0.03% 0.00re 0.00% 0.00cp 0.00% 0avio 6388k bash*
5 0.03% 0.00re 0.00% 0.00cp 0.00% 0avio 1086k ac
4 0.02% 2.01re 2.20% 0.00cp 0.00% 0avio 6444k cron*
4 0.02% 0.00re 0.00% 0.00cp 0.00% 0avio 25696k sendmail-mta*
4 0.02% 0.00re 0.00% 0.00cp 0.00% 0avio 2154k sed
4 0.02% 0.00re 0.00% 0.00cp 0.00% 0avio 1974k rm
4 0.02% 0.00re 0.00% 0.00cp 0.00% 0avio 1972k cat
3 0.02% 0.00re 0.00% 0.00cp 0.00% 0avio 1111k acct
3 0.02% 0.00re 0.00% 0.00cp 0.00% 0avio 2864k touch
3 0.02% 0.00re 0.00% 0.00cp 0.00% 0avio 2856k basename
3 0.02% 0.00re 0.00% 0.00cp 0.00% 0avio 700k accton
2 0.01% 10.00re 10.97% 0.00cp 0.00% 0avio 0k kworker/u8:3*
2 0.01% 2.00re 2.20% 0.00cp 0.00% 0avio 1144k sendmail
2 0.01% 0.00re 0.00% 0.00cp 0.00% 0avio 3208k resolvconf
2 0.01% 0.00re 0.00% 0.00cp 0.00% 0avio 4494k dhclient-script*
2 0.01% 0.00re 0.00% 0.00cp 0.00% 0avio 3208k resolvconf*
List Out Last Executed Commands
If you want to get list of last executed command by users, run the following command:
lastcomm
Output:
apt-get S root pts/2 2.09 secs Wed Oct 19 22:57
dpkg root pts/2 0.00 secs Wed Oct 19 22:58
dpkg root pts/2 0.00 secs Wed Oct 19 22:58
dpkg root pts/2 0.00 secs Wed Oct 19 22:58
apt-get F root pts/2 0.00 secs Wed Oct 19 22:58
sh root pts/2 0.00 secs Wed Oct 19 22:58
touch root pts/2 0.00 secs Wed Oct 19 22:58
dpkg root pts/4 0.15 secs Wed Oct 19 22:58
ureadahead.post root pts/4 0.00 secs Wed Oct 19 22:58
acct.postinst root pts/4 0.00 secs Wed Oct 19 22:58
invoke-rc.d root pts/4 0.00 secs Wed Oct 19 22:58
acct root pts/4 0.00 secs Wed Oct 19 22:58
accton S root pts/4 0.00 secs Wed Oct 19 22:58
To list out the information about last command executed by user vyom, run the following command:
lastcomm vyom
Output:
“` language-bash
lastcomm vyom pts/4 0.00 secs Wed Oct 19 23:38
lastcomm vyom pts/4 0.77 secs Wed Oct 19 23:37
sa vyom pts/4 0.31 secs Wed Oct 19 23:25
sa vyom pts/4 0.01 secs Wed Oct 19 23:22
ac vyom pts/4 0.00 secs Wed Oct 19 23:20
ac vyom pts/4 0.00 secs Wed Oct 19 23:18
ac vyom pts/4 0.00 secs Wed Oct 19 23:12
ac vyom pts/4 0.00 secs Wed Oct 19 23:12
language-valida vyom __ 0.00 secs Wed Oct 19 23:08
language-option vyom __ 0.01 secs Wed Oct 19 23:08
sh vyom __ 0.00 secs Wed Oct 19 23:08
grep vyom __ 0.00 secs Wed Oct 19 23:08
locale vyom __ 0.00 secs Wed Oct 19 23:08
language-valida vyom __ 0.00 secs Wed Oct 19 23:08
language-option vyom __ 0.01 secs Wed Oct 19 23:08
sh vyom __ 0.00 secs Wed Oct 19 23:08
grep vyom __ 0.00 secs Wed Oct 19 23:08
locale vyom __ 0.00 secs Wed Oct 19 23:08
language-valida vyom __ 0.00 secs Wed Oct 19 23:08
language-option vyom __ 0.01 secs Wed Oct 19 23:08
sh vyom __ 0.00 secs Wed Oct 19 23:08
grep vyom __ 0.00 secs Wed Oct 19 23:08
locale vyom __ 0.00 secs Wed Oct 19 23:08
language-valida vyom __ 0.00 secs Wed Oct 19 23:08
language-option vyom __ 0.01 secs Wed Oct 19 23:08
sh vyom __ 0.00 secs Wed Oct 19 23:08
grep vyom __ 0.00 secs Wed Oct 19 23:08
locale vyom __ 0.00 secs Wed Oct 19 23:08
language-valida vyom __ 0.00 secs Wed Oct 19 23:08
language-option vyom __ 0.02 secs Wed Oct 19 23:08
sh vyom __ 0.00 secs Wed Oct 19 23:08
grep vyom __ 0.00 secs Wed Oct 19 23:08
locale vyom __ 0.00 secs Wed Oct 19 23:08
language-valida vyom __ 0.00 secs Wed Oct 19 23:08
language-option vyom __ 0.01 secs Wed Oct 19 23:08
sh vyom __ 0.00 secs Wed Oct 19 23:08
grep vyom __ 0.00 secs Wed Oct 19 23:08
locale vyom __ 0.00 secs Wed Oct 19 23:08
language-valida vyom __ 0.00 secs Wed Oct 19 23:08
language-option vyom __ 0.01 secs Wed Oct 19 23:08
sh vyom __ 0.00 secs Wed Oct 19 23:08
grep vyom __ 0.00 secs Wed Oct 19 23:08
locale vyom __ 0.00 secs Wed Oct 19 23:08
ac vyom pts/4 0.00 secs Wed Oct 19 23:08
bash F vyom pts/4 0.00 secs Wed Oct 19 23:08
bash F vyom pts/4 0.00 secs Wed Oct 19 23:08
ls vyom pts/4 0.00 secs Wed Oct 19 23:08
bash F vyom pts/4 0.00 secs Wed Oct 19 23:08
dircolors vyom pts/4 0.00 secs Wed Oct 19 23:08
bash F vyom pts/4 0.00 secs Wed Oct 19 23:08
lesspipe vyom pts/4 0.00 secs Wed Oct 19 23:08
lesspipe F vyom pts/4 0.00 secs Wed Oct 19 23:08
dirname vyom pts/4 0.00 secs Wed Oct 19 23:08
basename vyom pts/4 0.00 secs Wed Oct 19 23:08
bash F vyom pts/4 0.00 secs Wed Oct 19 23:08
groups vyom pts/4 0.00 secs Wed Oct 19 23:08
Share this Article!
