{"id":13163,"date":"2019-04-01T03:55:16","date_gmt":"2019-04-01T03:55:16","guid":{"rendered":"http:\/\/www.appservgrid.com\/paw92\/?p=13163"},"modified":"2019-04-01T03:55:16","modified_gmt":"2019-04-01T03:55:16","slug":"how-to-monitor-user-activity-with-psacct-or-acct-tools","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/04\/01\/how-to-monitor-user-activity-with-psacct-or-acct-tools\/","title":{"rendered":"How to Monitor User Activity with psacct or acct Tools"},"content":{"rendered":"

psacct<\/strong>\u00a0or\u00a0acct<\/strong>\u00a0both are open source application for monitoring users activities on the system. These applications runs in the background and keeps track of each users activity on your system as well as what resources are being consumed.<\/p>\n

I personally used this program in our company, we have development team where our developers continuously work on servers. So, this is one of best program to keep a eye on them. This program provides an excellent way to monitor what users are doing, what commands are they firing, how much resources are being consumed by them, how long users are active on the system. Another great feature of this program is it gives total resources consumed by services like Apache, MySQL, FTP,SSH etc.<\/p>\n

Read Also<\/strong>:\u00a0Monitor Linux Commands Executed by System Users in Real-time<\/a><\/p>\n

I think this is one of the great and must needed application for every\u00a0Linux\/Unix<\/strong>\u00a0System Administrators<\/strong>, who wanted to keep a track of user activities on their servers\/systems.<\/p>\n

The\u00a0psacct<\/strong>\u00a0or\u00a0acct<\/strong>\u00a0package provides several features for monitoring process activities.<\/p>\n

    \n
  1. ac<\/strong>\u00a0command prints the statistics of user logins\/logouts (connect time) in hours.<\/li>\n
  2. lastcomm<\/strong>\u00a0command prints the information of previously executed commands of user.<\/li>\n
  3. accton<\/strong>\u00a0commands is used to turn on\/off process for accounting.<\/li>\n
  4. sa<\/strong>\u00a0command summarizes information of previously executed commands.<\/li>\n
  5. last<\/strong>\u00a0and\u00a0lastb<\/strong>\u00a0commands show listing of last logged in users.<\/li>\n<\/ol>\n

    Installing psacct or acct Packages<\/h3>\n

    psacct<\/strong>\u00a0or\u00a0acct<\/strong>\u00a0both are similar packages and there is not much difference between them, but the\u00a0psacct<\/strong>package only available for rpm based distributions such as\u00a0RHEL<\/strong>,\u00a0CentOS<\/strong>\u00a0and\u00a0Fedora<\/strong>, whereas\u00a0acct<\/strong>\u00a0package available for distributions like\u00a0Ubuntu<\/strong>,\u00a0Debian<\/strong>\u00a0and\u00a0Linux Mint<\/strong>.<\/p>\n

    To install\u00a0psacct<\/strong>\u00a0package under rpm based distributions issue the following\u00a0yum<\/strong>\u00a0command.<\/p>\n

    # yum install psacct<\/pre>\n
    To install\u00a0acct<\/strong>\u00a0package using\u00a0apt-get<\/strong>\u00a0command under\u00a0Ubuntu<\/strong>\u00a0\/\u00a0Debian<\/strong>\u00a0\/\u00a0Linux Mint<\/strong>.<\/p>\n
    $ sudo apt-get install acct\r\n\r\nOR\r\n\r\n# apt-get install acct<\/pre>\n
    Starting psacct or acct service<\/h5>\n
    By default\u00a0psacct<\/strong>\u00a0service is in disabled mode and you need to start it manually under\u00a0RHEL<\/strong>\/CentOS<\/strong>\/Fedora<\/strong>systems. Use the following command to check the status of service.<\/p>\n
    # \/etc\/init.d\/psacct status\r\nProcess accounting is disabled.<\/pre>\n
    You see the status showing as disabled, so let\u2019s start it manually using the following both commands. These two commands will create a\u00a0\/var\/account\/pacct<\/strong>\u00a0file and start services.<\/p>\n
    # chkconfig psacct on\r\n# \/etc\/init.d\/psacct start\r\nStarting process accounting:                               [  OK  ]<\/pre>\n
    After starting service, check the status again, you will get status as enabled as shown below.<\/p>\n
    # \/etc\/init.d\/psacct status\r\nProcess accounting is enabled.<\/pre>\n
    Under\u00a0Ubuntu<\/strong>,\u00a0Debian<\/strong>\u00a0and\u00a0Mint<\/strong>\u00a0service is started automatically, you don\u2019t need to start it again.<\/p>\n
    Display Statistics of Users Connect Time<\/h5>\n
    ac<\/strong>\u00a0command without specifying any argument will displays total statistics of connect time in hours based on the user logins\/logouts from the current\u00a0wtmp<\/strong>\u00a0file.<\/p>\n
    # ac<\/pre>\n
    total     1814.03<\/pre>\n
    Display Statistics of Users Day-wise<\/h5>\n
    Using command \u201cac -d<\/strong>\u201d will prints out the total login time in hours by day-wise.<\/p>\n
    # ac -d<\/pre>\n
    Sep 17  total        5.23\r\nSep 18  total       15.20\r\nSep 24  total        3.21\r\nSep 25  total        2.27\r\nSep 26  total        2.64\r\nSep 27  total        6.19\r\nOct  1  total        6.41\r\nOct  3  total        2.42\r\nOct  4  total        2.52\r\nOct  5  total        6.11\r\nOct  8  total       12.98\r\nOct  9  total       22.65\r\nOct 11  total       16.18<\/pre>\n
    Display Time Totals for each User<\/h5>\n
    Using command \u201cac -p<\/strong>\u201d will print the total login time of each user in hours.<\/p>\n
    # ac -p<\/pre>\n
            root                              1645.18\r\n        tecmint                            168.96\r\n        total     1814.14<\/pre>\n
    Display Individual User Time<\/h5>\n
    To get the total login statistics time of user \u201ctecmint<\/strong>\u201d in hours, use the command as.<\/p>\n
    # ac tecmint<\/pre>\n
     total      168.96<\/pre>\n
    Display Day-Wise Logn Time of User<\/h5>\n
    The following command will prints the day-wise total login time of user \u201ctecmint<\/strong>\u201d in hours.<\/p>\n
    # ac -d tecmint<\/pre>\n
    Oct 11  total        8.01\r\nOct 12  total       24.00\r\nOct 15  total       70.50\r\nOct 16  total       23.57\r\nOct 17  total       24.00\r\nOct 18  total       18.70\r\nNov 20  total        0.18<\/pre>\n
    Print All Account Activity Information<\/h5>\n
    The \u201csa<\/strong>\u201d command is used to print the summary of commands that were executed by users.<\/p>\n
    # sa<\/pre>\n
           2       9.86re       0.00cp     2466k   sshd*\r\n       8       1.05re       0.00cp     1064k   man\r\n       2      10.08re       0.00cp     2562k   sshd\r\n      12       0.00re       0.00cp     1298k   psacct\r\n       2       0.00re       0.00cp     1575k   troff\r\n      14       0.00re       0.00cp      503k   ac\r\n      10       0.00re       0.00cp     1264k   psacct*\r\n      10       0.00re       0.00cp      466k   consoletype\r\n       9       0.00re       0.00cp      509k   sa\r\n       8       0.02re       0.00cp      769k   udisks-helper-a\r\n       6       0.00re       0.00cp     1057k   touch\r\n       6       0.00re       0.00cp      592k   gzip\r\n       6       0.00re       0.00cp      465k   accton\r\n       4       1.05re       0.00cp     1264k   sh*\r\n       4       0.00re       0.00cp     1264k   nroff*\r\n       2       1.05re       0.00cp     1264k   sh\r\n       2       1.05re       0.00cp     1120k   less\r\n       2       0.00re       0.00cp     1346k   groff\r\n       2       0.00re       0.00cp     1383k   grotty\r\n       2       0.00re       0.00cp     1053k   mktemp\r\n       2       0.00re       0.00cp     1030k   iconv\r\n       2       0.00re       0.00cp     1023k   rm\r\n       2       0.00re       0.00cp     1020k   cat\r\n       2       0.00re       0.00cp     1018k   locale\r\n       2       0.00re       0.00cp      802k   gtbl<\/pre>\n
    Where<\/h5>\n
      \n
    1. 9.86re<\/strong>\u00a0is a \u201creal time<\/strong>\u201d as per wall clock minutes<\/li>\n
    2. 0.01cp<\/strong>\u00a0is a sum of system\/user time in cpu minutes<\/li>\n
    3. 2466k<\/strong>\u00a0is a cpu-time averaged core usage, i.e.\u00a01k<\/strong>\u00a0units<\/li>\n
    4. sshd<\/strong>\u00a0command name<\/li>\n<\/ol>\n
      Print Individual User Information<\/h5>\n
      To get the information of individual user, use the options\u00a0-u<\/strong>.<\/p>\n
      # sa -u<\/pre>\n
      root       0.00 cpu      465k mem accton\r\nroot       0.00 cpu     1057k mem touch\r\nroot       0.00 cpu     1298k mem psacct\r\nroot       0.00 cpu      466k mem consoletype\r\nroot       0.00 cpu     1264k mem psacct           *\r\nroot       0.00 cpu     1298k mem psacct\r\nroot       0.00 cpu      466k mem consoletype\r\nroot       0.00 cpu     1264k mem psacct           *\r\nroot       0.00 cpu     1298k mem psacct\r\nroot       0.00 cpu      466k mem consoletype\r\nroot       0.00 cpu     1264k mem psacct           *\r\nroot       0.00 cpu      465k mem accton\r\nroot       0.00 cpu     1057k mem touch<\/pre>\n
      Print Number of Processes<\/h5>\n
      This command prints the total number of processes and CPU minutes. If you see continue increase in these numbers, then its time to look into the system about what is happening.<\/p>\n
      # sa -m<\/pre>\n
      sshd                                    2       9.86re       0.00cp     2466k\r\nroot                                  127      14.29re       0.00cp      909k<\/pre>\n
      Print Sort by Percentage<\/h5>\n
      The command \u201csa -c<\/strong>\u201d displays the highest percentage of users.<\/p>\n
      # sa -c<\/pre>\n
       132  100.00%      24.16re  100.00%       0.01cp  100.00%      923k\r\n       2    1.52%       9.86re   40.83%       0.00cp   53.33%     2466k   sshd*\r\n       8    6.06%       1.05re    4.34%       0.00cp   20.00%     1064k   man\r\n       2    1.52%      10.08re   41.73%       0.00cp   13.33%     2562k   sshd\r\n      12    9.09%       0.00re    0.01%       0.00cp    6.67%     1298k   psacct\r\n       2    1.52%       0.00re    0.00%       0.00cp    6.67%     1575k   troff\r\n      18   13.64%       0.00re    0.00%       0.00cp    0.00%      509k   sa\r\n      14   10.61%       0.00re    0.00%       0.00cp    0.00%      503k   ac\r\n      10    7.58%       0.00re    0.00%       0.00cp    0.00%     1264k   psacct*\r\n      10    7.58%       0.00re    0.00%       0.00cp    0.00%      466k   consoletype\r\n       8    6.06%       0.02re    0.07%       0.00cp    0.00%      769k   udisks-helper-a\r\n       6    4.55%       0.00re    0.00%       0.00cp    0.00%     1057k   touch\r\n       6    4.55%       0.00re    0.00%       0.00cp    0.00%      592k   gzip\r\n       6    4.55%       0.00re    0.00%       0.00cp    0.00%      465k   accton\r\n       4    3.03%       1.05re    4.34%       0.00cp    0.00%     1264k   sh*\r\n       4    3.03%       0.00re    0.00%       0.00cp    0.00%     1264k   nroff*\r\n       2    1.52%       1.05re    4.34%       0.00cp    0.00%     1264k   sh\r\n       2    1.52%       1.05re    4.34%       0.00cp    0.00%     1120k   less\r\n       2    1.52%       0.00re    0.00%       0.00cp    0.00%     1346k   groff\r\n       2    1.52%       0.00re    0.00%       0.00cp    0.00%     1383k   grotty\r\n       2    1.52%       0.00re    0.00%       0.00cp    0.00%     1053k   mktemp<\/pre>\n
      List Last Executed Commands of User<\/h5>\n
      The \u2018latcomm<\/strong>\u2018 command is used to search and display previously executed user commands information. You can also search commands of individual usernames. For example, we see commands of user (tecmint<\/strong>).<\/p>\n
      # lastcomm tecmint<\/pre>\n
      su                      tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nls                      tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nls                      tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nls                      tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nbash               F    tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nid                      tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\ngrep                    tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\ngrep                    tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nbash               F    tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\ndircolors               tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nbash               F    tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\ntput                    tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\ntty                     tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nbash               F    tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nid                      tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nbash               F    tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nid                      tecmint  pts\/0      0.00 secs Wed Feb 13 15:56<\/pre>\n
      Search Logs for Commands<\/h5>\n
      With the help of the\u00a0lastcomm<\/strong>\u00a0command you will be able to view individual use of an each commands.<\/p>\n
      # lastcomm ls<\/pre>\n
      ls                      tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nls                      tecmint  pts\/0      0.00 secs Wed Feb 13 15:56\r\nls                      tecmint  pts\/0      0.00 secs Wed Feb 13 15:56<\/pre>\n
      Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
      psacct\u00a0or\u00a0acct\u00a0both are open source application for monitoring users activities on the system. These applications runs in the background and keeps track of each users activity on your system as well as what resources are being consumed. I personally used this program in our company, we have development team where our developers continuously work on servers. … <\/p>\n
      Continue reading “How to Monitor User Activity with psacct or acct Tools”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13163","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=13163"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13163\/revisions"}],"predecessor-version":[{"id":13164,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13163\/revisions\/13164"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=13163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=13163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=13163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}