There are lots of monitoring apps for servers, and they’ve done a lot to help adoption of Linux with sysadmins who aren’t used to the Terminal or who have a real need for graphical representations of data. However, Linux has been a multi-user system since the beginning, and UNIX long before that, so there are built-in tools that go back 40 years to help you monitor who’s logged into your server, who’s using resources, and for what.
You don’t have to be paranoid or even nosy to justify keeping a close watch on a server that’s been made your responsibility. The psacct package contains several commands to gather detailed reports about user status and activity.
accton
Not all commands in the acct
utilities require that you activate accounting, but many do. If you intend to use acct
commands, you should enable accounting with the accton
command.
To activate:
$ sudo accton on
By default, accounting records are stored in /var/account/pacct
. This file could feasibly become quite large, so use logrotate
or a similar tool to ensure proper log management.
To deactivate accounting:
$ sudo accton off
ac
The ac
command prints statistics about connection times. If you need to get an overview of how active users have been on a system, the --individual-totals
option provides that. It generates its report in hours based on logins and logouts recorded in the /var/log/wtmp
file.
The accounting file wtmp
is maintained by init(8)
and login(1)
but neither ac
or login
actually creates the file. If wtmp
doesn’t exist, then no report is generated, but you can point ac
to an alternate location using the --file
option. If a wtmp
file doesn’t exist on your system, you can create an empty wtmp
file to enable reporting on your system.
To get a report on login times for individual users:
$ ac --individual-totals
seth 20.16
larry 43.60
curly 10.32
moe 35.11
You can also get daily totals:
$ ac --daily-totals
Jan 20 total 22.61
Jan 21 total 73.60
Jan 22 total 84.00
Jan 23 total 100.69
Jan 24 total 18.24
Jan 25 total 2.43
Jan 27 total 35.36
Today total 62.13
lastcomm
The lastcomm
command displays the last commands issued on the system for a given user. If no user is specified, then a report on the current user is generated.
$ sudo lastcomm --strict-match --user curly --tty pts/2
basename curly pts/2 0.00 secs Tue Jan 28 15:41
ps curly pts/2 0.00 secs Tue Jan 28 15:41
bash F curly pts/2 0.00 secs Tue Jan 28 15:41
manpath curly pts/2 0.00 secs Tue Jan 28 15:41
bash F curly pts/2 0.00 secs Tue Jan 28 15:41
tclsh curly pts/2 0.00 secs Tue Jan 28 15:41
bash F curly pts/2 0.00 secs Tue Jan 28 15:41
bash F curly pts/2 0.00 secs Tue Jan 28 15:41
sed curly pts/2 0.00 secs Tue Jan 28 15:41
The commands listed by lastcomm
aren’t necessarily commands a user launched interactively. For instance, simply by logging in, a user spawns nearly 40 items in the output of lastcomm
, so it can be overwhelming. Coupled with grep
, though, it’s an easy way to get a sense of a user’s session history.
sa
The sa
command summarizes accounting information derived from the /var/account/pacct
file. If you’re auditing the activities of users, then the --print-users
option prints the user name before each command:
$ sudo sa --print-users
root 0.00 cpu 579k mem 0 io accton
root 0.03 cpu 64064k mem 0 io sudo
seth 0.00 cpu 56752k mem 0 io bash *
seth 0.00 cpu 54080k mem 0 io sed
seth 0.00 cpu 56752k mem 0 io bash *
larry 0.00 cpu 56752k mem 0 io bash *
curly 0.00 cpu 56752k mem 0 io bash *
moe 0.00 cpu 56752k mem 0 io bash *
seth 0.00 cpu 54080k mem 0 io ls
Alternatively, you can get just a summary for each user:
$ sudo sa --user-summary
1065 2169.59re 0.97cp 0avio 49373k
seth 812 1117.11re 0.83cp 0avio 58163k
root 199 1052.42re 0.14cp 0avio 21314k
larry 41 0.00re 0.00cp 0avio 19403k
curly 1 0.06re 0.00cp 0avio 6706k
moe 12 0.00re 0.00cp 0avio 25888k
[...]
The columns displayed, in addition to user names, report on CPU (real time and CPU time), I/O operations per command (average and total), and so on. They can be configured using options such as --sort-tio
for total I/O, --sort-cpu-avmem
to sort CPU time by average memory usage, and so on. All sorting filters can be reversed with the --reverse-sort
option.
User profiling
Combined with tools like who, w, and ps, you can get a sense for how users are spending system resources, which commands may be problematic, and what server upgrades could be useful in the future. Because the acct
suite is terminal-based, it can be scripted and utilized by other tools, allowing you to create a customized reporting mechanism.
[ Want to try out Red Hat Enterprise Linux? Download it now for free. ]
Sobre el autor
Seth Kenlon is a Linux geek, open source enthusiast, free culture advocate, and tabletop gamer. Between gigs in the film industry and the tech industry (not necessarily exclusive of one another), he likes to design games and hack on code (also not necessarily exclusive of one another).
Navegar por canal
Automatización
Las últimas novedades en la automatización de la TI para los equipos, la tecnología y los entornos
Inteligencia artificial
Descubra las actualizaciones en las plataformas que permiten a los clientes ejecutar cargas de trabajo de inteligecia artificial en cualquier lugar
Nube híbrida abierta
Vea como construimos un futuro flexible con la nube híbrida
Seguridad
Vea las últimas novedades sobre cómo reducimos los riesgos en entornos y tecnologías
Edge computing
Conozca las actualizaciones en las plataformas que simplifican las operaciones en el edge
Infraestructura
Vea las últimas novedades sobre la plataforma Linux empresarial líder en el mundo
Aplicaciones
Conozca nuestras soluciones para abordar los desafíos más complejos de las aplicaciones
Programas originales
Vea historias divertidas de creadores y líderes en tecnología empresarial
Productos
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Servicios de nube
- Ver todos los productos
Herramientas
- Training y Certificación
- Mi cuenta
- Soporte al cliente
- Recursos para desarrolladores
- Busque un partner
- Red Hat Ecosystem Catalog
- Calculador de valor Red Hat
- Documentación
Realice pruebas, compras y ventas
Comunicarse
- Comuníquese con la oficina de ventas
- Comuníquese con el servicio al cliente
- Comuníquese con Red Hat Training
- Redes sociales
Acerca de Red Hat
Somos el proveedor líder a nivel mundial de soluciones empresariales de código abierto, incluyendo Linux, cloud, contenedores y Kubernetes. Ofrecemos soluciones reforzadas, las cuales permiten que las empresas trabajen en distintas plataformas y entornos con facilidad, desde el centro de datos principal hasta el extremo de la red.
Seleccionar idioma
Red Hat legal and privacy links
- Acerca de Red Hat
- Oportunidades de empleo
- Eventos
- Sedes
- Póngase en contacto con Red Hat
- Blog de Red Hat
- Diversidad, igualdad e inclusión
- Cool Stuff Store
- Red Hat Summit