There are three main logging subsystems in the Linux operating system:
(1) Connection time log
(2) Process statistics log
(3) System and service logs
The connection time log and the process statistic log are driven by the Rsyslog (Legacy syslog) log service, and the system and service logs are driven and managed by the corresponding network service;
Process Statistics Log
process Statistics Log can be very effective when the user is working on the server, and the logged operations are stored in the/var/account/pacct file;
#acctonaccton: no argumentsusage: accton [option] on|off| accounting_filetry ' Accton --help ' for more information.# accton -- Helpusage: accton [option] on|off| Accounting_file turns process accounting on or off, or changes the file where this info is saved. OPTIONS: -h, --help Show help and exit -V, --version Show version and exit ARGUMENTS: on activate process accounting and use default file off Deactivate process accounting accounting_ file activate (if not active) and save information in this file the system ' s default process accounting file is '/var/ Account/pacct '. report bugs to <[ Email protected]>
(1) Start process statistics Log condition
# Accton onturning on process accounting, file set to the default '/var/account/pacct '.
(2) Show process statistics log condition
# lastcommksmtuned f root __ 0.00 secs thu feb 26 23:05awk root __ 0.00 secs Thu Feb 26 23:05ksmtuned F root __ 0.00 secs thu feb 26 23:05ksmtuned F root __ 0.00 secs thu feb 26 23:05pgrep root __ 0.00 secs thu feb 26 23:05ksmtuned F root __ 0.00 secs Thu Feb 26 23:05awk root __ 0.00 secs Thu Feb 26 23:05sleep root __ 0.00 secs thu feb 26 23:04accton s root pts/0 0.00 secs thu feb 26 23:04
Take the last line as an example:
* Command bit
* Flag bit
s means the command has Super Administrator execution
f indicates that the command has subroutines running and no exec is used
c indicates that the command is running in a PDP-11 compatible environment
x indicates that the command was terminated by the SIGTREM signal
* User Name
* System for executing commands
About the usage of Lastcomm:
# Lastcomm--helpusage:lastcomm [-HPV] [-f file] [command] ... [User] ... [Terminal] ... [--forwards] [--file <file>] [--strict-match] [--print-controls] [--user <name>] [--tty <name>] [--command <name>] [--debug] [--show-paging] [--ahz <freq>] [--version] [--help] The system ' s default process accounting file IS/VAR/ACCOUNT/PACCT.
(3) Stop process statistics log monitoring
# Lastcomm off
Using the SA Command for statistics
The SA command compresses the data in/var/account/pacct to/VAR/LOG/SAVACC (index statistics based on the command name) and/ETC/LOG/USRACC (indexed statistics based on the user name);
# sa-a 4557 50640.33re 1.08cp 0avio 27021k 1 742.55re 0.58cp 0avio 366208 K Gnome-shell 7 5199.84re 0.23cp 0avio 105595k gmain
Re represents the sample time, in minutes;
CP indicates the use time of the system and the user, in minutes;
K indicates the average time that the kernel consumes CPU, and one unit size is KB;
SH indicates the command name;
Avio indicates the number of times each I/O operation was performed;
The SA syntax is as follows:
Usage: SA [options] ... [File] ...
The main options are as follows.
--a: Prints the names of all commands (including those with non-printable characters).
--b: The output is categorized by the sum of the user and system time divided by the number of calls. Otherwise, the output is the sum of the user time and the system time.
--C: Prints each command usage time as a percentage of the time used for all commands. In addition, there are users, systems, and real-time.
--c: Merges the accounting files into the summary file. If the digest file is an old usage, it is converted to a new usage.
--d: Classifies the output by average disk I/O operations.
--d: The output is categorized and printed by the total number of disk I/O operations.
--f: Do not force interactive threshold compression. This flag must be used with the-v flag.
-I: Only the raw data is read and the digest file is not read.
--J: Prints the number of seconds per call, rather than the total number of minutes per category.
--k: Classifies the output by average CPU time.
--k: Classifies and prints the output as a CPU storage integer.
--l: Separates system time from user time, rather than combining them.
--M: Prints the number of processes and CPU minutes per user.
--n: Sorts the output by the number of calls.
--r: inverts The order of the classifications.
--s: Merges the accounting files into the summary file.
--T: Print Each command when it is compared to the user and system time.
--u: Suspend all other flags and print the user's digital ID and command name for each command.
This article is from the "Margin with Wish" blog, please be sure to keep this source http://281816327.blog.51cto.com/907015/1615814
Linux System Log Management: (2) Process statistics log