1838646
Members
2459
Online
110128
Solutions
Haven't bothered with accounting in years... If you really want to do this, these are my notes from about 8 years ago on how to do it on 11.00. I can't imagine its changed significantly (if at all) since then. Still you might want to check all the scripts and files mentioned are still there...
____________________________________________
Create the following directory
/var/adm/sa
Add the following entried to the file /usr/spool/cron/crontabs/adm
# adm crontab file for
#
# Run Daily Accounting
0 4 * * 1-6 /usr/sbin/acct/runacct 2> /var/adm/acct/nite/fd2log
#
# Check size of /var/adm/pacct
0 * * * * /usr/sbin/acct/ckpacct
#
# Create summary files
15 5 1 * * /usr/sbin/acct/monacct
#
# Collect system accounting information and store in binary format
0 7-17 * * * /usr/lib/sa/sa1 1200 3
#
# Write a daily report to /var/adm/sa/sadd (where dd is day number)
0 18 * * 1-6 /usr/lib/sa/sa2 -s 7:00 -e 18:01 -i 3600 -A
#
# Disk Accounting
0 2 * * 4 /usr/sbin/acct/dodisk
Remove all comments from /etc/fstab (as some of the default accounting scripts don't handle them correctly)
Set flag to 1 in /etc/rc.config.d/acct, as follows:
#!/sbin/sh
# @(#) $Revision: 72.5 $
# Process accounting. See acct(1m)
#
# START_ACCT: Set to 1 to start process accounting
#
START_ACCT=1
Comment out the superfluous â dateâ commands in the script /usr/sbin/acct/dodisk (there are 2 lines which just call "date" but do nothing else). This prevents adm receiving pointless mail from cron with just date stamps in it
Set up /etc/acct/holidays file for the current year
____________________________________________
HTH
Duncan
I am an HPE Employee
____________________________________________
Create the following directory
/var/adm/sa
Add the following entried to the file /usr/spool/cron/crontabs/adm
# adm crontab file for
#
# Run Daily Accounting
0 4 * * 1-6 /usr/sbin/acct/runacct 2> /var/adm/acct/nite/fd2log
#
# Check size of /var/adm/pacct
0 * * * * /usr/sbin/acct/ckpacct
#
# Create summary files
15 5 1 * * /usr/sbin/acct/monacct
#
# Collect system accounting information and store in binary format
0 7-17 * * * /usr/lib/sa/sa1 1200 3
#
# Write a daily report to /var/adm/sa/sadd (where dd is day number)
0 18 * * 1-6 /usr/lib/sa/sa2 -s 7:00 -e 18:01 -i 3600 -A
#
# Disk Accounting
0 2 * * 4 /usr/sbin/acct/dodisk
Remove all comments from /etc/fstab (as some of the default accounting scripts don't handle them correctly)
Set flag to 1 in /etc/rc.config.d/acct, as follows:
#!/sbin/sh
# @(#) $Revision: 72.5 $
# Process accounting. See acct(1m)
#
# START_ACCT: Set to 1 to start process accounting
#
START_ACCT=1
Comment out the superfluous â dateâ commands in the script /usr/sbin/acct/dodisk (there are 2 lines which just call "date" but do nothing else). This prevents adm receiving pointless mail from cron with just date stamps in it
Set up /etc/acct/holidays file for the current year
____________________________________________
HTH
Duncan
I am an HPE Employee
Can you clarify what you mean...
every command that every user types?
commands that privilidged users type?
Something else???
HTH
Duncan
I am an HPE Employee
every command that every user types?
commands that privilidged users type?
Something else???
HTH
Duncan
I am an HPE Employee
Thats what I was afraid you would say... the obvious question is why???
Do you record every mouse click and key press on your users PCs?
Or are we actually talking about adminsitrators who actually do nothing as theire own users... just login and then su to root or to a generic application admin.
Well you can get some basic stuff by collecting shell history files from users home directories, but of course users can edit and change those, so I'm assuming that won't fit what you want.
There are other things you can do... bit really it depends on what you are ultimately trying to achieve...
HTH
Duncan
I am an HPE Employee
Do you record every mouse click and key press on your users PCs?
Or are we actually talking about adminsitrators who actually do nothing as theire own users... just login and then su to root or to a generic application admin.
Well you can get some basic stuff by collecting shell history files from users home directories, but of course users can edit and change those, so I'm assuming that won't fit what you want.
There are other things you can do... bit really it depends on what you are ultimately trying to achieve...
HTH
Duncan
I am an HPE Employee
Sandeep, what on earth are you talking about???
modprpw -k
unlocks a users account... nothing to do with logging user commands etc....
Duncan
I am an HPE Employee
modprpw -k
unlocks a users account... nothing to do with logging user commands etc....
Duncan
I am an HPE Employee
Good grief...now SKR is doing it... for pete's sake READ THE QUESTION AND ALL RESPONSES BEFORE REPLYING YOURSELF
Duncan
(who seems to be getting very grumpy these days)
I am an HPE Employee
Duncan
(who seems to be getting very grumpy these days)
I am an HPE Employee