SUMMARY: System accounting using accton

From: Jeff Kennedy (
Date: Tue Jun 29 1999 - 10:21:54 CDT

Kill is a built-in shell command and not a system command (I still have
sooooo much to learn) and therefore will not show up in system accounting,
except as the system call for the shell. Neither will cd, test, etc....

One possible alternative was, of course, sudo. This is the best option in
my opinion but has met with some resistance.

Another possibility was a script to direct history files to a common file
owned by root. Not a bad idea either but more work than should be

Thanks to:
John Dodge Jon LaBadie
Cliff Skolnick David Mitchell
Jason Marshall

---------------------- Forwarded by Jeff Kennedy/NDS on 06/29/99 08:17 AM

"Jeff Kennedy" <> on 06/15/99 02:15:08 PM
 cc: (bcc: Jeff Kennedy/NDS)
 Subject: System accounting using accton

Joyful days of summer to you all,

I have turned on system accounting in order to log all user commands.
Recently we had an oracle process killed which cost about 5 hours of work
and some people went off the deep end (not me Foster ;-] ). So, they want
to be able to see who is doing what to what and when. Fine, accton
/var/adm/pacct, problem solved.

Not quite. After doing a few tests most things show up fine, with one
exception; the kill command. Wherever a kill command should be I see
'utmp_upd'. Is that normal or did I miss something? It doesn't matter if
I do a straight kill or use -9 it shows the same. The obvious solution is
to substitute kill wherever I see it but that doesn't tell me why. It also
doesn't tell what process they utmp_upd'd.

I may not be going about this the right way so I thought I'd present it to
the Committee of the Brilliant.

Thanks for any input.

Jeff Kennedy

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:23 CDT