Users can manage extended accounting (start accounting, stop accounting, and change accounting configuration parameters) if they have the appropriate rights profile for the extended accounting type to be managed:
Flow Management
Process Management
Task Management
To activate the extended accounting facility for tasks, processes, and flows, use the acctadm command. The optional final parameter to acctadm indicates whether the command should act on the process, system task, or flow accounting components of the extended accounting facility.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Activate extended accounting for processes.
# acctadm -e extended -f /var/adm/exacct/proc process |
Activate extended accounting for tasks.
# acctadm -e extended,mstate -f /var/adm/exacct/task task |
Activate extended accounting for flows.
# acctadm -e extended -f /var/adm/exacct/flow flow |
See acctadm(1M) for more information.
Activate extended accounting on an ongoing basis by linking the /etc/init.d/acctadm script into /etc/rc2.d.
# ln -s /etc/init.d/acctadm /etc/rc2.d/Snacctadm # ln -s /etc/init.d/acctadm /etc/rc2.d/Knacctadm |
The n variable is replaced by a number.
You must manually activate extended accounting at least once to set up the configuration.
See Extended Accounting Configuration for information on accounting configuration.
Type acctadm without arguments to display the current status of the extended accounting facility.
# acctadm Task accounting: active Task accounting file: /var/adm/exacct/task Tracked task resources: extended Untracked task resources: none Process accounting: active Process accounting file: /var/adm/exacct/proc Tracked process resources: extended Untracked process resources: host Flow accounting: active Flow accounting file: /var/adm/exacct/flow Tracked flow resources: extended Untracked flow resources: none |
In the previous example, system task accounting is active in extended mode and mstate mode. Process and flow accounting are active in extended mode.
In the context of extended accounting, microstate (mstate) refers to the extended data, associated with microstate process transitions, that is available in the process usage file (see proc(4)). This data provides much more detail about the activities of the process than basic or extended records.
Available resources can vary from system to system, and from platform to platform. Use the acctadm command with the -r option to view the accounting resource groups available on your system.
# acctadm -r process: extended pid,uid,gid,cpu,time,command,tty,projid,taskid,ancpid,wait-status,zone,flag, memory,mstatedisplays as one line basic pid,uid,gid,cpu,time,command,tty,flag task: extended taskid,projid,cpu,time,host,mstate,anctaskid,zone basic taskid,projid,cpu,time flow: extended saddr,daddr,sport,dport,proto,dsfield,nbytes,npkts,action,ctime,lseen,projid,uid basic saddr,daddr,sport,dport,proto,nbytes,npkts,action |
To deactivate process, task, and flow accounting, turn off each of them individually by using the acctadm command with the -x option.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Turn off process accounting.
# acctadm -x process |
Turn off task accounting.
# acctadm -x task |
Turn off flow accounting.
# acctadm -x flow |
Verify that task accounting, process accounting, and flow accounting have been turned off.
# acctadm Task accounting: inactive Task accounting file: none Tracked task resources: extended Untracked task resources: none Process accounting: inactive Process accounting file: none Tracked process resources: extended Untracked process resources: host Flow accounting: inactive Flow accounting file: none Tracked flow resources: extended Untracked flow resources: none |