星期日 八月 05, 2007
今日点击: 44
星期日 八月 05, 2007
1. Process Accounting
Process accounting is performed by the system kernel. Upon termination of a process, one record per process is written to a file (normally /var/adm/pacct). The accounting information is initiated when creating one new process using fork(2). exec(2) will not create accounting information, even though it will change the program name in accounting structure.
- accton(1M): specify on/off the accounting file which will be written process accounting information.
- acctcom(1): search and print process accounting files. It reports only on processes that have terminated; use ps(1) for active processes.
2. User Accounting
- /var/adm/utmpx: this database file contains user access and accounting information for commands such as who(1), write(1) and login(1). It contains current user and accounting information.
- /var/adm/wtmpx: this database contains the history of user access and accounting information for the utmpx database. last(1) command use this file to report user login/logout activity. (last reboot can give a record of when the OS was shutdown and when it rebooted.
3.Extended accounting
Extended accounting perform accounting not only on process but also on task and flow(IPQos)
- acctadm: Run acctadm with no arguments will display the current accounting status.
- acctadm -r: display available resource groups.
- -d resource_list/-D/-e resouce list/-E/-x: disable/enable accounting.
- lastcomm(1) displays the last commands executed, in reverse order. If extended process accounting is active and is recording the appropriate data items, lastcomm attempts to take data from the current extended process accounting file(normally /var/adm/exacct/proc). If standard process accounting is active, last comm takes data from the current standard accounting file (normally /var/adm/pacct).
评论: