Monitoring User Activity

Previous page
Table of content
Next page

Monitoring user activity is part of the sysadmin's duties, and an essential part of tracking how system resources are being used. If you have multiple users on your SUSE Linux system, and especially if you don't, you should become familiar with some of these monitoring tools.

As the all-powerful sysadmin, you can monitor nearly everything your users do on the computer, held back only by the hours in the day. Fortunately for all concerned, even the Bastard Operator From Hell doesn't have time to do this. Any good sysadmin will check in periodically, just to keep the invaders at bay.

Shell Tools for Watching Users

The acct system accounting package is essential to pull together all the commands you'll need to keep tabs on your system. There are a bunch of handy tools there including sa, accton, and lastcomm.

You may need to start the acct service at startup. To do this, log in as SuperUser and type

/etc/init.d/acct start

SUSE Linux will now track resource usage in the /var/run/utmp and /var/log/wtmp files. You can access these files with the following commands.

The w command will tell the sysadmin who is logged in, where he or she is logged in at, and what they are up to. No one is able to hide from the SuperUser. The w command can be followed by a specific user's name to show only that user by default, it will show all current users.

The ac command provides information about the total connect time of a user measured in hours. It accesses the /var/log/wtmp file for the source of its information. To generate a list of users with their login hours, type

ac  p

Even if you're a sole user, if you log in and out religiously, you might find this command useful. To get a list of total hours logged in on the system for a calendar day, type

ac -d

Tip

Interestingly, a phenomenon known as "timewarp" can occur, where an entry in the wtmp files jumps back into the past, and ac will show unusual amounts of time accounted for users. Although this can be attributed to some innocuous factors having to do with the system clock, it is worthy of investigation by the sysadmin. It can also be the result of a security breach.


The ac command can prove itself most useful in shell scripts when you want to generate reports on operating system usage to show management what OSes your users run.

The last command searches through the /var/log/wtmp file and will list all the users logged in and out since that file was first created. The system user reboot exists so that you might know who has logged in since the last reboot. A companion to last is the lastb command, which shows all failed, or bad, logins. It's useful to determine if a legitimate user is having trouble, or if someone is trying to break into your system. The hoped for result of lastb is always a message telling you that the btmp log does not exist meaning there have been not bad/attempted logins.


Previous page
Table of content
Next page
SUSE Linux 10 Unleashed
SUSE Linux 10.0 Unleashed
ISBN: 0672327260
EAN: 2147483647
Year: 2003
Pages: 332
Authors: Mike McCallister
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
Adobe After Effects 7.0 Studio Techniques
Introduction to 80x86 Assembly Language and Computer Architecture
GO! with Microsoft Office 2003 Brief (2nd Edition)
Microsoft WSH and VBScript Programming for the Absolute Beginner
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy