3

I got 2 big files at, /var/log/account, of 350MB each..., my root is only 10GB...

I read there could have ckpacct to cycle and gzip it, but I cant find it, also no alternative command?

EDIT: I found that sudo accton off disable the logging but the files remain there, and I guess my next boot it will be activated again...

They seem to are being cycled but who actually does it?

369114432 May 13 23:23 /var/log/account/pacct
333708160 May 13 12:27 /var/log/account/pacct.0
 13681065 May 12 16:21 /var/log/account/pacct.1.gz
  3371433 May 11 09:50 /var/log/account/pacct.2.gz
  7549333 May 10 07:35 /var/log/account/pacct.3.gz

EDIT: my guess boot scripts does the cycle... anyway, I created this script, but I dont know what safety implications it may have.. any considerations?

cat >ckpacct.sh

#!/bin/bash

if [[ -n "$1" ]]; then
  echo "there is no parameters and no --help, read the script and understand what is does, before running it up."
  exit 1
fi

if [[ "$USER" != "root" ]]; then
    echo "you must be root to run it..."
    exit 1
fi

function FUNCerror() {
    if(($1!=0));then exit 1; fi
}

cd /var/log/account;FUNCerror $? || exit

# fast ungrab pacct file
accton off;FUNCerror $?

mv -v pacct pacct.0.temp;FUNCerror $?

echo -n |tee pacct;FUNCerror $?
chown -v root:adm pacct;FUNCerror $?
chmod -v o-r pacct;FUNCerror $?

accton on;FUNCerror $?

# compress old 0
gzip -v --best pacct.0;FUNCerror $? #releases also pacct.0 filename

mv -v pacct.0.temp pacct.0;FUNCerror $? #restore new 0 from temp

# change file names upping indexes
#mv -v pacct pacct.0
for((i=4;i>=0;i--));do
    mv -v pacct.$i.gz pacct.$((i+1)).gz;FUNCerror $?
done
rm -v pacct.5.gz;FUNCerror $? # remove last in the limit
Pablo Bianchi
  • 14,308
  • 4
  • 74
  • 117
Aquarius Power
  • 3,921
  • 6
  • 39
  • 67
  • You got the index value as single integer, that's great but mine the index is a date, so I couldn't use this script. – MaXi32 Jul 03 '20 at 18:10

3 Answers3

2

The script that cycles the logs is in /etc/cron.daily/acct. The number of log files is controlled by /etc/default/acct, which also controls whether process accounting should be enabled at boot time.

If you want to entirely remove process accounting, sudo apt-get purge acct should do the trick too.

Kees Cook
  • 17,243
  • 9
  • 68
  • 96
  • With systemd you can also use `systemctl` to just `stop` and/or `disable` `acct.service`. [Here](https://www.cyberciti.biz/faq/linux-unix-bsd-varaccountpacct-or-varlogaccountpacct-file/) more about acct. – Pablo Bianchi Feb 22 '19 at 00:24
1

Get the acct cron to cron.hourly instead of daily. Then, put this values in /etc/default/acct:

ACCT_ENABLE="1"

# Amount of days that the logs are kept.
ACCT_LOGGING="2" # you cannot set this less than 2 
                 # if you don't want acct to get an error
Pablo Bianchi
  • 14,308
  • 4
  • 74
  • 117
dzimmer
  • 11
  • 1
0

I realize that this is an old question, but since it wasn't answered...

I would assume that logrotate is doing your log rotation. Check your crontab ("crontab -l") for a logrotate task that identifies the conf file. Look in that conf file for details related to /var/log/account/pacct.

I didn't read your script closely, but it seems like your duplicating what logrotate does - no?

skydvr
  • 1
  • My `crontab -l` for normal user and root user both are empty :(. As I remember, the automatic log rotation seems to happen on every boot and are related to file date and not file size, so I need a solution engineered towards disk space :) – Aquarius Power Dec 04 '13 at 23:12
  • I created a config file for logrotate that worked, but it only run once and it deletes the original log file what forces me to recreate it zeroed. Basically I would need to put this in a loop: `accton off;logrotate lracct.cfg;echo -n |tee /var/log/account/pacct;accton on`, or add to crontab in someway I guess (never used crontab). – Aquarius Power Dec 04 '13 at 23:26
  • Sorry - just seeing your responses, but yes, you'd need to add it to a crontab. You can configure logrotate to store more than one old version of the log, and logrotate should handle "pausing" accton while it rotates the logfile. And is the "echo -n | tee" in your example basically doing a "touch" of the file? That might be slightly clearer (if you decided to go that route). – skydvr Dec 17 '13 at 22:34