Setting up Solaris 10 Accounting subsystem
This article contains simple steps needed to setup and maintain system accounting on a Solaris 10 system.
In this article we will discuss how to...
- Setup System Accounting
- Fix the
wtmpx
file - Fix
tacct
errors - Restart System Accounting
- Temporary Stop System Accounting
- Permanently disable System Accounting
Setting up System Accounting
The following steps are needed in setting up System Accounting on a Solaris 10 system:
- Switch user to root or assume an equivalent role
- If not already installed, install the SUNWaccr and SUNWaccu packages
- Setup accounting startup and shutdown scripts
# ln -s /etc/init.d/acct /etc/rc2.d/S22acct # ln -s /etc/init.d/acct /etc/rc0.d/K22acct
- Add
ckpacct
,runacct
andmonacct
cron entries to theadm
crontab. For example:# crontab -e adm #ident "@(#)adm 1.5 92/07/14 SMI" /* SVr4.0 1.2 */ # # The adm crontab file should contain startup of performance # collection if the profiling and performance feature has been # installed. 0 * * * * /usr/lib/acct/ckpacct 30 2 * * * /usr/lib/acct/runacct 2> /var/adm/acct/nite/fd2log 30 7 1 * * /usr/lib/acct/monacct
- Add the
dodisk
script entry to theroot
crontab. For example:# crontab -e #ident "@(#)root 1.19 98/07/06 SMI" /* SVr4.0 1.1.3.1 */ # # The root crontab should be used to perform accounting data collection. # # 10 3 * * * /usr/sbin/logadm 15 3 * * 0 /usr/lib/fs/nfs/nfsfind 30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean 30 22 * * 4 /usr/lib/acct/dodisk
- Edit
/etc/acct/holidays
to include national and local holidays. For example, mine here in the UK:# vi /etc/acct/holidays * @(#)holidays UK 2012 * * Prime/Nonprime Table for UNIX Accounting System * * Curr Prime Non-Prime * Year Start Start * 2012 0800 1800 * * only the first column (month/day) is significant. * * month/day Company * Holiday * 1/2 New Year's Day Holiday (Mon) 4/6 Good Friday (Fri) 4/9 Easter Monday (Mon) 5/7 May Day Bank Holiday (Mon) 6/4 Spring Bank Holiday (Mon) 6/5 Diamond Jubilee Holiday (Tue) 8/27 Summer Bank Holiday (Mon) 12/25 Christmas (Tue) 12/26 Boxing Day (Wed)
- Reboot the server, or start the system accounting manually:
# /etc/init.d/acct start
Fixing Corrupted files and wtmpx Errors
Managing system accounting is not foolproof. A file may become corrupted or lost. While most files can simply be ignored or restored from backup, some files must be fixed to maintain the integrity of system accounting.
The wtmpx
files seem to cause the most problems in the daily operation of system accounting. When the date is changed manually and the system is in multiuser mode, a set of date change records is written to the /var/adm/wtmpx
file. The wtmpfix
utility is designed to adjust the time stamps in the wtmp
records when a date change is encountered. However, some combinations of date changes and reboots slip through the wtmpfix
utility and cause the acctcon
program to fail.
- Switch user to root or assume an equivalent role
- Convert the
wtmpx
file from binary to ASCII format:# cd /var/tmp # /usr/lib/acct/fwtmp < wtmpx > wtmpx.ascii
- Manually edit the
wtmpx.ascii
file and remove any corrupt records - Convert
wtmpx
back to binary format:# /usr/lib/acct/fwtmp -ic < wtmpx.ascii > wtmpx
Fixing tacct Errors
The integrity of the /var/adm/acct/sum/tacct
file is important if you are charging users for system resources. Occasionally, unusual tacct
records appear with negative numbers, duplicate user IDs, or a user ID of 65535.
- Switch user to root or assume an equivalent role
- Convert the
tacct.MMD
file from binary to ASCII format:# cd /var/adm/acct/sum # /usr/lib/acct/acctmerg -v < tacct.MMDD > tacct.ascii
- Edit the
tacct.ascii
file, and remove any corrupt records and write duplicate entries to another file - Convert the
tacct
back to binary format:# /usr/lib/acct/acctmerg -i < tacct.ascii > tacct.MMDD
- Merge the files
tacctprev
andtacct.MMDD
into thetacct
file.# /usr/lib/acct/acctmerg < tacctprev tacct.MMDD > tacct
Restart System Accounting
The runacct
program can fail for a variety of reasons, the most common being a system crash, /var
running out of space, or a corrupted wtmpx
file.
If the active.MMDD
file exists, check it first for error messages. If the active and lock files exist, check fd2log
for any mysterious messages.
Called without arguments, runacct
assumes that this is the first invocation of the day. The argument MMDD is necessary if runacct
is being restarted and specifies the month and day for which runacct
will rerun the accounting.
Caution — When running the runacct program manually, be sure to run it as user adm
.
- Switch user to root or assume an equivalent role
- Remove the
lastdate
file and anylock*
files if exist:# cd /var/adm/acct/nite # rm lastdate lock*
Thelastdate
file contains the date that therunacct
program was last run. Restarting therunacct
script in the next step re-creates this file. - Restart the
runacct
script.# runacct MMDD [state] 2> /var/adm/acct/nite/fd2log &
- MMDD — the month and day specified by two-digit numbers.
- state — specifies a state, or starting point, where
runacct
processing should begin.
Temporary Stop System Accounting
Youu can temporarily stop System Accounting at anytime by following the following steps:
- Switch user to root or assume an equivalent role
- Edit the
adm
crontab file to stop theckpacct
,runacct
, andmonacct
programs from running by commenting out the appropriate lines. For example:#ident "@(#)adm 1.5 92/07/14 SMI" /* SVr4.0 1.2 */ # # The adm crontab file should contain startup of performance # collection if the profiling and performance feature has been # installed. #0 * * * * /usr/lib/acct/ckpacct #30 2 * * * /usr/lib/acct/runacct 2> /var/adm/acct/nite/fd2log #30 7 1 * * /usr/lib/acct/monacct
- Edit the
root
crontab file to stop thedodisk
program from running by commenting out the appropriate line. For example:#ident "@(#)root 1.19 98/07/06 SMI" /* SVr4.0 1.1.3.1 */ # # The root crontab should be used to perform accounting data collection. # # 10 3 * * * /usr/sbin/logadm 15 3 * * 0 /usr/lib/fs/nfs/nfsfind 30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean #30 22 * * 4 /usr/lib/acct/dodisk
- Stop the system accounting program.
# /etc/init.d/acct stop
- (optional) To re-enable system accounting, remove the newly added comment symbols from the
crontab
files and restart the accounting program. - Restart the system accounting program to re-enable system accounting.
# /etc/init.d/acct start
Permanently Disable System Accounting
You can permanently disable system accounting using the following steps:
- Switch user to root or assume an equivalent role
- Edit the
adm
crontab and remove theckpacct
,runacct
andmonacct
entries:#ident "@(#)adm 1.5 92/07/14 SMI" /* SVr4.0 1.2 */ # # The adm crontab file should contain startup of performance # collection if the profiling and performance feature has been # installed.
- Edit the
root
crontab file and delete the entry fot thedodisk
script:>#ident "@(#)root 1.19 98/07/06 SMI" /* SVr4.0 1.1.3.1 */ # # The root crontab should be used to perform accounting data collection. # # 10 3 * * * /usr/sbin/logadm 15 3 * * 0 /usr/lib/fs/nfs/nfsfind 30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean
- Remove the accounting start/stop scripts:
# unlink /etc/rc2.d/S22acct # unlink /etc/rc0.d/K22acct
- Stop the system accounting program:
# /etc/init.d/acct stop