| 1 |
On Wed, 16 Jul 2008, Richard Marzan wrote: |
| 2 |
|
| 3 |
> Is there a tool or a way of keeping track of which commands user's are |
| 4 |
> executing on a system? I understand that history files can be wiped out |
| 5 |
> and they don't really contain the time at which a command and it's |
| 6 |
> arguments were run so I refrain from relying on it. |
| 7 |
|
| 8 |
On traditional UNIX systems, system accounting logs (usually called |
| 9 |
acct) can be read via the lastcomm command. Im guessing that the |
| 10 |
sys-process/acct ebuild will give you those commands. |
| 11 |
|
| 12 |
NOTE: You will also need kernel support for process/login accounting - |
| 13 |
look for "process accounting" in your kernel config and make sure it is |
| 14 |
switched on. (Natrually, you will need to rebuild your kernel / modules if |
| 15 |
it isn't switched on and reboot to activate it). |
| 16 |
|
| 17 |
|
| 18 |
UPDATE: I just checked one of my kernels and the config option is called |
| 19 |
"BSD-style process accouting" - it lives in General Setup when configuring |
| 20 |
a kernel. |
| 21 |
|
| 22 |
|
| 23 |
-- |
| 24 |
A |
| 25 |
-- |
| 26 |
gentoo-user@l.g.o mailing list |
Archives