HPE Community
Operating System - HP-UX
1833811 Members
3627 Online
110063 Solutions
New Discussion

Re: To enable System Accounting

 
SOLVED
Go to solution
deepak_9
Frequent Advisor

‎04-12-2002 01:40 AM

‎04-12-2002 01:40 AM

To enable System Accounting

Hi,

i want to enable the system accounting on my hpux11i L-Class server and mail it to my email id using sendmail. What is the best method to have all system logs in hand . Also how to make the effective use of the sendmail configuration ...I mean if I want to track all bad logons/logons to root etc.
Never Ever give Up !!!!!
0 Kudos
Reply
6 REPLIES 6
Paula J Frazer-Campbell
Honored Contributor

‎04-12-2002 01:47 AM

‎04-12-2002 01:47 AM

Re: To enable System Accounting

Hi

First option is to put a .forward file in / containing your email address, then all of roots mail will be copied to you.

Use SAM to set up accounting - quick and easy.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
John Strang
Regular Advisor

‎04-12-2002 02:23 AM

‎04-12-2002 02:23 AM

Re: To enable System Accounting

Hi Deepak

Check the man pages for sar - it will show you how to configure a cron job to start system accounting.

John
If you never make a mistake you'll never make anything.
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

‎04-12-2002 04:14 AM

‎04-12-2002 04:14 AM

Solution

Re: To enable System Accounting

Haven't checked this on 11i, but there were a few issues with accounting at UX11.00 which meant it was best to set it up manually, here's what I needed to do...

Create the sa directory in /var/adm

# mkdir /var/adm/sa

Add the following entries to the file /usr/spool/cron/crontabs/adm

# adm crontab file for
#
# Run Daily Accounting
0 4 * * 1-6 /usr/sbin/acct/runacct 2> /var/adm/acct/nite/fd2log
#
# Check size of /var/adm/pacct
0 * * * * /usr/sbin/acct/ckpacct
#
# Create summary files
15 5 1 * * /usr/sbin/acct/monacct
#
# Collect system accounting information and store in binary format
0 7-17 * * * /usr/lib/sa/sa1 1200 3
#
# Write a daily report to /var/adm/sa/sadd (where dd is day number)
0 18 * * 1-6 /usr/lib/sa/sa2 -s 7:00 -e 18:01 -i 3600 -A
#
# Disk Accounting
0 2 * * 4 /usr/sbin/acct/dodisk

Remove *all* comments from /etc/fstab (or dodisk can throw a wobbler!)

Set flag to 1 in /etc/rc.config.d/acct, as follows:

#!/sbin/sh
# @(#) $Revision: 72.5 $
# Process accounting. See acct(1m)
#
# START_ACCT: Set to 1 to start process accounting
#
START_ACCT=1

Comment out ???date??? commands in /usr/sbin/acct/dodisk this prevents an unnecessary e-mail being generated every time the command is run...

Set up /etc/acct/holidays, which will probably not have 2002 in it...

Start accounting using:

/sbin/init.d/acct start

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Reply
deepak_9
Frequent Advisor

‎04-12-2002 06:55 AM

‎04-12-2002 06:55 AM

Re: To enable System Accounting

Hi Duncan,

Thanks a lot but after enabling it if I have sendmail installed on hpux box and want these accounting files to get on to my mail id. what is the procedure? I mean which files I should mail?
Never Ever give Up !!!!!
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎04-12-2002 07:01 AM

‎04-12-2002 07:01 AM

Re: To enable System Accounting

Hi Deepak

Do a man acct , also under /etc/rc.config.d there is acct file inwhich change the parameter to STAR_ACCT to 1 so that it is permanent . Now waht does this do is to create account logs which can be checked using acct command . This is internal unix accounting is wonderful if you have space to store bulky logs.


Manoj Srivastava
0 Kudos
Reply
deepak_9
Frequent Advisor

‎04-12-2002 07:12 AM

‎04-12-2002 07:12 AM

Re: To enable System Accounting

Hi,

Getting following error in file var/adm/acct/nite/fd2log

:-

fee not found
Error: closewtmp: Unable to write wtmp file.
/var/adm/wtmp: Permission denied
/usr/sbin/acct/runacct[149]: /var/adm/acct/nite/wtmp.0412: Cannot create the specified file.
cp: cannot create /var/adm/wtmp: Permission denied
***UPDATE /etc/acct/holidays WITH NEW HOLIDAYS***
acctmerg: Read error file 1
***UPDATE /etc/acct/holidays WITH NEW HOLIDAYS***
Never Ever give Up !!!!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.