Linux System Log Management: (2) Process statistics log

There are three main logging subsystems in the Linux operating system:

(1) Connection time log

(2) Process statistics log

(3) System and service logs

The connection time log and the process statistic log are driven by the Rsyslog (Legacy syslog) log service, and the system and service logs are driven and managed by the corresponding network service;

Process Statistics Log

  process Statistics Log can be very effective when the user is working on the server, and the logged operations are stored in the/var/account/pacct file;

#acctonaccton:  no argumentsusage: accton [option] on|off| accounting_filetry  ' Accton --help '  for more information.# accton -- Helpusage: accton [option] on|off| Accounting_file          turns process accounting  on or off, or changes the file where this           info is saved.           OPTIONS:          -h, --help        Show help and exit           -V, --version    Show version and exit           ARGUMENTS:           on               activate  process accounting and use default file           off               Deactivate process accounting          accounting_ file  activate  (if not active)  and save information in           this file           the system ' s default process accounting file is  '/var/ Account/pacct '.           report bugs to <[ Email protected]>

(1) Start process statistics Log condition

# Accton onturning on process accounting, file set to the default '/var/account/pacct '.

(2) Show process statistics log condition

# lastcommksmtuned          f     root     __         0.00 secs  thu feb 26 23:05awk                     root     __          0.00 secs Thu Feb 26 23:05ksmtuned           F    root     __          0.00 secs thu feb 26 23:05ksmtuned           F    root      __         0.00 secs thu feb 26  23:05pgrep                  root      __         0.00 secs thu feb  26 23:05ksmtuned          F     root     __         0.00 secs  Thu Feb 26 23:05awk                     root     __          0.00 secs Thu Feb 26 23:05sleep                   root      __         0.00 secs thu feb  26 23:04accton           s     root      pts/0      0.00 secs thu feb 26 23:04

Take the last line as an example:

* Command bit

* Flag bit

s means the command has Super Administrator execution

f indicates that the command has subroutines running and no exec is used

c indicates that the command is running in a PDP-11 compatible environment

x indicates that the command was terminated by the SIGTREM signal

* User Name

* System for executing commands

About the usage of Lastcomm:

# Lastcomm--helpusage:lastcomm [-HPV] [-f file] [command] ... [User] ...       [Terminal] ... [--forwards] [--file <file>] [--strict-match]       [--print-controls] [--user <name>] [--tty <name>] [--command <name>]       [--debug] [--show-paging] [--ahz <freq>] [--version] [--help] The system ' s default process accounting file IS/VAR/ACCOUNT/PACCT.

(3) Stop process statistics log monitoring

# Lastcomm off

Using the SA Command for statistics

The SA command compresses the data in/var/account/pacct to/VAR/LOG/SAVACC (index statistics based on the command name) and/ETC/LOG/USRACC (indexed statistics based on the user name);

# sa-a 4557 50640.33re 1.08cp 0avio 27021k 1 742.55re 0.58cp 0avio 366208 K Gnome-shell 7 5199.84re 0.23cp 0avio 105595k gmain

Re represents the sample time, in minutes;

CP indicates the use time of the system and the user, in minutes;

K indicates the average time that the kernel consumes CPU, and one unit size is KB;

SH indicates the command name;

Avio indicates the number of times each I/O operation was performed;

The SA syntax is as follows:

Usage: SA [options] ... [File] ...

The main options are as follows.

--a: Prints the names of all commands (including those with non-printable characters).

--b: The output is categorized by the sum of the user and system time divided by the number of calls. Otherwise, the output is the sum of the user time and the system time.

--C: Prints each command usage time as a percentage of the time used for all commands. In addition, there are users, systems, and real-time.

--c: Merges the accounting files into the summary file. If the digest file is an old usage, it is converted to a new usage.

--d: Classifies the output by average disk I/O operations.

--d: The output is categorized and printed by the total number of disk I/O operations.

--f: Do not force interactive threshold compression. This flag must be used with the-v flag.

-I: Only the raw data is read and the digest file is not read.

--J: Prints the number of seconds per call, rather than the total number of minutes per category.

--k: Classifies the output by average CPU time.

--k: Classifies and prints the output as a CPU storage integer.

--l: Separates system time from user time, rather than combining them.

--M: Prints the number of processes and CPU minutes per user.

--n: Sorts the output by the number of calls.

--r: inverts The order of the classifications.

--s: Merges the accounting files into the summary file.

--T: Print Each command when it is compared to the user and system time.

--u: Suspend all other flags and print the user's digital ID and command name for each command.

This article is from the "Margin with Wish" blog, please be sure to keep this source http://281816327.blog.51cto.com/907015/1615814

Linux System Log Management: (2) Process statistics log