HPE Community
Operating System - HP-UX
1833123 Members
3107 Online
110051 Solutions
New Discussion

More detail from lastcomm

 
A. Daniel King_1
Super Advisor

‎09-05-2002 07:38 AM

‎09-05-2002 07:38 AM

More detail from lastcomm

Hi folks,

This is a process accounting question. I've got process accounting running, but ...

Is there a way to get more detail out of lastcomm? I see items like process name, owner, tty, etc. However, I do not see items such as PID or command parameters.

Is there a way to get at such information? Do I need additional software to get this level of granularity? (Or do I need additional switches/existing commands?)

Thanks in advance. I'm on HP-UX 11.0.
Command-Line Junkie
0 Kudos
Reply
3 REPLIES 3
Cheryl Griffin
Honored Contributor

‎09-05-2002 08:28 AM

‎09-05-2002 08:28 AM

Re: More detail from lastcomm

Change your syntax that you use. See if the example from the man page gives you more of what you're looking for:
"lastcomm gives information on previously executed commands. If no arguments are specified, lastcomm prints information about all the commands recorded in the accounting file, /var/adm/pacct during the current accounting file's lifetime. If called with arguments, only accounting entries with a matching command name, user name, or terminal name are printed.

For example, to produce a listing of all executions of commands named a.out by user root on terminal ttyd0 use:
lastcomm a.out root ttyd0
"

Cheryl
"Downtime is a Crime."
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎09-05-2002 08:37 AM

‎09-05-2002 08:37 AM

Re: More detail from lastcomm

Daniel,
One addition. I found a ER that should address this.

1653112359 "ER: Request a for a method for "root" to trace all commands a user exec"

This ER says that the full path and any options should be tracked as well by accounting.

Currently the only workaround is to track shell history. If you don't already do this, you would set in the /etc/profile (global profile):

HISTSIZE=500
HISTFILE=$HOME/.sh_history
export HISTSIZE HISTFILE

$HOME/.sh_history should exist for each user.

Cheryl
"Downtime is a Crime."
0 Kudos
Reply
Dietmar Konermann
Honored Contributor

‎09-05-2002 08:38 AM

‎09-05-2002 08:38 AM

Re: More detail from lastcomm

Hi!

I'm afraid this is not possible with lastcomm.

However, you may have a look at the acct structure in /usr/include/sys/acct.h. There you see what is _theoretically_ available. The pacct file is simply a sequence of acct structs.

Maybe you could get more info using auditing?

Regards...
Dietmar.
"Logic is the beginning of wisdom; not the end." -- Spock (Star Trek VI: The Undiscovered Country)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.