Process Accounting in Linux
But why you should be doing this?
You may even want to do this, for security, statistical purposes, load optimization, or any other administrative reason you may think of.
By default, process accounting (pacct) may not be activated on your machine. You might have to start it:
Once this is done, every single process will be logged. You can find the logs under /var/account. Now because the log is in binary form, so need to use some dumping utility to convert it to human-readable form. Here I have used “dump-acct” utility.
Once used you will get the output of all the processes in nice columns and includes the following, from left to right: process name, user time, system time, effective time, UID, GID, memory, and date.
You can then enjoy the output and tease your mind to debug that information dumped on your screen. Once you are done and want to shut off the process accounting. Just give /usr/sbin/accton without any filename. This will turn off process accounting.
Here is a small illustration from my machine (running RHEL 6)