The Ubuntu repositories contain accounting tools to allow administrators to monitor process and user activities. The package these tools are contained in is named acct (short for Process Accounting.) This is what I will use for this HOWTO. acct is not installed by default.
Open your favourite terminal, and let's begin.
To install acct in Xubuntu we first must obtain root priviledges
% sudo -s
Install acct
% aptitude install acct
(You may use apt-get
or synaptic
if you prefer)
acct
can now be found in the /etc/init.d/
directory.
To start the process run
% /usr/sbin/invoke-rc.d acct start
Starting process accounting: Turning on process accounting, file set to '/var/log/account/pacct'.
acct.
The connect time in hours is based on logins and logouts. The ac
command provides a total. This will tell us how much time users are on the box itself.
% ac
total 11434.25
The system's default login accounting file is /var/log/wtmp
.
% ac -d
Sep 1 | total | 84.38 |
Sep 2 | total | 76.24 |
Sep 3 | total | 109.75 |
... |
Of course the advantage with this command is that you are able to evaluate the time that each user is on the system.
% ac -p
thirdgear | 96.67 |
dalek | 410.75 |
dominator | 1234.86 |
ula | 1671.09 |
root | 113.08 |
hex1a4 | 1079.97 |
kosh | 594.06 |
bartek | 6234.15 |
total | 11434.62 |
You can search out the commands of users with the lastcomm command. This is the way to find out what your users are doing.
Process | Flag | Username | Terminal | Time and Date |
ping | S | hex1a4 | pts/5 | 0.00 secs Thu Nov 30 13:39 |
Flags:
S - executed as super-user
F - executed after for but not following exec
D - terminated with core file
X - terminated with signal SIGTERM
% lastcomm hex1a4
firefox-bin | hex1a4 | ?? | 0.05 secs Wed Sep 19 12:31 | |
grep | hex1a4 | ?? | 0.00 secs Wed Sep 19 12:31 | |
firefox | F | hex1a4 | ?? | 0.00 secs Wed Sep 19 12:31 |
grep | hex1a4 | ?? | 0.00 secs Wed Sep 19 12:31 | |
netstat | hex1a4 | ?? | 0.00 secs Wed Sep 19 12:30 | |
which | hex1a4 | ?? | 0.00 secs Wed Sep 19 12:29 | |
dirname | hex1a4 | ?? | 0.00 secs Wed Sep 19 12:29 | |
basename | hex1a4 | ?? | 0.00 secs Wed Sep 19 12:29 | |
basename | hex1a4 | ?? | 0.00 secs Wed Sep 19 12:29 | |
dirname | hex1a4 | ?? | 0.00 secs Wed Sep 19 12:29 | |
xfce4-panel | F | hex1a4 | ?? | 0.00 secs Wed Sep 19 12:29 |
kbuildsycoca | F | hex1a4 | ?? | 1.19 secs Wed Sep 19 12:27 |
thunar-vfs-mime | hex1a4 | ?? | 0.03 secs Wed Sep 19 12:27 | |
Thunar | F | hex1a4 | ?? | 0.00 secs Wed Sep 19 12:27 |
Using the lastcomm command you will be able to view each use of an individual command.
% lastcomm aptitude
aptitude | S | X | root | stderr | 2.41 secs | Wed Sep 19 16:30 |
aptitude | S | X | root | stderr | 2.29 secs | Wed Sep 19 15:14 |
aptitude | S | X | root | stderr | 2.58 secs | Wed Sep 19 15:13 |
aptitude | S | root | stderr | 3.12 secs | Wed Sep 19 13:41 | |
aptitude | F | root | stderr | 0.00 secs | Wed Sep 19 13:47 | |
aptitude | S | root | stderr | 2.14 secs | Wed Sep 19 13:40 | |
aptitude | root | ?? | 0.00 secs | Wed Sep 19 07:35 |
The sa
command will print a summary of commands that were executed.
/usr/sbin/sa
Use the -u
option to provide information on individual users.
% sa -u
root 0.00 cpu 1524k mem 0 io local postgres 0.00 cpu 9326k mem 0 io postgres * root 0.01 cpu 465k mem 0 io lastcomm dalek 0.00 cpu 741k mem 0 io date root 0.00 cpu 1524k mem 0 io local postgres 0.00 cpu 9326k mem 0 io postgres * root 0.02 cpu 465k mem 0 io lastcomm root 0.01 cpu 464k mem 0 io lastcomm dalek 0.00 cpu 741k mem 0 io date ula 0.00 cpu 683k mem 0 io thunar-vfs-mime ula 0.00 cpu 24336k mem 0 io Thunar * root 0.01 cpu 464k mem 0 io lastcomm ula 1.21 cpu 7812k mem 0 io kbuildsycoca * hex1a4 0.00 cpu 26736k mem 0 io Thunar * hex1a4 0.02 cpu 684k mem 0 io thunar-vfs-mime hex1a4 1.25 cpu 7814k mem 0 io kbuildsycoca * root 0.00 cpu 1523k mem 0 io local postgres 0.00 cpu 9326k mem 0 io postgres * dalek 0.00 cpu 742k mem 0 io date root 0.00 cpu 1523k mem 0 io local postgres 0.00 cpu 9326k mem 0 io postgres * hex1a4 0.00 cpu 752k mem 0 io thunar-vfs-upda dalek 0.00 cpu 741k mem 0 io date
An increase in these fields indicates a problem. This can be used to evaluate the actions of specific programs as well. This way you can determine where system resources are going.
% sa -m
7954 4258.20re 9.25cp 0avio 2204k hex1a4 367 27.14re 4.82cp 0avio 10928k ula 374 43.38re 3.34cp 0avio 10038k root 6074 2987.53re 1.08cp 0avio 683k postgres 555 0.12re 0.00cp 0avio 9326k man 10 0.01re 0.00cp 0avio 896k postfix 12 1199.92re 0.00cp 0avio 1244k dalek 553 0.09re 0.00cp 0avio 741k nobody 9 0.00re 0.00cp 0avio 429k
$Xubuntu HOWTO: What are your users up to?; v1.0.2; 06.09.2008$
$xubuntu HOWTOs; v1.1.7; 03.12.2008$