 |
Linode.com Forum
Linode Community Forums
|
| Author |
Message |
tronic
Joined: 04 Dec 2004
Posts: 123
|
| Posted: Sun Dec 12, 2004 11:59 am Post subject: BSD process accounting |
|
|
I found out something very interesting:
GNU acct tools (accton, lastcomm, etc) can support the V1/V2 format OR V3 format at any given time.
The Linode kernel has all 3 compiled in, so acct reverts to V1/V2 support (odd, I know). It should properly work if V1/V2 accounting support is disabled, and V3 left enabled, and then a recompile.
Or if V1/V2 is enabled and V3 is disabled, then it will also work, too.
Symptoms of it not working:
Code: (? 1024 ?? 0.00 secs Wed Dec 31 19:00
?? root ?? 0.00 secs Wed Dec 31 19:00
D? 1024 ?? 0.00 secs Wed Dec 31 19:00
@? 1024 ?? 0.00 secs Wed Dec 31 19:00
(? 1024 ?? 0.00 secs Wed Dec 31 19:00
The kernel I am using is 2.6.9-linode9.
Looks like V1/V2/V3 are all enabled in the Linode kernel:
Code: # gzcat /proc/config.gz | grep ACCT
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_BSD_PROCESS_ACCT_V3=y
Since I don't see an obvious way to turn on only V3 in the kernel, is there any way we could go back to the V1/V2 support by disabling only the V3 support in the kernel?
Or is there a V3-aware accounting tool other than GNU acct that can deal with 2.6 + V3?
I find process accounting useful; it's not as good as something like RBAC / BSM, obviously, but it's not bad as a starting point.
I've opened a ticket (#8360) on this, but posted comments here as well in hopes of seeing if there's some other tool that I didn't know, that might be able to handle it without disabling V3.
I can confirm that GNU acct works properly on my non-UML machine at home when V3 is disabled, on a 2.6.9-gentoo-r8 kernel:
Code: ps root stdin 0.01 secs Sun Dec 12 11:20
ls root stdin 0.00 secs Sun Dec 12 11:20
accton root stdin 0.00 secs Sun Dec 12 11:20
Under Gentoo on a Linode running 2.6.9-linode9, here is how to reproduce this problem:
Code: # emerge acct
# accton /var/account/pacct
# pwd && ls && ps
# lastcomm
For a non-Gentoo box, one can just fetch the source tarball for the current version, do a ./configure and then 'make && make install' then do the other commands after emerge.
http://ftp.debian.org/debian/pool/main/a/acct/acct_6.3.5.orig.tar.gz
-Dan |
|
| Back to top |
|
Raayat
Joined: 08 Jul 2004
Posts: 26
Location: London, UK
|
| Posted: Fri Dec 31, 2004 5:36 am Post subject: |
|
|
Some guy (Tim Schmielau, to be precise) was working on a version of acct that read all the formats. Had you seen it before? I haven't tried it myself.
It's at http://www.physik3.uni-rostock.de/tim/kernel/utils/acct/. |
|
| Back to top |
|
tronic
Joined: 04 Dec 2004
Posts: 123
|
| Posted: Fri Dec 31, 2004 5:48 am Post subject: |
|
|
Ahh! Very nice. You are, of course, correct. Works great, thank you very much. (Tested it.)
Chris, if you see this, please cancel my request in ticket #8360. Thanks!
-Dan |
|
| Back to top |
|
Raayat
Joined: 08 Jul 2004
Posts: 26
Location: London, UK
|
| Posted: Fri Dec 31, 2004 6:44 am Post subject: |
|
|
| Join me in pestering people to get it into mainstream acct, then! :) |
|
| Back to top |
|
tronic
Joined: 04 Dec 2004
Posts: 123
|
| Posted: Sat Jun 04, 2005 8:06 pm Post subject: |
|
|
| Following up: I see it's now in ~x86, so I've selected that. Works great now with it integrated to Portage ebuild management. |
|
| Back to top |
|
| |
|