EN JA
ACCT(5)
ACCT(5) FreeBSD File Formats Manual ACCT(5)

NAME

acctexecution accounting file

SYNOPSIS

#include < sys/types.h>
#include < sys/acct.h>

DESCRIPTION

The kernel maintains the following acct information structure for all processes. If a process terminates, and accounting is enabled, the kernel calls the acct(2) function call to prepare and append the record to the accounting file.

#define AC_COMM_LEN 16 
 
/* 
 * Accounting structure version 2 (current). 
 * The first byte is always zero. 
 * Time units are microseconds. 
 */ 
 
struct acctv2 { 
 uint8_t  ac_zero;  /* zero identifies new version */ 
 uint8_t  ac_version;  /* record version number */ 
 uint16_t ac_len;  /* record length */ 
 
 char   ac_comm[AC_COMM_LEN]; /* command name */ 
 float   ac_utime;  /* user time */ 
 float   ac_stime;  /* system time */ 
 float   ac_etime;  /* elapsed time */ 
 time_t   ac_btime;  /* starting time */ 
 uid_t   ac_uid;  /* user id */ 
 gid_t   ac_gid;  /* group id */ 
 float   ac_mem;  /* average memory usage */ 
 float   ac_io;  /* count of IO blocks */ 
 __dev_t   ac_tty;  /* controlling tty */ 
 
 uint16_t ac_len2;  /* record length */ 
 union { 
  __dev_t   ac_align; /* force v1 compatible alignment */ 
 
#define AFORK 0x01   /* forked but not exec'ed */ 
/* ASU is no longer supported */ 
#define ASU 0x02   /* used super-user permissions */ 
#define ACOMPAT 0x04   /* used compatibility mode */ 
#define ACORE 0x08   /* dumped core */ 
#define AXSIG 0x10   /* killed by a signal */ 
#define ANVER 0x20   /* new record version */ 
 
  uint8_t  ac_flag; /* accounting flags */ 
 } ac_trailer; 
 
#define ac_flagx ac_trailer.ac_flag 
};

If a terminated process was created by an execve(2), the name of the executed file (at most ten characters of it) is saved in the field ac_comm and its status is saved by setting one of more of the following flags in ac_flag: AFORK, ACOMPAT, ACORE and ASIG. ASU is no longer supported. ANVER is always set in the above structure.

HISTORY

A acct file format appeared in Version 7 AT&T UNIX. The current record format was introduced on May 2007. It is backwards compatible with the previous format, which is still documented in < sys/acct.h> and supported by lastcomm(1) and sa(8).
May 15, 2007 FreeBSD