System accounting software in the Solaris OS is a set of programs that enables you to collect and record data about user connect time, CPU time charged to processes, and disk usage. Once you collect this data, you can generate reports and charge fees for system usage.
You can use system accounting on a daily or monthly basis. Or, you can tack disk usage per user.
You can use the accounting programs to perform these tasks:
Monitor system usage
Locate and correct performance problems
Maintain system security
After you set up the system accounting programs, they run mostly on their own.
Automatic accounting is set up by first putting the accounting startup
script into root's crontab file. The accounting startup
script can then be started automatically by the cron command.
The following overview describes the system accounting process.
Between system startup and shutdown, raw data about system use (such as user logins, running processes, and data storage) are collected in accounting files.
Periodically (usually once a day), the /usr/lib/acct/runacct script processes the various accounting files and produces both
cumulative summary files and daily accounting reports. Then, the /usr/lib/acct/prdaily script prints the daily reports.
For more information about the runacct script, see runacct Script.
Monthly, you can process and print the cumulative runacct summary files by executing the monacct script.
The summary reports produced by the monacct script provide
an efficient means for billing users on a monthly or other fiscal basis.
The system accounting software provides C language programs and shell
scripts that organize data into summary files and reports. These programs
reside in the /usr/lib/acct directory. The accounting
reports reside in the /var/adm/acct directory.
Daily accounting can help you perform four types of auditing:
Connect accounting
Process accounting
Disk accounting
Fee calculations
Connect accounting enables you to determine the following information:
The length of time a user was logged in
How the tty lines are being used
The number of reboots on your system
How many times the accounting software was turned off and on
To provide this information on connect sessions, the system stores the following data
Record of time adjustments
Boot times
Number of times the accounting software was turned off and on
Changes in run levels
The creation of user processes (login processes
and init processes)
The terminations of processes
These records are produced from the output of system programs
such as date, init, login, ttymon, and acctwtmp. They are stored in the /var/adm/wtmpx file. Entries in the wtmpx file
can contain the following information:
Login name
Device name
Process ID
Entry type
Time stamp that denotes when the entry was made
Process accounting enables you to keep track of the following data about each process that runs on your system:
User IDs and group IDs of users using the process
Beginning times and elapsed times of the process
CPU time for the process (user time and system time)
Amount of memory used by the process
Commands run by the process
The tty that controls the process
Every time a process terminates, the exit program
collects this information and writes it to the /var/adm/pacct file.
Disk accounting enables you to gather and format the following data about the files each user has on disks:
User name and user ID of the user
Number of blocks that are used by the user's files
This data is collected by the /usr/lib/acct/dodisk shell
script at intervals that are determined by the entry you add to the /var/spool/cron/crontabs/root file. In turn, the dodisk script invokes the acctdisk and acctdusg commands. These commands
gather disk usage by login name.
Information gathered by running the dodisk script
is stored in the /var/adm/acct/nite/disktacct file. This
information is overwritten the next time the dodisk script
is run. Therefore, avoid running the dodisk script twice
in the same day.
The acctdusg command might overcharge for files that are written randomly, which can create holes in the files. This problem occurs because the acctdusg command does not read the indirect blocks of a file when determining the file size. Rather, the acctdusg command determines the file size by checking the current file size value in the file's inode.
The chargefee utility stores charges for special
services that are provided to a user in the /var/adm/fee file.
A special service, for example, is file restoration. Each entry in the file
consists of a user login name, user ID, and the fee. This file is checked
by the runacct script every day, and new entries are merged
into the accounting records. For instructions on running the chargefee script
to bill users, see How to Bill Users.
Here is a step-by-step summary of how daily accounting works:
When the system is switched into multiuser mode, the /usr/lib/acct/startup program is executed. The startup program executes several other programs that invoke daily accounting.
The acctwtmp program adds a “boot”
record to the /var/adm/wtmpx file. In this record, the
system name is shown as the user name in the wtmpx record.
The following table summarizes how the raw accounting data is gathered and
where it is stored.
The turnacct script, invoked with the
on option, begins process accounting. Specifically, the turnacct script executes the accton program with the /var/adm/pacct argument.
The remove shell script “cleans up” the saved pacct and wtmpx files that are left in the sum directory by the runacct script.
The login and init programs
record connect sessions by writing records into the /var/adm/wtmpx file.
Date changes (using date with an argument) are also written to the /var/adm/wtmpx file. Reboots and shutdowns using the acctwtmp command
are also recorded in the /var/adm/wtmpx file.
When a process ends, the kernel writes one record per process,
using the acct.h format, in the /var/adm/pacct file.
Every hour, the cron command executes the ckpacct script to check the size of the /var/adm/pacct file.
If the file grows beyond 500 blocks (default), the turnacct switch command
is executed. (The program moves the pacct file to the pacct
n file and creates a new file.)
The advantage of having several smaller pacct files becomes
apparent when you try to restart the runacct script if
a failure occurs when processing these records.
The runacct script is executed by the cron command each night. The runacct script processes
the accounting files to produce command summaries and usage summaries by user
name. These accounting files are processed: /var/adm/pacct
n, /var/adm/wtmpx, /var/adm/fee,
and /var/adm/acct/nite/disktacct.
The /usr/lib/acct/prdaily script is executed
on a daily basis by the runacct script to write the daily
accounting information in the /var/adm/acct/sum/rprt
MMDD files.
The monacct script should be executed on a
monthly basis (or at intervals you determine, such as at the end of every
fiscal period). The monacct script creates a report that
is based on data stored in the sum directory that has
been updated daily by the runacct script. After creating
the report, the monacct script “cleans up”
the sum directory to prepare the directory's files for
the new runacct data.