HPE Community
Operating System - HP-UX
1834135 Members
2211 Online
110064 Solutions
New Discussion

Accounting question

 
Krishnan Viswanathan
Frequent Advisor

‎01-28-2002 01:01 PM

‎01-28-2002 01:01 PM

Accounting question

If I execute the acct command (/usr/sbin/acct/acctcom pacct) I get some data, but I dont see what file the user has removed. Is there an option to check the argument after the commands ?

COMMAND START END REAL CPU MEAN
NAME USER TTYNAME TIME TIME (SECS) (SECS) SIZE(K)
date cbadmin ? 12:00:06 12:00:06 0.04 0.03 0.00
grep cbadmin ? 12:00:06 12:00:06 0.02 0.02 0.00
awk cbadmin ? 12:00:06 12:00:06 0.04 0.03 0.00
rm cbadmin ? 12:00:06 12:00:06 0.12 0.03 0.00

Thanks
Krishnan
0 Kudos
Reply
5 REPLIES 5
S.K. Chan
Honored Contributor

‎01-28-2002 01:44 PM

‎01-28-2002 01:44 PM

Re: Accounting question

I'm almost sure there is no option that you asked for. Even with "-u " option it does not show command parameter. After all you would want to use other means to get that information. For example, .sh_history file of an individual user.
0 Kudos
Reply
Helen French
Honored Contributor

‎01-28-2002 01:44 PM

‎01-28-2002 01:44 PM

Re: Accounting question

Iyer,

Not sure whether this helps you, but take a look at this guide. I have not seen any option for a detail command options, as you needed:

http://www.docs.hp.com/hpux/onlinedocs/B2355-90129/B2355-90129.html

HTH,
Shiju

Life is a promise, fulfill it!
0 Kudos
Reply
Krishnan Viswanathan
Frequent Advisor

‎01-28-2002 01:54 PM

‎01-28-2002 01:54 PM

Re: Accounting question

Thanks guys. My problem is I am seeing that a user has executed a rm command.
But I dont know which files/directory he has removed.
Is there a specific option in the "acctcom" command ?

The shell history of the specific user wont help since a) the history is limited b) some users delete their history
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎01-28-2002 02:01 PM

‎01-28-2002 02:01 PM

Re: Accounting question

Might or might not be the answer you're looking for.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xe74cded2442ed5118fef0090279cd0f9,00.html
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎01-28-2002 02:14 PM

‎01-28-2002 02:14 PM

Re: Accounting question

Hi:

I think that you're stuck with the simple command name. The arguments thereto are not recorded. Have a look at '/usr/include/sys/acct.h' and/or the man pages for 'acct' [ man 4 acct ].

Regards!

...JRF...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.