[Next] [Previous] [Up] [Top] [Contents]

5.10 Log files

5.10.2 Process Accounting

Process accounting information is contained in the file /var/adm/pacct. Support for system accounting must be built into the kernel for SunOS 4.1.X with "options SYSACCT" and "pseudo-device sysacct" lines in the configuration file. It's turned on with the accton command in /etc/rc.

A summary of accounting information is kept in the file /var/adm/savacct.

The program, /usr/ucb/lastcomm, is used to show all commands run since accounting was started (/var/adm/pacct was created).

Statistics on each process, e.g. number of times called, CPU minutes, total elapsed time, etc., is given by the /usr/etc/sa command. It gets this information from /var/adm/pacct and puts it into /var/adm/savacct.

A record of all logins and logouts is kept in /var/adm/wtmp.

The record of current users is kept in /etc/utmp.

To list all user logins since /var/adm/wtmp was created use the /usr/ucb/last command, e.g.:

% last

amit ttyp0 ivy Tue May 15 16:54 - 16:55 (00:01)
chohan ttyp7 galifrey.acs.oh Tue May 15 13:04 - 17:05 (04:00)
amit ttyp7 slippry1.acs.oh Tue May 15 12:49 - 12:51 (00:01)
chohan ttyp8 charm.acs.ohio- Tue May 15 12:19 - 12:21 (00:01)

To show the connect time of all users since /var/adm/wtmp was created use /usr/etc/ac or /usr/lib/acct/acctcon.

The file /var/adm/lastlog keeps the last login record for each user.

The general system message and error log file is /var/adm/messages and /var/log/syslog, as specified in /etc/syslog.conf.

The script, /usr/lib/newsyslog, is run periodically by cron to clean up /var/adm/messages and /var/log/syslog. You should modify this script, or write your own, to properly update all your log files.

Unix System Administration - 8 AUG 1996
[Next] [Previous] [Up] [Top] [Contents]