Home Liberties Xubuntu Mirrors Shop Links Contact

Xubuntu HOWTO

What are your users up to?

The Ubuntu repositories contain accounting tools to allow administrators to monitor process and user activities. The package these tools are contained in is named acct (short for Process Accounting.) This is what I will use for this HOWTO. acct is not installed by default.

Open your favourite terminal, and let's begin.

Install Process Accounting

To install acct in Xubuntu we first must obtain root priviledges

% sudo -s

Install acct

% aptitude install acct

(You may use apt-get or synaptic if you prefer)

Start Process Accounting

acct can now be found in the /etc/init.d/ directory.

To start the process run

% /usr/sbin/invoke-rc.d acct start
Starting process accounting: Turning on process accounting, file set to '/var/log/account/pacct'.
acct.

Using acct

Connect Time

The connect time in hours is based on logins and logouts. The ac command provides a total. This will tell us how much time users are on the box itself.

% ac

total     11434.25

Accounting By Day

The system's default login accounting file is /var/log/wtmp.

% ac -d

Sep  1 total 84.38
Sep  2 total 76.24
Sep  3 total 109.75
...

Time Totals for Users

Of course the advantage with this command is that you are able to evaluate the time that each user is on the system.

% ac -p

thirdgear 96.67
dalek 410.75
dominator 1234.86
ula 1671.09
root 113.08
hex1a4 1079.97
kosh 594.06
bartek 6234.15
total 11434.62

Commands of Users

You can search out the commands of users with the lastcomm command. This is the way to find out what your users are doing.

Explanation of Output:
Process Flag Username Terminal Time and Date
ping S hex1a4 pts/5 0.00 secs Thu Nov 30 13:39

Flags:
S -     executed as super-user
F -     executed after for but not following exec
D -     terminated with core file
X -     terminated with signal SIGTERM

% lastcomm hex1a4

firefox-bin hex1a4 ?? 0.05 secs Wed Sep 19 12:31
grep hex1a4 ?? 0.00 secs Wed Sep 19 12:31
firefox F hex1a4 ?? 0.00 secs Wed Sep 19 12:31
grep hex1a4 ?? 0.00 secs Wed Sep 19 12:31
netstat hex1a4 ?? 0.00 secs Wed Sep 19 12:30
which hex1a4 ?? 0.00 secs Wed Sep 19 12:29
dirname hex1a4 ?? 0.00 secs Wed Sep 19 12:29
basename hex1a4 ?? 0.00 secs Wed Sep 19 12:29
basename hex1a4 ?? 0.00 secs Wed Sep 19 12:29
dirname hex1a4 ?? 0.00 secs Wed Sep 19 12:29
xfce4-panel F hex1a4 ?? 0.00 secs Wed Sep 19 12:29
kbuildsycoca F hex1a4 ?? 1.19 secs Wed Sep 19 12:27
thunar-vfs-mime hex1a4 ?? 0.03 secs Wed Sep 19 12:27
Thunar F hex1a4 ?? 0.00 secs Wed Sep 19 12:27

Search Logs for Commands

Using the lastcomm command you will be able to view each use of an individual command.

% lastcomm aptitude

aptitude S X root stderr 2.41 secs Wed Sep 19 16:30
aptitude S X root stderr 2.29 secs Wed Sep 19 15:14
aptitude S X root stderr 2.58 secs Wed Sep 19 15:13
aptitude S root stderr 3.12 secs Wed Sep 19 13:41
aptitude F root stderr 0.00 secs Wed Sep 19 13:47
aptitude S root stderr 2.14 secs Wed Sep 19 13:40
aptitude root ?? 0.00 secs Wed Sep 19 07:35

Print Summary

The sa command will print a summary of commands that were executed.

/usr/sbin/sa

Print User Information

Use the -u option to provide information on individual users.

% sa -u

    root       0.00 cpu     1524k mem      0 io local          
    postgres   0.00 cpu     9326k mem      0 io postgres        *
    root       0.01 cpu      465k mem      0 io lastcomm       
    dalek      0.00 cpu      741k mem      0 io date           
    root       0.00 cpu     1524k mem      0 io local          
    postgres   0.00 cpu     9326k mem      0 io postgres        *
    root       0.02 cpu      465k mem      0 io lastcomm       
    root       0.01 cpu      464k mem      0 io lastcomm       
    dalek      0.00 cpu      741k mem      0 io date           
    ula        0.00 cpu      683k mem      0 io thunar-vfs-mime
    ula        0.00 cpu    24336k mem      0 io Thunar          *
    root       0.01 cpu      464k mem      0 io lastcomm       
    ula        1.21 cpu     7812k mem      0 io kbuildsycoca    *
    hex1a4     0.00 cpu    26736k mem      0 io Thunar          *
    hex1a4     0.02 cpu      684k mem      0 io thunar-vfs-mime
    hex1a4     1.25 cpu     7814k mem      0 io kbuildsycoca    *
    root       0.00 cpu     1523k mem      0 io local          
    postgres   0.00 cpu     9326k mem      0 io postgres        *
    dalek      0.00 cpu      742k mem      0 io date           
    root       0.00 cpu     1523k mem      0 io local          
    postgres   0.00 cpu     9326k mem      0 io postgres        *
    hex1a4     0.00 cpu      752k mem      0 io thunar-vfs-upda
    dalek      0.00 cpu      741k mem      0 io date           
    

Display Number of Processes

An increase in these fields indicates a problem. This can be used to evaluate the actions of specific programs as well. This way you can determine where system resources are going.

% sa -m

                               7954    4258.20re       9.25cp         0avio      2204k
    hex1a4                      367      27.14re       4.82cp         0avio     10928k
    ula                         374      43.38re       3.34cp         0avio     10038k
    root                       6074    2987.53re       1.08cp         0avio       683k
    postgres                    555       0.12re       0.00cp         0avio      9326k
    man                          10       0.01re       0.00cp         0avio       896k
    postfix                      12    1199.92re       0.00cp         0avio      1244k
    dalek                       553       0.09re       0.00cp         0avio       741k
    nobody                        9       0.00re       0.00cp         0avio       429k
    

$Xubuntu HOWTO: What are your users up to?; v1.0.2; 06.09.2008$

del.icio.us tag it digg it sphinn facebook technorati slashdot

Boycott Trend Micro

submit to reddit

$xubuntu HOWTOs; v1.1.7; 03.12.2008$