To set up network accounting, use the extended accounting facility's acctadm command. For more information, see the acctadm(1M) man page. After you have completed setting up network accounting, use the flowstat command to record traffic statistics.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# acctadm [process | task | flow | net]
The extended accounting facility can enable four types of accounting. The optional operands of the acctadm command correspond to the following accounting types:
Specifying –net displays the status of network accounting. If –net is not used, then the status of all four accounting types is displayed.
# acctadm -e extended -f filename net
where filename includes the full path of the log file that captures network traffic statistics. The log file can be created in any directory that you specify.
# acctadm net
This example shows how to configure network accounting to capture and display historical traffic information on the system.
View the status of all accounting types as follows:
# acctadm
Task accounting: inactive
Task accounting file: none
Tracked task resources: none
Untracked task resources: extended
Process accounting: inactive
Process accounting file: none
Tracked process resources: none
Untracked process resources: extended,host
Flow accounting: inactive
Flow accounting file: none
Tracked flow resources: none
Untracked flow resources: extended
Net accounting: inactive
Network accounting file: none
Tracked Network resources: none
Untracked Network resources: extended
The output shows that network accounting is not active. Therefore, you should enable extended network accounting.
# acctadm -e extended -f /var/log/net.log net
# acctadm net
Net accounting: active
Net accounting file: /var/log/net.log
Tracked net resources: extended
Untracked net resources: none