Monitor User Activity with psacct or acct Tools

Monitor User Activity with psacct or acct Tools


Intrusions can take place from both authorized and unauthorized users. May be that unhappy user can damage the system, especially when they have a shell access. Some users are little smart and removes history file (such as ~/.bash_history) but you can monitor all user executed commands.

This program provides an excellent way to monitor what users are doing, what commands are they firing, how much resources are being consumed by them, how long users are active on the system. Another great feature of this program is it gives total resources consumed by services like Apache, MySQL, FTP,SSH etc.

The psacct or acct package provides several features for monitoring process activities.

  1. ac command prints the statistics about how long  a user have been logged on.
  2. lastcomm command prints the information of previously executed commands of user.
  3. accton commands is used to turn on/off process for accounting.
  4. sa command summarizes information of previously executed commands.
  5. last and lastb commands show listing of last logged in users.

Installing psacct or acct Packages

psacct or acct both are similar packages and there is not much difference between them, but the psacct package only available for rpm based distributions such as RHEL, CentOS and Fedora, whereas acct package available for distributions like Ubuntu, Debian and Linux Mint.

To install psacct package under rpm based distributions use the following yum command.


Starting psacct or acct service


You see the status showing as disabled, so let’s start it manually using the following command. These two commands will create a /var/account/pacct file and start services.


Display Statistics of Users Connect Time

ac command without specifying any argument will displays total statistics of connect time in hours based on the user logins/logouts from the current wtmp file.


Display Statistics of Users Day-wise

Using command “ac -d” will prints the total login time in hours by day-wise.


 Display Time Totals for User

Using command “ac -p” will print the total login time for user in hours.


Display Individual User Time

To get the total login statistics time of user “raj” in hours, use the command as.


Print All Account Activity Information

The “sa” command is used to print the summary of commands that were executed by user.


Leave a Reply

Your email address will not be published. Required fields are marked *