HOW TO ENABLE PROCESS ACCOUNTING ON LINUX
                                       
   
   
   _Last updated: Fri Aug 8 09:25:58 HKT 1997_
   
   
        Preamble: This document is copylefted by Albert M.C. Tam
        (bertie@scn.org). Permission to use, copy, distribute this document for
        non-commerical purposes is hereby granted, provided that the author's /
        editor's name and this notice appear in all copies and/or supporting
        documents; that this document is not modified. This document is
        distributed in hope that it will be useful, but WITHOUT ANY WARRANTY,
        either expressed or implied. While every effort has been taken to
        ensure the accuracy of the information documented herein, the author /
        editor / maintainer assumes NO RESPONSIBILITY for errors, or for
        damages results for the use of the information documented herein.
        
   
   
   
   This document describes how to enable system process accounting on a
   Linux host, and the usage of various process accounting commands. It
   is intended for users running kernel version greater than or equal to
   1.3.73 (recently tested on RedHat 4.1 kernel 2.0.27). Kernels older
   than 1.3.73 may need a patch in order to use the process accounting
   feature.
   
   Feel free to send any feedback or comments to bertie@scn.org if you
   find an error, or if any information is missing. I appreciate it.
   
   
     _________________________________________________________________
   
   
   
What is Process Accounting?

   
   
   Process accounting is the method of recording and summarizing commands
   executed on Linux. The modern Linux kernel is capable of keeping
   process accounting records for the commands being run, the user who
   executed the command, the CPU time, and much more.
   
   Process accounting enables you to keep detailed accounting information
   for the system resources used, their allocation among users, and
   system monitoring.
   
Current Status of Process Accounting under Linux

   
   
   Process accounting support has been integrated into the newer kernels
   (version >= 1.3.73). If you are running an older kernel, you may need
   some patch files. The patches are available from
   
   ftp://iguana.hut.fi/pub/linux/Kernel/process_accounting 
       
   
   
Requirements for Process Accounting on Linux

   
   
   _Kernel_
   
   Linux Kernel version greater than or equal to version 1.3.73, I
   recommended 2.x. The kernel source is available from
   
   http://sunsite.unc.edu/pub/Linux/kernel/v2.0 
       
   
   
   _Process accounting software_
   
   Depending on the Linux distribution you have, you may, or may not have
   the process accounting software package installed on your system. If
   you don't have it, try downloading the package from
   
   http://sunsite.unc.edu/pub/Linux/system/admin/quota-acct-modified.tgz 
       
   
   
   
     _________________________________________________________________
   
   
   
Process Accounting Setup on Linux

   
   
   _1. Compile and install process accounting softwares_
   
   The process accounting software package is available from
   
   http://sunsite.unc.edu/pub/Linux/system/admin/quota-acct-modified.tgz 
       
   
   
   _2. Modify your system init script and turn on process accounting at
   boot time _
   
   Here's an example:
   

        # Turn process accounting on.
        if [ -x /sbin/accton ]
        then
                /sbin/accton /var/log/pacct
                echo "Process accounting turned on."
        fi

   
   
   _3. Create accounting record file "pacct"_
   
   Your process accounting softwares will print out all commands executed
   to the file /var/log/pacct by default.
   
   To create the accounting record file:
   

        touch /var/log/pacct

   
   
   This record file should be owned by root, has read-write permission
   for root, and read permission for anybody else:

        chown root /var/log/pacct
        chmod 0644 /var/log/pacct

   
   
   _4. Reboot_
   
   Now reboot your system for changes you made to take effect.
   
   
     _________________________________________________________________
   
   
   
Miscellaneous Process Accounting Commands

   
   
   _ac_
   
   ac prints out statistics about users' connection time in hours, based
   on the logins and logouts in the current /var/log/wtmp file. ac is
   also capable of printing out time totals for each day (-d option), and
   for each user (-p option).
   
   _accton_
   
   accton is used to turn on or turn off process accounting. The file is
   normally executed at system bootup or shutdown via system init
   scripts.
   
   _last_
   
   last goes through the /var/log/wtmp file and prints out information
   about connection times of users.
   
   _sa_
   
   sa summarizes accounting information from previously executed
   commands, software I/O operation times, CPU times, as recorded in the
   accounting record file /var/account/pacct.
   
   _lastcomm_
   
   lastcomm prints out the information about all previously executed
   commands, recorded in /var/account/pacct.