Recently I asked this group for tools which could be used to extract a list
of commands executed per user from the condensed summary files savacct
and usracct. What I had in mind was the type of output provided by the -u
flag to sa, which lists each instance of a command execution,
the uid responsible for the execution,
and what kind of system resources were used in that instance .
Although it is possible to get other kinds of summaries from the condensed files,
such as total system usage per user or per command (ie. the -m or -a flag to sa),
the individual record data is lost in the condensation. This is the bottom line,
as I understand it. You have to get the individual record information
before the acct file is condensed.
The reason this was necessary was to evaluate illegal activity on a system that
had already condensed the information into summary files.
Thank you to Kevin Sheehan for the use of his aa utlity, which nicely formats
the information in the acct file. I'll be running from cron each night before
the acct file is condensed.
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:48 CDT