Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

deletion of a directory

Status
Not open for further replies.

aixchild

Technical User
Nov 14, 2008
32
GB
how can you find out who deleted a directory ?

thanks in advance
 
Simple, it's always Mr Nobody isn't it?

Seriously, I'm not too sure whether there are any auditing tools on AIX which would gather that info. You could always try collecting all .sh_history (or equivalent) files up and examine them for evidence, if the trail goes back that far. Do you have a backup of the deleted directory?

The internet - allowing those who don't know what they're talking about to have their say.
 
we restored it more or less straight away.

we've checked .sh_history files and other logs (for the app being used), but to no avail

thanks
 
Depends how it got deleted ie whether it was a user of a program.

If it was a user then with full auditing turned on you could check.

[#][/audit]> auditpr -h e,l,r,t,R,c < trail|more
event login real time status command
------------------------------------------------------------------------------
FS_Chdir root root Tue Oct 05 12:58:26 2004 OK ksh
FILE_Unlink root root Tue Oct 05 12:59:03 2004 OK vi
FILE_Unlink root root Tue Oct 05 12:59:12 2004 OK vi
FS_Chdir root root Tue Oct 05 12:59:34 2004 OK ksh
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top