Monitor Users activity in Linux using Psacct

Psacct is a powerful tool to monitor what a user doing in command line or via ssh tunnel. Its a system administration tool which every linux asministrator needs. Psacct tool logs all commands/Application activity by all users in the system.


Install psacct in your rpm based system(sometimes its installed by default)
[root@server ~#]yum -y install psacct


Start psacct daemon
[root@server ~#]service psacct start
[root@server ~#]chkconfig psacct on            (add to system startup)


psacct commands
[root@server ~#]ac                         (print the total login time on the machine in hours)
[root@server ~#]ac james               (print the total login time of user james in hours)
[root@server ~#]ac -p                    (print the total login time of all users in hours) 
[root@server ~#]ac -d                     (print the daywise total login time on the machine in hours)
[root@server ~#]ac -d james          (print the daywise total login time of user james in hours)


[root@server ~#]sa                         (summarize all account activity information)


[root@server ~#]last -i                   (print all users login history)


[root@server ~#]lastcomm james             (print the total commands executed by the user james)
[root@server ~#]lastcomm james >/tmp/commands.txt      (save the output to a text file)
lastcomm command output parameters
S    Executed as superuser
F    Executed after, but not the following exec
X   Execution terminated with a signal "SIGTERM"
D   Execution terminated with a core file

0 comments:

Related Posts Plugin for WordPress, Blogger...

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Bluehost Coupons