Process Accounting in Linux


By using Process Accounting, you can log the completion of every single process running on your Linux machine. You have learned a lot about processes in your RHCE Training or RHCSS Training.

But why you should be doing this?

You may even want to do this, for security, statistical purposes, load optimization, or any other administrative reason you may think of.

By default, process accounting (pacct) may not be activated on your machine. You might have to start it:

/usr/sbin/accton /var/account/pacct

Once this is done, every single process will be logged. You can find the logs under /var/account. Now because the log is in binary form, so need to use some dumping utility to convert it to human-readable form. Here I have used “dump-acct” utility.

Once used you will get the output of all the processes in nice columns and includes the following, from left to right: process name, user time, system time, effective time, UID, GID, memory, and date.

You can then enjoy the output and tease your mind to debug that information dumped on your screen. Once you are done and want to shut off the process accounting. Just give /usr/sbin/accton without any filename. This will turn off process accounting.


Here is a small illustration from my machine (running RHEL 6)

Process Accounting Linux

Process Accounting Linux