This article hasn't been updated for over 5 years. The information below may be obsolete.

Setting up Solaris 10 Accounting subsystem

Updated  |  5 minute read   |  1696 views  |   Solaris  

This article contains simple steps needed to setup and maintain system accounting on a Solaris 10 system.

In this article we will discuss how to...

  1. Setup System Accounting
  2. Fix the wtmpx file
  3. Fix tacct errors
  4. Restart System Accounting
  5. Temporary Stop System Accounting
  6. Permanently disable System Accounting

Setting up System Accounting

The following steps are needed in setting up System Accounting on a Solaris 10 system:

  1. Switch user to root or assume an equivalent role
  2. If not already installed, install the SUNWaccr and SUNWaccu packages
  3. Setup accounting startup and shutdown scripts 
    # ln -s /etc/init.d/acct /etc/rc2.d/S22acct
# ln -s /etc/init.d/acct /etc/rc0.d/K22acct
  4. Add ckpacct, runacct and monacct cron entries to the adm crontab. For example: 
    # crontab -e adm
#ident  "@(#)adm        1.5     92/07/14 SMI"    /* SVr4.0 1.2   */
#
# The adm crontab file should contain startup of performance 
# collection if the profiling and performance feature has been 
# installed.
0 * * * * /usr/lib/acct/ckpacct
30 2 * * * /usr/lib/acct/runacct 2> /var/adm/acct/nite/fd2log
30 7 1 * * /usr/lib/acct/monacct
  5. Add the dodisk script entry to the root crontab. For example: 
    # crontab -e
#ident  "@(#)root       1.19    98/07/06 SMI"   /* SVr4.0 1.1.3.1       */
#
# The root crontab should be used to perform accounting data collection.
#
#
10 3 * * * /usr/sbin/logadm
15 3 * * 0 /usr/lib/fs/nfs/nfsfind
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean
30 22 * * 4 /usr/lib/acct/dodisk
  6. Edit /etc/acct/holidays to include national and local holidays. For example, mine here in the UK: 
    # vi /etc/acct/holidays
* @(#)holidays	UK 2012
*
* Prime/Nonprime Table for UNIX Accounting System
*
* Curr	Prime	Non-Prime
* Year	Start	Start
*
  2012	0800	1800
*
* only the first column (month/day) is significant.
*
* month/day	Company
* 			Holiday
*
1/2		New Year's Day Holiday (Mon)
4/6		Good Friday (Fri)
4/9		Easter Monday (Mon)
5/7		May Day Bank Holiday (Mon)
6/4		Spring Bank Holiday (Mon)
6/5		Diamond Jubilee Holiday (Tue)
8/27	Summer Bank Holiday (Mon)
12/25	Christmas (Tue)
12/26	Boxing Day (Wed)
  7. Reboot the server, or start the system accounting manually: 
    # /etc/init.d/acct start

Fixing Corrupted files and wtmpx Errors

Managing system accounting is not foolproof. A file may become corrupted or lost. While most files can simply be ignored or restored from backup, some files must be fixed to maintain the integrity of system accounting.

The wtmpx files seem to cause the most problems in the daily operation of system accounting. When the date is changed manually and the system is in multiuser mode, a set of date change records is written to the /var/adm/wtmpx file. The wtmpfix utility is designed to adjust the time stamps in the wtmp records when a date change is encountered. However, some combinations of date changes and reboots slip through the wtmpfix utility and cause the acctcon program to fail.

  1. Switch user to root or assume an equivalent role
  2. Convert the wtmpx file from binary to ASCII format: 
    # cd /var/tmp
# /usr/lib/acct/fwtmp < wtmpx > wtmpx.ascii
  3. Manually edit the wtmpx.ascii file and remove any corrupt records
  4. Convert wtmpx back to binary format: 
    # /usr/lib/acct/fwtmp -ic < wtmpx.ascii > wtmpx

Fixing tacct Errors

The integrity of the /var/adm/acct/sum/tacct file is important if you are charging users for system resources. Occasionally, unusual tacct records appear with negative numbers, duplicate user IDs, or a user ID of 65535.

  1. Switch user to root or assume an equivalent role
  2. Convert the tacct.MMD file from binary to ASCII format: 
    # cd /var/adm/acct/sum
# /usr/lib/acct/acctmerg -v < tacct.MMDD > tacct.ascii
  3. Edit the tacct.ascii file, and remove any corrupt records and write duplicate entries to another file
  4. Convert the tacct back to binary format: 
    # /usr/lib/acct/acctmerg -i < tacct.ascii > tacct.MMDD
  5. Merge the files tacctprev and tacct.MMDD into the tacct file. 
    # /usr/lib/acct/acctmerg < tacctprev tacct.MMDD > tacct

Restart System Accounting

The runacct program can fail for a variety of reasons, the most common being a system crash, /var running out of space, or a corrupted wtmpx file.

If the active.MMDD file exists, check it first for error messages. If the active and lock files exist, check fd2log for any mysterious messages.

Called without arguments, runacct assumes that this is the first invocation of the day. The argument MMDD is necessary if runacct is being restarted and specifies the month and day for which runacct will rerun the accounting.

Caution — When running the runacct program manually, be sure to run it as user adm.
  1. Switch user to root or assume an equivalent role
  2. Remove the lastdate file and any lock* files if exist: 
    # cd /var/adm/acct/nite
# rm lastdate lock*
    The lastdate file contains the date that the runacct program was last run. Restarting the runacct script in the next step re-creates this file.
  3. Restart the runacct script. 
    # runacct MMDD [state] 2> /var/adm/acct/nite/fd2log &
    • MMDD — the month and day specified by two-digit numbers.
    • state — specifies a state, or starting point, where runacct processing should begin.

Temporary Stop System Accounting

Youu can temporarily stop System Accounting at anytime by following the following steps:

  1. Switch user to root or assume an equivalent role
  2. Edit the adm crontab file to stop the ckpacct, runacct, and monacct programs from running by commenting out the appropriate lines. For example: 
    #ident "@(#)adm 1.5 92/07/14 SMI" /* SVr4.0 1.2 */
#
# The adm crontab file should contain startup of performance 
# collection if the profiling and performance feature has been 
# installed. 
#0 * * * * /usr/lib/acct/ckpacct 
#30 2 * * * /usr/lib/acct/runacct 2> /var/adm/acct/nite/fd2log 
#30 7 1 * * /usr/lib/acct/monacct
  3. Edit the root crontab file to stop the dodisk program from running by commenting out the appropriate line. For example: 
    #ident  "@(#)root       1.19    98/07/06 SMI"   /* SVr4.0 1.1.3.1       */
#
# The root crontab should be used to perform accounting data collection.
#
#
10 3 * * * /usr/sbin/logadm
15 3 * * 0 /usr/lib/fs/nfs/nfsfind
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean
#30 22 * * 4 /usr/lib/acct/dodisk
  4. Stop the system accounting program. 
    # /etc/init.d/acct stop
  5. (optional) To re-enable system accounting, remove the newly added comment symbols from the crontab files and restart the accounting program.
  6. Restart the system accounting program to re-enable system accounting. 
    # /etc/init.d/acct start

Permanently Disable System Accounting

You can permanently disable system accounting using the following steps:

  1. Switch user to root or assume an equivalent role
  2. Edit the adm crontab and remove the ckpacct, runacct and monacct entries: 
    #ident "@(#)adm 1.5 92/07/14 SMI" /* SVr4.0 1.2 */
#
# The adm crontab file should contain startup of performance 
# collection if the profiling and performance feature has been 
# installed.
  3. Edit the rootcrontab file and delete the entry fot the dodisk script:> 
    #ident  "@(#)root       1.19    98/07/06 SMI"   /* SVr4.0 1.1.3.1       */
#
# The root crontab should be used to perform accounting data collection.
#
#
10 3 * * * /usr/sbin/logadm
15 3 * * 0 /usr/lib/fs/nfs/nfsfind
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean
  4. Remove the accounting start/stop scripts: 
    # unlink /etc/rc2.d/S22acct
# unlink /etc/rc0.d/K22acct
  5. Stop the system accounting program: 
    # /etc/init.d/acct stop