Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: is it possible to check logs in UNIX who deleted the files?
Top Forums UNIX for Dummies Questions & Answers is it possible to check logs in UNIX who deleted the files? Post 302125704 by matrixmadhan on Friday 6th of July 2007 01:04:06 PM
Old 07-06-2007
Unless you have a wrapper to delete command which logs the information of who deleted it and what time and other information, there is no way to identify that.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

how to recover deleted files in unix

Hi Experts, by mistake i deleted some files that are very important to the project. is there any way that i can recover those files,there is no backup for that but the details of the file we know. This will be a great help. Thanks (5 Replies)
Discussion started by: namishtiwari
5 Replies

2. Shell Programming and Scripting

How to check whether logs are updating or not?

how to check whether logs are updating or not in unix is there any built in command or function ? (1 Reply)
Discussion started by: mail2sant
1 Replies

3. Solaris

logs to check

Hi all i want to know what are the logs we need to check when the server is down and how to resolve to make server UP? please help me with this (8 Replies)
Discussion started by: vkav
8 Replies

4. Shell Programming and Scripting

Script to check logs

I have 5 log files under different directores . say for eg abc under /home/dir1 , xyz under home/dir2 . is there a script that i can run from say /home that searchers all these files for string or combination of strings and write to a file eg search file by timestamp|keyword o/p in a file (6 Replies)
Discussion started by: Nevergivup
6 Replies

5. UNIX for Dummies Questions & Answers

Check for updation/error/stuck of logs

Hi All, I'm a newbie in Linux Programming.:) Got some 500 processes running and I have around 20-30 logs updating for every 2mins on a server. The logs which i'm referring usually contains book name,run ids(not PID's),process name etc etc. I'm interested in finding out whether some particular... (1 Reply)
Discussion started by: Nand Kishor
1 Replies

6. Shell Programming and Scripting

Need to check logs

I have nearly 25+ tail commands which we need to verify the logs if there is any errors on current or previous date with time. I need this to be automate and send email to me with details. Please help me on this. (5 Replies)
Discussion started by: Nasir HussainSM
5 Replies

7. Shell Programming and Scripting

Any utility or tool to check logs

HI, In our project daily we need to check for some errors in around 45-50 folders. Please let me know if there is any utility tool using which 1 can check each folder and file for error. Use: Monday we are checking if there were any error in files generated on Monday Tuesday to Wednesday we... (7 Replies)
Discussion started by: ankush_mehra
7 Replies

8. Shell Programming and Scripting

Script to check response time from nginx logs

Hi, My goal is to monitor the response time from the access logs of nginx server. I am using gawk to print the needed fields - 'response time' and 'name of the service' from nginx logs. Command: gawk '($6 ~ /cloudservice/) {print $10, $6}' access.log Output: 0.645 /nc/cloudservice... (6 Replies)
Discussion started by: nshah11
6 Replies

9. Shell Programming and Scripting

To check if a file is open and in use (logs are being written to it)

Hello Experts, I need to write a shell script to check if a file is open and something is being written to it. I want to know how OS handles it. I checked with lsof command but it is not working. For a test I did this. while true; do echo `date` >>abc.txt; done then I checked lsof |... (5 Replies)
Discussion started by: shekhar_4_u
5 Replies

10. UNIX for Advanced & Expert Users

How to list deleted files in UNIX?

Hi All, Its an interview question. I just want to know the answer of below question. 1) How to list deleted files in unix (13 Replies)
Discussion started by: pspriyanka
13 Replies

LEARN ABOUT OSX

wtmp

UTMP(5) 						      BSD File Formats Manual							   UTMP(5)

NAME

     utmp, wtmp, lastlog -- login records (DEPRECATED)

SYNOPSIS

     #include <utmp.h>

DESCRIPTION

     The interfaces in file <utmp.h> are all DEPRECATED and are only provided for compatibility with previous releases of Mac OS X.  See
     pututxline(3) and utmpx(5) for the supported interfaces.

     <utmp.h> declares the structures used to record information about current users in the file utmp, logins and logouts in the file wtmp, and
     last logins in the file lastlog.  The time stamps of date changes, shutdowns and reboots are also logged in the wtmp file.

     These files can grow rapidly on busy systems, daily or weekly rotation is recommended.  If any of these files do not exist, it is not cre-
     ated.  These files must be created manually and are normally maintained in either the script /etc/daily or the script /etc/weekly.  (See
     cron(8).)

	   #define _PATH_UTMP	   "/var/run/utmp"
	   #define _PATH_WTMP	   "/var/log/wtmp"
	   #define _PATH_LASTLOG   "/var/log/lastlog"

	   #define UT_NAMESIZE	   8
	   #define UT_LINESIZE	   8
	   #define UT_HOSTSIZE	   16

	   struct lastlog {
		   time_t  ll_time;
		   char    ll_line[UT_LINESIZE];
		   char    ll_host[UT_HOSTSIZE];
	   };

	   struct utmp {
		   char    ut_line[UT_LINESIZE];
		   char    ut_name[UT_NAMESIZE];
		   char    ut_host[UT_HOSTSIZE];
		   time_t  ut_time;
	   };

     Each time a user logs in, the login program looks up the user's UID in the file lastlog. If it is found, the timestamp of the last time the
     user logged in, the terminal line and the hostname are written to the standard output. (Providing the login is not quiet, see login(1).)  The
     login program then records the new login time in the file lastlog.

     After the new lastlog record is written , the file utmp is opened and the utmp record for the user inserted.  This record remains there until
     the user logs out at which time it is deleted.  The utmp file is used by the programs rwho(1), users(1), w(1), and who(1).

     Next, the login program opens the file wtmp, and appends the user's utmp record.  The same utmp record, with an updated time stamp is later
     appended to the file when the user logs out. (See launchd(8).)  The wtmp file is used by the programs last(1) and ac(8).

     In the event of a date change, a shutdown or reboot, the following items are logged in the wtmp file.

     reboot
     shutdown	 A system reboot or shutdown has been initiated.  The character '~' is placed in the field ut_line, and reboot or shutdown in the
		 field ut_name.  (See shutdown(8) and reboot(8).)

     date	 The system time has been manually or automatically updated.  (See date(1).)  The command name date is recorded in the field
		 ut_name.  In the field ut_line, the character '|' indicates the time prior to the change, and the character '{' indicates the new
		 time.

FILES

     (These files no longer exist in 10.5 or later.)

     /var/run/utmp     The utmp file.
     /var/log/wtmp     The wtmp file.
     /var/log/lastlog  The lastlog file.

SEE ALSO

     last(1), login(1), who(1), ac(8), launchd(8)

HISTORY

     A utmp and wtmp file format appeared in Version 6 AT&T UNIX.  The lastlog file format appeared in 3.0BSD.

4th Berkeley Distribution					  March 17, 1994					 4th Berkeley Distribution
All times are GMT -4. The time now is 06:54 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy