API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 2nd, 2016
59
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.06 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2.  
  3. from __future__ import print_function
  4. from datetime import datetime
  5.  
  6. '''
  7. Display the account records gathered by the sa(8) facility.
  8. from /usr/include/sys/acct.h
  9. or on macOS, /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/include/sys/acct.h
  10.  
  11. /*
  12. * Accounting structures; these use a comp_t type which is a 3 bits base 8
  13. * exponent, 13 bit fraction ``floating point'' number. Units are 1/AHZ
  14. * seconds.
  15. */
  16. typedef u_int16_t comp_t;
  17.  
  18. struct acct {
  19. char ac_comm[10]; /* command name */
  20. comp_t ac_utime; /* user time */
  21. comp_t ac_stime; /* system time */
  22. comp_t ac_etime; /* elapsed time */
  23. u_int32_t ac_btime; /* starting time */
  24. uid_t ac_uid; /* user id */
  25. gid_t ac_gid; /* group id */
  26. u_int16_t ac_mem; /* average memory usage */
  27. comp_t ac_io; /* count of IO blocks */
  28. dev_t ac_tty; /* controlling tty */
  29.  
  30. #define AFORK 0x01 /* fork'd but not exec'd */
  31. #define ASU 0x02 /* used super-user permissions */
  32. #define ACOMPAT 0x04 /* used compatibility mode */
  33. #define ACORE 0x08 /* dumped core */
  34. #define AXSIG 0x10 /* killed by a signal */
  35. u_int8_t ac_flag; /* accounting flags */
  36. };
  37. '''
  38.  
  39. def chunks(l, n):
  40. """Yield successive n-sized chunks from l."""
  41. for i in xrange(0, len(l), n):
  42. yield l[i:i + n]
  43.  
  44.  
  45. def flipHex(i):
  46. return int("".join(i)[::-1].encode("hex"), 16)
  47.  
  48.  
  49. fh = open("/var/account/acct", 'r')
  50. sa = fh.read()
  51.  
  52. tfmt = "%Y-%m-%d %H:%M:%S"
  53. pfmt = "{: <20} {: <5} {: <5} {}"
  54. print(pfmt.format("Start Time", "uid", "gid", "command"))
  55. records = []
  56.  
  57. # entries from the acct file are each 40 chars long
  58. for rec in chunks(sa, 40):
  59. r = {}
  60. r['cmd'] = rec[:9]
  61. r['start_time'] = flipHex(rec[16:20])
  62. r['uid'] = flipHex(rec[20:24])
  63. r['gid'] = flipHex(rec[24:28])
  64. records.append(r)
  65.  
  66. sorted_records = sorted(records, key=lambda k: k['start_time'])
  67.  
  68. for r in sorted_records:
  69. print(pfmt.format(str(datetime.fromtimestamp(r['start_time'])), r['uid'], r['gid'], r['cmd']))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!