From owner-freebsd-stable Mon Nov 13 13:56:47 2000 Delivered-To: freebsd-stable@freebsd.org Received: from shell.futuresouth.com (shell.futuresouth.com [198.78.58.28]) by hub.freebsd.org (Postfix) with ESMTP id E41A037B4C5 for ; Mon, 13 Nov 2000 13:56:42 -0800 (PST) Received: (from tim@localhost) by shell.futuresouth.com (8.9.3/8.9.3) id PAA12629; Mon, 13 Nov 2000 15:56:36 -0600 (CST) Date: Mon, 13 Nov 2000 15:56:36 -0600 From: Tim To: cjclark@alum.mit.edu Cc: freebsd-stable@FreeBSD.ORG Subject: Re: periodic and 310.accounting Message-ID: <20001113155636.I10482@futuresouth.com> References: <20001112075532.A7158@futuresouth.com> <20001112134724.O75251@149.211.6.64.reflexcom.com> <20001112161350.A8992@futuresouth.com> <20001112145648.R75251@149.211.6.64.reflexcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001112145648.R75251@149.211.6.64.reflexcom.com>; from cjclark@reflexnet.net on Sun, Nov 12, 2000 at 02:56:48PM -0800 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Nov 12, 2000 at 02:56:48PM -0800, Crist J . Clark wrote: > To view the information in the accounting files I have always used > sa(8). You can get all of the same info out of the raw files as you > can from the summary ones as far as sa(8) is concerned... I think. > > > I was looking > > for the login times of a particular user and I believe I need the raw log > > files for that. > > That information is not even from the /var/account files, that's in > utmp and wtmp. That information is already archived by newsyslog which > by default keeps three _months_ of old records (it used to keep a > year's worth). See last(1). I am sorry, I should know better than post without thinking first. I was looking for the times/dates that each command was executed. I think that's in the raw files only. > > It looks to me there is a small race condition with the 310.accounting > > script. > > > > cp -pf acct acct.0 || rc=3 > > sa -s >/dev/null || rc=3 > > > > wouldn't commands logged between the two statements be lost? > > Yes and no. No commands will be lost to the summary files (which is > what is considered to be important), but there may be commands that > are lost between the acct.0 file and the new acct files. Ok, I might still be confused here, but I personally don't care much about the summary files but am interested more in the raw files, specifically time/date each command was executed. > > I can't > > think of a way to work around this though. Or is there some special > > system magic that I am missing? > > Notice that the 'acct' is never actually removed explicitly in the > script. the sa(8) command truncates the acct file after reading in its > information, so nothing is lost in the summary files. Right, but we definitely could lose information in the acct.* archives. Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message