This is the 27th day of my participation in Gwen Challenge
A lifelong learner, practitioner and sharer committed to the path of technology, a busy and occasionally lazy original blogger, an occasionally boring and occasionally humorous teenager.
Welcome to dig friends wechat search “Jie Ge’s IT journey” attention!
Magic, the original Linux terminal actually under the process of accounting function…
In system management, users’ consumption of resources is sometimes recorded as a basis for charging user accounts. These logs can also be used for security purposes, providing valuable information about system activity.
Linux system provides a package named PSACCt, can achieve the function of accounting.
First, PSACCT packet detection
First, we need to ensure that the psACCT package is installed on the current system, which can be checked by using the following command;
# RPM - qa | grep psacct psacct - 6.3.2-63. El6_3. 3. The x86_64Copy the code2. Psacct service on and off
To enable the accounting function, run the /etc/rc.d/init.d/psacct start or
Service psacct start command;
/etc/rc.d/init.d/psacct startCopy the codeTo disable the billing function, run the /etc/rc.d/init.d/psacct stop command or
Service psacct stop command;
/etc/rc.d/init.d/psacct stopCopy the code3. Relevant configuration files
After the accounting function is enabled, the accounting information about users and processes is recorded in the /var/account/pacct log file.
# vi /var/account/pacct
Copy the codeDuring the installation of the PSacct software package, the dumped configuration file is installed in the /etc/logrotate.d directory, and the file name is also PSacct. Once you have an accounting log, the commands provided with the PSACCT package are ready to use. Commands executed by users are recorded by psacct and stored in the /var/account/pacct file.
# cd /etc/logrotate.d # ls cups dracut httpd ppp psacct sssd syslog wpa_supplicant yum # cat psacct # Logrotate file for psacct RPM /var/account/pacct { #prerotate loses accounting records, let's no # prerotate # /usr/sbin/accton # endscript compress delaycompress notifempty daily rotate 31 create 0600 root root postrotate /usr/sbin/accton /var/account/pacct endscript }Copy the codeFour, lastcomm
Using lastcomm, you can output more detailed information from the log, showing all processes and commands that have been run by the user.
# lastcomm | more pickup S postfix __ 0.00 secs Wed May 29 00:44 crond SF, root __ 0.00 secs Wed May 29 notable day sadc S root __ 0.00 secs Wed May 29 02:20 unix_chkpwd S root __ 0.00 secs Wed May 29 02:20 grep root PTS /1 0.02 secs Wed May 29 02:16 RPM root PTS /1 2.70 secs Wed May 29 02:16Copy the code- Column 1: the name of the command to start the process.
- Column 2: flags.
- Third column: the user name of the executing process.
- Column 4: The terminal on which the command is executed.
- Column 5: Time spent executing the process.
- Column 6: On what date and time the process is executed.
5. Lastcomm Common command options
- –user: lists the records of the specified user name.
- –command: lists the same records as the specified command;
- –tty: lists the processes running on the specified terminal.
- -f: reads data from the specified file.
- –strict-match: indicates a strict match.
Six, sa
The sa command is located in the /usr/bin directory. It collects statistics on the CPU usage of previous commands and provides system resource consumption information. At the same time, this query can be more convenient to find out which specific CPU information occupies a high proportion of the relevant display.
# CD/usr/bin # ll | grep sa - rwxr-xr-x mto. 1 root root 27008 on November 23, 2013 abrt - action - save - package - data - rwxr-xr-x mto. 1 root Root 27247 September 12 2012 alsa-info lrwxrwxrwx. 1 root root 9 June 4 2016 alsa-info.sh -> alsa-info-rwxr-xr-x. 1 root root 1558624 February 22 2013 alsaloop -rwxr-xr-x. 1 root root 76888 February 22 2013 alsamixerCopy the codeExecute the command sa | more command to run the output of process occupies CPU time information.
# sa | more 544 2430102.76 re 1.50 cp 18238 k 13 21.50 re 1.38 cp 23924 k * * * other * 4 0.43 re 0.06 cp 88788 k yumBackend. 2 p y 19191.34re 0.03cp 17840k SSHD 9 4699.73re 0.01cp 19047k packagekitd 4 15410.99re 0.00cp 27092k bashCopy the code- The value of the first column: 544 This value means the number of times the process has executed;
- The value in the second column: 2430102.76re This value means “true” CPU time;
- The value in the third column is 1.50cp.
- The value represents the average CPU time consumed by the kernel in 1K CPU units.
- The result of column 5: yumbackend. py The result of this output is the name of the command that started the process.
7. Common SA parameters
- -u: lists the users running the process.
# sa - u | head - 5 root 0.00 CPU 981 k mem accton root 0.04 CPU 28384 k mem logrotate root 0.00 CPU 26528 k mem logrotate Root 0.00 CPU 26480K mem awk Root 0.00 CPU 25232K mem BasenameCopy the code- -l: outputs the system time and user time respectively.
# sa - l | head - 5, 628 re u s 21476 k 12 9985.38 0.07 0.00 15590.86 0.00 u re 0.05 s 24410 k * * * other * 60 re u 0.00 0.13 0.01 s 28050K find 11 5597.53re 0.00 U 0.00 S 18976k PackageKitd 78 0.06re 0.00 U 0.00s 29344K crond*Copy the code- -m: summarizes the CPU usage of each user.
[root@localhost bin]# sa-M 628 15590.86re 0.07cp 21476K root 610 15585.44re 0.07cp 21730k postfix 7 5.39re 0.00cp 20336K Dbus 11 0.03re 0.00cp 8148kCopy the code- Command man SA manual SYNOPSIS parameter options
Eight, ac
The ac command is in /usr/bin, and the log file is in /var/log/wtmp
Collects statistics about the online duration of a user.
# ll | grep ac | head - 3 - rwxr-xr-x mto. 1 root root 13920 on November 23, 2013 abrt - action - analyze - backtrace - rwxr-xr-x mto. 1 root root 12360 11月 23 2013 abrt-action-analysis-c -rwxr-xr-x. 1 root root 1313 11月 23 2013 abrt-action-analysis-ccpp-localCopy the code9. Common AC parameters
- If no parameter is added, only the total online time of all users is displayed.
# ac
total 246.52
Copy the code- -d: lists the total online time of all users every day.
# ac -d
Jun 4 total 43.92
Jun 5 total 72.09
May 27 total 19.28
May 28 total 101.02
Today total 10.21
Copy the code- -p: lists the total online time of each user.
# ac -p
root 246.53
total 246.53
Copy the code- To view more parameter options, run the man AC command to view details about command AC.
- It should be noted that the figures for the above times are all in hours;
Original is not easy, if you think this article is useful to you, please kindly like, comment or forward this article, because this will be my power to output more high-quality articles, thank you!
By the way, please give me some free attention! In case you get lost and don’t find me next time.
See you next time!