The tip command and the Berkeley version of the UUCP commands record information in the aculog file each time they make a telephone call. The information recorded includes the account name, date, time, entry in the /etc/remote file that was used to place the call, phone number dialed, actual device used, and whether the call was successful.

Here is a sample log:

tomh (Mon Feb 13 08:43:03 1995) <cu1200, , > call aborted
tomh (Tue Mar 14 16:05:00 1995) <a9600, , /dev/cua> call completed
carol (Tue Mar 14 18:08:33 1995) <mit, 2531000, /dev/cua> call completed

In the first two cases, the user tomh connected directly to the modem. In these cases, the phone number dialed was not recorded.

Many modems can be put into command mode by sending them a special “escape sequence.” Although you can disable this feature, many sites do not. In those cases, there is no way to be sure if the phone numbers listed in the aculog are, in fact, the phone numbers that were called by your particular user. You also do not have any detailed information about how long each call was.

Some versions of Unix record attempts to use the su command to become the superuser by printing to the console (and therefore to the messages log file). In addition, some versions specially log su attempts to the log file sulog.

Under some versions of