Unix SAR?

An Anonymous Coward asks: "This may appear to be a simple question at a first glance but I have been trying to find a solution for it for quite a while. I have been playing with different System Accounting utilities (i.e. SAR etc) and they all provide a wide range of useful information but I did not find any one that would be able to tell me the full path and the name of every process that a user runs in a Solaris machine. A loop with ps does not help because you may miss the processes that ran between each call to ps. Any one know how to extract this info? Is there a good System Accounting solution that does the trick? What is the best System Accounting solution available today?"

LKM

[tps12]

Sounds like prime territory for a loadable module. You basically just patch the fork/exec syscall(s) to record the new processes by uid. This not only ensures that nothing slips by, but it uses fewer resources during long periods with few new processes started.

Popularity Contest

[4of12]

There has to be a way.

I seem to recall something like sacct or something that run on my 4.2 BSD flavored boxes back in the 1980s that had exactly the kind of information you desire.

It was in a research group at a university, and we didn't charge people for CPU time. [Does anyone really charge for CPU time anymore? It's gotten to be almost "too cheap to meter".]

However, it was interesting because it told you about applications that really got a lot of usage. Apart from the usual suspects like /usr/bin/ls, the accounting information showed which home-grown programs were the most popular.

A co-worker's XY plotting program ranked among the most used programs on the machine according to system accounting. That helped him gain credence in my advisor's eyes for spending time creating this tool, even though it was not directly related to our research.