Manual Page Result
0
Command: acct | Section: 5 | Source: OpenBSD | File: acct.5
ACCT(5) FreeBSD File Formats Manual ACCT(5)
NAME
acct - execution accounting file
SYNOPSIS
#include <sys/acct.h>
DESCRIPTION
The kernel maintains the following acct information structure for all
processes. If a process terminates or misbehaves in specific ways, and
accounting is enabled, the kernel calls the acct(2) function call to
prepare and append the record to the accounting file.
/*
* Accounting structures; these use a comp_t type which is a 3 bits base 8
* exponent, 13 bit fraction floating point number. Units are 1/AHZ
* seconds.
*/
typedef u_int16_t comp_t;
struct acct {
char ac_comm[24]; /* command name, incl NUL */
comp_t ac_utime; /* user time */
comp_t ac_stime; /* system time */
comp_t ac_etime; /* elapsed time */
comp_t ac_io; /* count of IO blocks */
time_t ac_btime; /* starting time */
uid_t ac_uid; /* user id */
gid_t ac_gid; /* group id */
u_int32_t ac_mem; /* average memory usage */
dev_t ac_tty; /* controlling tty, or -1 */
pid_t ac_pid; /* process id */
u_int32_t ac_flag; /* accounting flags */
#define AFORK 0x00000001 /* fork'd but not exec'd */
#define AMAP 0x00000004 /* killed by syscall or stack mapping violation */
#define ACORE 0x00000008 /* dumped core */
#define AXSIG 0x00000010 /* killed by a signal */
#define APLEDGE 0x00000020 /* killed due to pledge violation */
#define ATRAP 0x00000040 /* memory access violation */
#define AUNVEIL 0x00000080 /* unveil access violation */
#define APINSYS 0x00000200 /* killed by syscall pin violation */
#define ABTCFI 0x00000400 /* BT CFI violation */
};
/*
* 1/AHZ is the granularity of the data encoded in the comp_t fields.
* This is not necessarily equal to hz.
*/
#define AHZ 64
#ifdef _KERNEL
int acct_process(struct proc *p);
int acct_shutdown(void);
#endif
If a terminated or misbehaving process was created by an execve(2), the
name of the executed file (at most ten characters of it) is saved in the
field ac_comm and its status is saved by setting one or more of the
following flags in ac_flag:
AFORK A new process was created via fork(2) that was not followed by a
call to execve(2).
AMAP The process terminated abnormally due to a system call or stack
mapping violation.
ACORE The process terminated abnormally due to a signal and dumped
core(5).
AXSIG The process was killed by a signal(3).
APLEDGE The process was killed due to a pledge(2) violation.
ATRAP The process was killed due to a memory access violation detected
by a processor trap.
AUNVEIL The process attempted a file access that was prevented by
unveil(2) restrictions. Note that this does not cause the
process to terminate.
APINSYS The command tried to execute a system call from the wrong system
call instruction, see pinsyscalls(2).
ABTCFI The command executed an indirect branch to a location that did
not start with a `BTI' instruction, and terminated with signal
SIGILL, code ILL_BTCFI.
SEE ALSO
lastcomm(1), acct(2), execve(2), pledge(2), unveil(2), signal(3),
core(5), accton(8), sa(8)
HISTORY
An acct file format first appeared in Version 7 AT&T UNIX.
FreeBSD 14.1-RELEASE-p8 February 25, 2024 FreeBSD 14.1-RELEASE-p8