NAME
acct
—
execution accounting file
SYNOPSIS
#include
<sys/acct.h>
DESCRIPTION
The kernel maintains the following acct information structure for all processes. If a process terminates, and accounting is enabled, the kernel calls the acct(2) function call to prepare and append the record to the accounting file.
/* * Accounting structures; these use a comp_t type which is a 3 bits base 8 * exponent, 13 bit fraction floating point number. Units are 1/AHZ * seconds. */ typedef u_int16_t comp_t; struct acct { char ac_comm[10]; /* command name */ comp_t ac_utime; /* user time */ comp_t ac_stime; /* system time */ comp_t ac_etime; /* elapsed time */ time_t ac_btime; /* starting time */ uid_t ac_uid; /* user id */ gid_t ac_gid; /* group id */ u_int16_t ac_mem; /* average memory usage */ comp_t ac_io; /* count of IO blocks */ dev_t ac_tty; /* controlling tty */ #define AFORK 0x01 /* fork'd but not exec'd */ #define ASU 0x02 /* used super-user permissions */ #define ACOMPAT 0x04 /* used compatibility mode */ #define ACORE 0x08 /* dumped core */ #define AXSIG 0x10 /* killed by a signal */ #define APLEDGE 0x20 /* killed due to pledge violation */ #define ATRAP 0x40 /* memory access violation */ u_int8_t ac_flag; /* accounting flags */ }; /* * 1/AHZ is the granularity of the data encoded in the comp_t fields. * This is not necessarily equal to hz. */ #define AHZ 64 #ifdef _KERNEL int acct_process(struct proc *p); #endif
If a terminated process was created by an
execve(2), the name of the executed file (at most ten characters of
it) is saved in the field ac_comm and its status is
saved by setting one or more of the following flags in
ac_flag: AFORK
,
ASU
, ACOMPAT
,
ACORE
, and AXSIG
.
SEE ALSO
HISTORY
An acct
file format first appeared in
Version 7 AT&T UNIX.