Monday, March 4, 2013

Monitoring User Activity with psacct On Linux

One of the big advantages of using psacct on your server is that it provides excellent logging for activities of applications and users.




Installation :-

for Redhat, Fedora, CentOs

yum install psacct
service psacct start

For Ubuntu Debian

apt-get install acct
service acct start


Following is the list of utilities it includes:
The ac command displays statistics about how long users have been logged on.
The lastcomm command displays information about previous executed commands.
The sa command summarizes information about previously executed commmands.
The accton command turns process accounting on or off.

How to use psacct :

The connect time in hours is based on logins and logouts. 

root@Vishalvyas:~#  ac -p
        vishal                        9.12
        Ashish                      20.60
        Vipul                        15.80
        Anil                          17.33
        Akshay                     10.92
        pritesh                      4.10
        chirag                       8.75
        total                         168.95

which user has executed what command on system :

root@Vishalvyas:~# lastcomm vishal

Process        Flag    Username  Terminal    Time

vim                          X vishal        pts/2         0.01 secs Tue Mar  5 10:16
su               S           vishal            pts/2         0.00 secs Tue Mar  5 10:16
bash                        vishal            pts/2        0.10 secs Tue Mar  5 10:16
bash             F         vishal            pts/2        0.00 secs Tue Mar  5 10:16
python                     vishal            pts/2       0.05 secs Tue Mar  5 10:16
crontab                    vishal            pts/2       0.00 secs Tue Mar  5 10:16
bash             F         vishal            pts/2       0.00 secs Tue Mar  5 10:16
python                     vishal            pts/2       0.04 secs Tue Mar  5 10:16
bash             F         vishal            pts/2       0.00 secs Tue Mar  5 10:16
python                     vishal            pts/2       0.04 secs Tue Mar  5 10:16
ssh                          vishal            pts/2       0.00 secs Tue Mar  5 10:16
ifconfig                    vishal            pts/2       0.00 secs Tue Mar  5 10:16


Search the accounting logs by command name:
root@Vishalvyas:~#  lastcomm vim
vim                    root     pts/1      0.02 secs Tue Mar  5 10:28
vim                    root     pts/1      0.02 secs Tue Mar  5 10:18
vim                  X vishal   pts/2      0.01 secs Tue Mar  5 10:16



Pribt All Account Activity :
The “sa” command is used to print the summary of commands that were executed by user.
 root@Vishalvyas:~# sa
    3178    4679.96re       0.80cp         0avio      4435k
     176    4586.25re        0.69cp         0avio     19371k   httpd*
      35       0.15re           0.04cp          0avio     23363k   /usr/share/webm*
      15       0.04re           0.02cp          0avio     17296k   landscape-sysin
      12       0.04re           0.02cp          0avio      6346k   DB_to_TNF.pl
      13       5.80re           0.01cp          0avio     26052k   svn
 

Flags:
S - executed as super-user
F - executed after  but not following exec
D - terminated with core file
X - terminated with signal SIGTERM


Thanks,
Vishal Vyas

1 comment:

  1. Hello Vishalji

    We are looking for developer who can develop the fingers print analysis software in dot net or any other latest app. This software can be used for D.M.I.T purpose.if any eligible please contact me ASAP.
    I would like to explain about project as follows
    1) There are almost 20 finger print patterns. For details please refer to this link
    [obscured] /fingerprint_patterns.html

    2) You have to detect these patterns, combination of patterns, number of lines in print & ridges count.

    3) We will provide you what & how output we want. In general they will be numbers ex. numbers of lines, patter type etc

    4) Program must avoid counting of accidental cuts/burns/spots etc marks. They should not be counted.

    5) few more analysis is required, but this is most important requirement.

    We need reliable programmer who can develop as soon as possible & with lowest budget. technology is not a concern, we seek for code too....
    Devang Vyas
    therajkotian@gmail.com

    ReplyDelete