Abonnez-vous au flux

There are lots of monitoring apps for servers, and they’ve done a lot to help adoption of Linux with sysadmins who aren’t used to the Terminal or who have a real need for graphical representations of data. However, Linux has been a multi-user system since the beginning, and UNIX long before that, so there are built-in tools that go back 40 years to help you monitor who’s logged into your server, who’s using resources, and for what.

You don’t have to be paranoid or even nosy to justify keeping a close watch on a server that’s been made your responsibility. The psacct package contains several commands to gather detailed reports about user status and activity.

accton

Not all commands in the acct utilities require that you activate accounting, but many do. If you intend to use acct commands, you should enable accounting with the accton command.

To activate:

$ sudo accton on

By default, accounting records are stored in /var/account/pacct. This file could feasibly become quite large, so use logrotate or a similar tool to ensure proper log management.

To deactivate accounting:

$ sudo accton off

ac

The ac command prints statistics about connection times. If you need to get an overview of how active users have been on a system, the --individual-totals option provides that. It generates its report in hours based on logins and logouts recorded in the /var/log/wtmp file.

The accounting file wtmp is maintained by init(8) and login(1) but neither ac or login actually creates the file. If wtmp doesn’t exist, then no report is generated, but you can point ac to an alternate location using the --file option. If a wtmp file doesn’t exist on your system, you can create an empty wtmp file to enable reporting on your system.

To get a report on login times for individual users:

$ ac --individual-totals
seth     20.16
larry    43.60
curly    10.32
moe      35.11

You can also get daily totals:

$ ac --daily-totals
Jan 20  total       22.61
Jan 21  total       73.60
Jan 22  total       84.00
Jan 23  total       100.69
Jan 24  total       18.24
Jan 25  total        2.43
Jan 27  total       35.36
Today   total       62.13

lastcomm

The lastcomm command displays the last commands issued on the system for a given user. If no user is specified, then a report on the current user is generated.

$ sudo lastcomm --strict-match --user curly --tty pts/2
basename               curly   pts/2      0.00 secs Tue Jan 28 15:41
ps                     curly   pts/2      0.00 secs Tue Jan 28 15:41
bash              F    curly   pts/2      0.00 secs Tue Jan 28 15:41
manpath                curly   pts/2      0.00 secs Tue Jan 28 15:41
bash              F    curly   pts/2      0.00 secs Tue Jan 28 15:41
tclsh                  curly   pts/2      0.00 secs Tue Jan 28 15:41
bash              F    curly   pts/2      0.00 secs Tue Jan 28 15:41
bash              F    curly   pts/2      0.00 secs Tue Jan 28 15:41
sed                    curly   pts/2      0.00 secs Tue Jan 28 15:41

The commands listed by lastcomm aren’t necessarily commands a user launched interactively. For instance, simply by logging in, a user spawns nearly 40 items in the output of lastcomm, so it can be overwhelming. Coupled with grep, though, it’s an easy way to get a sense of a user’s session history.

sa

The sa command summarizes accounting information derived from the /var/account/pacct file. If you’re auditing the activities of users, then the --print-users option prints the user name before each command:

$ sudo sa --print-users
root    0.00 cpu      579k mem      0 io accton
root    0.03 cpu    64064k mem      0 io sudo 
seth    0.00 cpu    56752k mem      0 io bash         *
seth    0.00 cpu    54080k mem      0 io sed 
seth    0.00 cpu    56752k mem      0 io bash         *
larry   0.00 cpu    56752k mem      0 io bash         *
curly   0.00 cpu    56752k mem      0 io bash         *
moe     0.00 cpu    56752k mem      0 io bash         *
seth    0.00 cpu    54080k mem      0 io ls 

Alternatively, you can get just a summary for each user:

$ sudo sa --user-summary
                                     1065    2169.59re       0.97cp         0avio     49373k
seth                                  812    1117.11re       0.83cp         0avio     58163k
root                                  199    1052.42re       0.14cp         0avio     21314k
larry                                  41       0.00re       0.00cp         0avio     19403k
curly                                   1       0.06re       0.00cp         0avio      6706k
moe                                    12       0.00re       0.00cp         0avio     25888k
[...]

The columns displayed, in addition to user names, report on CPU (real time and CPU time), I/O operations per command (average and total), and so on. They can be configured using options such as --sort-tio for total I/O, --sort-cpu-avmem to sort CPU time by average memory usage, and so on. All sorting filters can be reversed with the --reverse-sort option.

User profiling

Combined with tools like who, w, and ps, you can get a sense for how users are spending system resources, which commands may be problematic, and what server upgrades could be useful in the future. Because the acct suite is terminal-based, it can be scripted and utilized by other tools, allowing you to create a customized reporting mechanism.

[ Want to try out Red Hat Enterprise Linux? Download it now for free. ]


À propos de l'auteur

Seth Kenlon is a Linux geek, open source enthusiast, free culture advocate, and tabletop gamer. Between gigs in the film industry and the tech industry (not necessarily exclusive of one another), he likes to design games and hack on code (also not necessarily exclusive of one another).

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

Parcourir par canal

automation icon

Automatisation

Les dernières nouveautés en matière d'automatisation informatique pour les technologies, les équipes et les environnements

AI icon

Intelligence artificielle

Actualité sur les plateformes qui permettent aux clients d'exécuter des charges de travail d'IA sur tout type d'environnement

open hybrid cloud icon

Cloud hybride ouvert

Découvrez comment créer un avenir flexible grâce au cloud hybride

security icon

Sécurité

Les dernières actualités sur la façon dont nous réduisons les risques dans tous les environnements et technologies

edge icon

Edge computing

Actualité sur les plateformes qui simplifient les opérations en périphérie

Infrastructure icon

Infrastructure

Les dernières nouveautés sur la plateforme Linux d'entreprise leader au monde

application development icon

Applications

À l’intérieur de nos solutions aux défis d’application les plus difficiles

Original series icon

Programmes originaux

Histoires passionnantes de créateurs et de leaders de technologies d'entreprise