psacct and acct are both similar packages, and there is not much difference between them, but the psacct package is only available for rpm-based distributions such as RHEL, CentOS, and Fedora, whereas the acct package is available for Debian-based distributions like Ubuntu and Linux Mint.
You can also limit the output to show only the most recent commands:
lastcomm ls
These tools generate logs that can grow over time, the main accounting file is located at /var/account/pacct. You can rotate this file using logrotate by creating a configuration file at /etc/logrotate.d/psacct:
ac -p
lastcomm cat | grep -i “shadow|passwd”
Practical Use Cases
sa -m
Print and Sort Usage by Percentage
sudo yum install psacct
# Or on newer systems
sudo dnf install psacct
ac ravi
total 110.31
Display Day-Wise Login Time of User
man ac
man sa
man lastcomm
man accton
sa -u
sa -c
/var/account/pacct {
monthly
rotate 12
compress
notifempty
create 0600 root root
}
lastcomm ravi
To install the psacct package under rpm-based distributions, issue the following yum or dnf command:
Display Statistics of Linux Users Day-Wise
rockylinux 425.61
tecmint 702.29
root 10171.54
total 11299.44
ac
total 11299.15
ac -d ravi
sudo apt install acct
I think this is one of the great and most needed utilities for every Linux/Unix System Administrator who wants to keep a track of user activities on their servers/systems.
Display Linux User Login Time
sa
sudo apk add psacct [On Alpine Linux]
sudo pacman -S acct [On Arch Linux]
sudo zypper install acct [On OpenSUSE]
Starting psacct or acct Service
The psacct or acct package provides several features for monitoring process activities:
The 'lastcomm' command is used to search and display previously executed user command information. You can also search for commands of individual usernames. For example, we see commands of the user (ravi):
To get the information of an individual user, use the options -u:
- 0.04re is a “real-time” as per wall clock minutes.
- 0.04cp is a sum of system/user time in cpu minutes.
- 6546k is a cpu-time averaged core usage, i.e. 1k units.
- fail2ban-client command name.
ac -d ravi | tail -n 31
Print All Linux Commands Executed by Users
To get the total login statistics time of user “ravi” in hours, use the command as:
psacct and acct are both open source utilities for monitoring users’ activities on the Linux system. These utilities run in the background and keep track of each user’s activity on your system as well as what resources are being consumed.
Print Number of Linux Processes
I personally used these tools in our company, we have a development team where our developers continuously work on servers. So, these are the best utilities to keep an eye on them.
This command prints the total number of processes and CPU minutes. If you see a continued increase in these numbers, then it’s time to look into the system about what is happening:
Using the command “ac -p" will print the total login time of each Linux user in hours:
List Last Executed Commands of User
Using the command "ac -d" will print out the total login time in hours by day-wise:
ac -d
These programs provide an excellent way to monitor what users are doing, what commands are they executing, how many resources are being consumed by them, and how long users are active on the system. Another useful feature is, that it gives total resources consumed by services like Apache, MySQL, FTP, SSH, etc.
ac command without specifying any argument will display total statistics of connect time in hours based on the user logins/logouts from the current wtmp file:
When you’re managing a Linux server, especially one with multiple users, you need visibility into what’s happening on your system, such as who’s logged in? What commands are they running? how much CPU time is being consumed? These aren’t just curiosity questions; they’re essential for security, troubleshooting, and resource management.
sudo systemctl start psacct
sudo systemctl enable psacct
sudo systemctl status psacct
The asterisk (*) after some commands indicates that the command was run with superuser privileges.
lastcomm tecmint | head -n 20
Search Logs for Commands
sudo systemctl status psacct
You see the status showing as disabled, so let’s start it manually using the following commands, which will create a /var/account/pacct file:
