To set up network accounting, use the extended accounting facility's acctadm command. For more information, see the acctadm(1M) man page. After you have completed setting up network accounting, use the flowstat command to record traffic statistics.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# acctadm [process | task | flow | net]
The extended accounting facility can enable four types of accounting. The optional operands of the acctadm command correspond to the following accounting types:
Specifying –net displays the status of network accounting. If –net is not used, then the status of all four accounting types is displayed.
# acctadm -e extended -f filename net
where filename includes the full path of the log file that captures network traffic statistics. The log file can be created in any directory that you specify.
# acctadm net
View the status of all accounting types as follows:
# acctadm Task accounting: inactive Task accounting file: none Tracked task resources: none Untracked task resources: extended Process accounting: inactive Process accounting file: none Tracked process resources: none Untracked process resources: extended,host Flow accounting: inactive Flow accounting file: none Tracked flow resources: none Untracked flow resources: extended Net accounting: inactive Network accounting file: none Tracked Network resources: none Untracked Network resources: extended
The output shows that network accounting is not active. Therefore, you should enable extended network accounting.
# acctadm -e extended -f /var/log/net.log net # acctadm net Net accounting: active Net accounting file: /var/log/net.log Tracked net resources: extended Untracked net resources: none