How to Setup psacct or acct – Monitor User Activity in Linux

It is very important to know what are the activities for applications and users in linux operating system. This will very useful in later time or in case of problems. For this purpose, i would recommend psacct or acct tools to be install. psacct or acct is a free monitoring program to monitor users and applications activity on linux server. This program will display how long user accessing the server, what command are they issuing, how many processes and display logs for commands. psacct and acct are similar tool, psacct is for RPM based linux but acct is for Debian based.

1. If you are runninng Linux CentOS or Redhat, you should use the following command to install pssacct :

[root@oss ~]# yum install psacct -y
But if you are running debian such as Ubuntu, you should install acct package instead of psacct :

[root@oss ~]# sudo apt-get install acct
2. By default psacct is disabled on Linux. We should manually start it :
[root@oss ~]# /etc/init.d/psacct status
Process accounting is disabled.
[root@oss ~]# /etc/init.d/psacct start
Starting process accounting: [ OK ]
Start acct on Debian :

[root@oss ~]# sudo service acct start
3. The psacct or acct package provides several features for monitoring process activities.

Other usage from that come in psacct or acct package :

ac command prints the statistics of user logins/logouts (connect time) in hours.
lastcomm command prints the information of previously executed commands of user.
accton commands is used to turn on/off process for accounting.
sa command summarizes information of previously executed commands.
last and lastb commands show listing of last logged in users.

4. Total Connect Time :

[root@oss ~]# ac
total 103.61
5. Display the statistics for total login time :

[root@oss ~]# ac -d
Dec 7 total 4.15
Dec 8 total 0.01
Jul 18 total 0.01
Aug 5 total 13.19
Aug 7 total 39.29
Aug 10 total 3.33
Aug 11 total 6.41
Aug 12 total 1.84
Aug 13 total 0.22
Aug 16 total 3.30
Aug 17 total 16.56
Aug 18 total 1.99
Aug 19 total 2.77
Today total 10.55
6. Total login statistics of each user :

[root@oss ~]# ac -p
ehowstuff 0.76
root 103.00
total 103.76
7. Print the summary of commands that were executed by users :
[root@oss ~]# sa -u
root 0.00 cpu 981k mem accton
root 0.00 cpu 26288k mem touch
root 0.01 cpu 26576k mem psacct
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
sshd 0.00 cpu 16992k mem sshd *
root 0.00 cpu 2604k mem id
root 0.00 cpu 2826k mem bash *
root 0.00 cpu 2076k mem hostname
root 0.00 cpu 2826k mem bash *
root 0.00 cpu 1017k mem tty
root 0.00 cpu 1561k mem tput
root 0.00 cpu 2826k mem bash *
root 0.00 cpu 1020k mem dircolors
root 0.00 cpu 2826k mem bash *
root 0.00 cpu 1595k mem grep
root 0.00 cpu 981k mem consoletype
root 0.00 cpu 27040k mem bash *
root 0.00 cpu 26288k mem id
root 0.00 cpu 27040k mem bash *
ehowstuf 0.00 cpu 2604k mem id
ehowstuf 0.00 cpu 2826k mem bash *
ehowstuf 0.00 cpu 2076k mem hostname
ehowstuf 0.00 cpu 2826k mem bash *
ehowstuf 0.00 cpu 2604k mem id
ehowstuf 0.00 cpu 2826k mem bash *
ehowstuf 0.00 cpu 2604k mem id
10. Printing sort by percentage

The command sa -c will show you the highest percentage of users:

[root@oss ~]# sa -c
233 100.00% 12652.90re 100.00% 0.00cp 100.00% 16512k
22 9.44% 3.32re 0.03% 0.00cp 44.44% 19491k ***other*
2 0.86% 2.78re 0.02% 0.00cp 22.22% 27072k bash
3 1.29% 12646.53re 99.95% 0.00cp 11.11% 0k flush-8:0*
2 0.86% 0.00re 0.00% 0.00cp 11.11% 26576k service
8 3.43% 0.01re 0.00% 0.00cp 5.56% 25248k sadc
2 0.86% 0.00re 0.00% 0.00cp 5.56% 26512k run-parts
30 12.88% 0.00re 0.00% 0.00cp 0.00% 26512k sh
29 12.45% 0.00re 0.00% 0.00cp 0.00% 1018k ac
23 9.87% 0.00re 0.00% 0.00cp 0.00% 10197k bash*
17 7.30% 0.00re 0.00% 0.00cp 0.00% 25232k cat
12 5.15% 0.02re 0.00% 0.00cp 0.00% 29328k crond*
10 4.29% 0.00re 0.00% 0.00cp 0.00% 9709k id
8 3.43% 0.00re 0.00% 0.00cp 0.00% 25232k basename
7 3.00% 0.00re 0.00% 0.00cp 0.00% 29079k ls
6 2.58% 0.00re 0.00% 0.00cp 0.00% 1642k lastcomm
6 2.58% 0.00re 0.00% 0.00cp 0.00% 1457k sa
5 2.15% 0.00re 0.00% 0.00cp 0.00% 981k consoletype
4 1.72% 0.00re 0.00% 0.00cp 0.00% 28064k find
4 1.72% 0.00re 0.00% 0.00cp 0.00% 25216k logger
3 1.29% 0.00re 0.00% 0.00cp 0.00% 26512k sh*
3 1.29% 0.00re 0.00% 0.00cp 0.00% 26304k date
3 1.29% 0.00re 0.00% 0.00cp 0.00% 2076k hostname
3 1.29% 0.00re 0.00% 0.00cp 0.00% 1595k grep
3 1.29% 0.00re 0.00% 0.00cp 0.00% 1561k tput
3 1.29% 0.00re 0.00% 0.00cp 0.00% 1020k dircolors
3 1.29% 0.00re 0.00% 0.00cp 0.00% 1017k tty
2 0.86% 0.15re 0.00% 0.00cp 0.00% 16992k sshd*
2 0.86% 0.09re 0.00% 0.00cp 0.00% 25232k tail
2 0.86% 0.00re 0.00% 0.00cp 0.00% 26512k 0anacron
2 0.86% 0.00re 0.00% 0.00cp 0.00% 26480k awk
2 0.86% 0.00re 0.00% 0.00cp 0.00% 26512k service*
2 0.86% 0.00re 0.00% 0.00cp 0.00% 26512k run-parts*

11. Display last executed commands :
[root@oss ~]# lastcomm
sa root pts/0 0.00 secs Thu Aug 21 00:16
sa ehowstuf pts/2 0.00 secs Thu Aug 21 00:14
sa root pts/0 0.00 secs Thu Aug 21 00:12
crond SF root __ 0.00 secs Thu Aug 21 00:10
sadc S root __ 0.00 secs Thu Aug 21 00:10
anacron F root __ 0.00 secs Thu Aug 21 00:01
crond SF root __ 0.00 secs Thu Aug 21 00:01
run-parts root __ 0.01 secs Thu Aug 21 00:01
logger root __ 0.00 secs Thu Aug 21 00:01
basename root __ 0.00 secs Thu Aug 21 00:01
awk root __ 0.00 secs Thu Aug 21 00:01
0anacron root __ 0.00 secs Thu Aug 21 00:01
anacron root __ 0.00 secs Thu Aug 21 00:01
date root __ 0.00 secs Thu Aug 21 00:01
cat root __ 0.00 secs Thu Aug 21 00:01
logger root __ 0.00 secs Thu Aug 21 00:01
basename root __ 0.00 secs Thu Aug 21 00:01
run-parts F root __ 0.00 secs Thu Aug 21 00:01
sh nobody __ 0.00 secs Thu Aug 21 00:00
getconf nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
uptime nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
netstat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
mount nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
df nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
ifconfig nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
ls nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
ls nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
ls nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
ls nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
ls nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
sh F nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
fdisk nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
sh F nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
crond SF nobody __ 0.00 secs Thu Aug 21 00:00
nmon nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
sh F nobody __ 0.00 secs Thu Aug 21 00:00
sh nobody __ 0.00 secs Thu Aug 21 00:00
cat nobody __ 0.00 secs Thu Aug 21 00:00
xargs nobody __ 0.00 secs Thu Aug 21 00:00
rm nobody __ 0.00 secs Thu Aug 21 00:00
find nobody __ 0.00 secs Thu Aug 21 00:00
crond SF root __ 0.00 secs Thu Aug 21 00:00
sadc S root __ 0.00 secs Thu Aug 21 00:00
pkill nobody __ 0.00 secs Thu Aug 21 00:00
flush-8:0 F root __ 0.00 secs Wed Aug 20 23:25
crond SF root __ 0.00 secs Wed Aug 20 23:53
sa2 root __ 0.00 secs Wed Aug 20 23:53
rmdir root __ 0.00 secs Wed Aug 20 23:53
find root __ 0.00 secs Wed Aug 20 23:53
find root __ 0.00 secs Wed Aug 20 23:53
find root __ 0.00 secs Wed Aug 20 23:53
sar root __ 0.02 secs Wed Aug 20 23:53
date root __ 0.00 secs Wed Aug 20 23:53
crond SF root __ 0.00 secs Wed Aug 20 23:50
sadc S root __ 0.01 secs Wed Aug 20 23:50
sa root pts/0 0.00 secs Wed Aug 20 23:47
sa root pts/0 0.00 secs Wed Aug 20 23:45
ac root pts/0 0.00 secs Wed Aug 20 23:44
lastcomm root pts/0 0.00 secs Wed Aug 20 23:43
ac root pts/0 0.00 secs Wed Aug 20 23:41
ac root pts/0 0.00 secs Wed Aug 20 23:40
crond SF root __ 0.00 secs Wed Aug 20 23:40
sadc S root __ 0.00 secs Wed Aug 20 23:40
service root pts/0 0.01 secs Wed Aug 20 23:39
basename root pts/0 0.00 secs Wed Aug 20 23:39
basename root pts/0 0.00 secs Wed Aug 20 23:39
service F root pts/0 0.00 secs Wed Aug 20 23:39
consoletype root pts/0 0.00 secs Wed Aug 20 23:39
service root pts/0 0.01 secs Wed Aug 20 23:39
basename root pts/0 0.00 secs Wed Aug 20 23:39
basename root pts/0 0.00 secs Wed Aug 20 23:39
service F root pts/0 0.00 secs Wed Aug 20 23:39
consoletype root pts/0 0.00 secs Wed Aug 20 23:39
tail X root pts/0 0.00 secs Wed Aug 20 23:39
bash F root pts/0 0.00 secs Wed Aug 20 23:39
ls root pts/0 0.00 secs Wed Aug 20 23:39
lastcomm root pts/0 0.00 secs Wed Aug 20 23:39
crond SF root __ 0.00 secs Wed Aug 20 23:30
sadc S root __ 0.00 secs Wed Aug 20 23:30
lastcomm root pts/0 0.00 secs Wed Aug 20 23:27
lastcomm root pts/0 0.00 secs Wed Aug 20 23:26
lastcomm root pts/0 0.00 secs Wed Aug 20 23:26
flush-8:0 F root __ 0.00 secs Wed Aug 20 23:19
crond SF root __ 0.00 secs Wed Aug 20 23:20
sadc S root __ 0.00 secs Wed Aug 20 23:20
flush-8:0 F root __ 0.02 secs Wed Aug 20 22:50
sa root pts/0 0.00 secs Wed Aug 20 23:13
sa root pts/0 0.00 secs Wed Aug 20 23:13
lastcomm root pts/0 0.00 secs Wed Aug 20 23:13
crond SF root __ 0.00 secs Wed Aug 20 23:10
sadc S root __ 0.00 secs Wed Aug 20 23:10
ac root pts/0 0.00 secs Wed Aug 20 23:06
crond SF root __ 0.00 secs Wed Aug 20 23:01
run-parts root __ 0.00 secs Wed Aug 20 23:01
logger root __ 0.00 secs Wed Aug 20 23:01
basename root __ 0.00 secs Wed Aug 20 23:01
awk root __ 0.00 secs Wed Aug 20 23:01
0anacron root __ 0.00 secs Wed Aug 20 23:01
date root __ 0.00 secs Wed Aug 20 23:01
cat root __ 0.00 secs Wed Aug 20 23:01
logger root __ 0.00 secs Wed Aug 20 23:01
basename root __ 0.00 secs Wed Aug 20 23:01
run-parts F root __ 0.00 secs Wed Aug 20 23:01
crond SF root __ 0.00 secs Wed Aug 20 23:00
sadc S root __ 0.00 secs Wed Aug 20 23:00
ac root pts/0 0.00 secs Wed Aug 20 22:59
ac root pts/0 0.00 secs Wed Aug 20 22:59
ac root pts/0 0.00 secs Wed Aug 20 22:59
sshd S root __ 0.05 secs Wed Aug 20 22:57
bash S root pts/1 0.01 secs Wed Aug 20 22:57
su S root pts/1 0.00 secs Wed Aug 20 22:57
bash S ehowstuf pts/1 0.03 secs Wed Aug 20 22:57
ac root pts/0 0.00 secs Wed Aug 20 22:59
ac root pts/0 0.00 secs Wed Aug 20 22:59
ac root pts/0 0.00 secs Wed Aug 20 22:59
bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
id ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
consoletype ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
grep ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
dircolors ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
tput ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
tty ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
id ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
id ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
hostname ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
bash F ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
id ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
sshd SF sshd __ 0.00 secs Wed Aug 20 22:59
ac root pts/0 0.00 secs Wed Aug 20 22:58
ac root pts/0 0.00 secs Wed Aug 20 22:58
ac ehowstuf pts/1 0.00 secs Wed Aug 20 22:58
ac root pts/0 0.00 secs Wed Aug 20 22:58
ac root pts/0 0.00 secs Wed Aug 20 22:58
ac root pts/0 0.00 secs Wed Aug 20 22:58
mkdir ehowstuf pts/1 0.00 secs Wed Aug 20 22:58
ls ehowstuf pts/1 0.00 secs Wed Aug 20 22:58
ac root pts/0 0.00 secs Wed Aug 20 22:58
tail X root pts/0 0.00 secs Wed Aug 20 22:58
ac root pts/0 0.00 secs Wed Aug 20 22:58
ac root pts/0 0.00 secs Wed Aug 20 22:58
ac root pts/0 0.00 secs Wed Aug 20 22:58
bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
id ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
consoletype ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
grep ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
dircolors ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
tput ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
tty ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
id ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
id ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
hostname ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
bash F ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
id ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
bash F root pts/1 0.00 secs Wed Aug 20 22:57
id root pts/1 0.00 secs Wed Aug 20 22:57
bash F root pts/1 0.00 secs Wed Aug 20 22:57
consoletype root pts/1 0.00 secs Wed Aug 20 22:57
grep root pts/1 0.00 secs Wed Aug 20 22:57
bash F root pts/1 0.00 secs Wed Aug 20 22:57
dircolors root pts/1 0.00 secs Wed Aug 20 22:57
bash F root pts/1 0.00 secs Wed Aug 20 22:57
tput root pts/1 0.00 secs Wed Aug 20 22:57
tty root pts/1 0.00 secs Wed Aug 20 22:57
bash F root pts/1 0.00 secs Wed Aug 20 22:57
hostname root pts/1 0.00 secs Wed Aug 20 22:57
bash F root pts/1 0.00 secs Wed Aug 20 22:57
id root pts/1 0.00 secs Wed Aug 20 22:57
sshd SF sshd __ 0.00 secs Wed Aug 20 22:57
ac root pts/0 0.00 secs Wed Aug 20 22:57
ac root pts/0 0.00 secs Wed Aug 20 22:57
ac root pts/0 0.00 secs Wed Aug 20 22:57
ac root pts/0 0.00 secs Wed Aug 20 22:57
ac root pts/0 0.00 secs Wed Aug 20 22:57
ac root pts/0 0.00 secs Wed Aug 20 22:57
ac root pts/0 0.00 secs Wed Aug 20 22:56
ac root pts/0 0.00 secs Wed Aug 20 22:56
ac root pts/0 0.00 secs Wed Aug 20 22:56
psacct root pts/0 0.01 secs Wed Aug 20 22:55
touch root pts/0 0.00 secs Wed Aug 20 22:55
accton S root pts/0 0.00 secs Wed Aug 20 22:55
12. Search Logs for Commands :

[root@oss ~]# lastcomm grep
grep ehowstuf pts/2 0.00 secs Wed Aug 20 22:59
grep ehowstuf pts/1 0.00 secs Wed Aug 20 22:57
grep root pts/1 0.00 secs Wed Aug 20 22:57